openSUSE Security Announce
Threads by month
- ----- 2024 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
October 2022
- 1 participants
- 107 discussions
openSUSE-SU-2022:10183-1: moderate: Security update for pyenv
by opensuse-security@opensuse.org 31 Oct '22
by opensuse-security@opensuse.org 31 Oct '22
31 Oct '22
openSUSE Security Update: Security update for pyenv
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10183-1
Rating: moderate
References: #1201582
Cross-References: CVE-2022-35861
CVSS scores:
CVE-2022-35861 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for pyenv fixes the following issues:
Update to 2.3.5
- Add CPython 3.10.7 by @edgarrmondragon in #2454
- Docs: update Fish PATH update by @gregorias in #2449
- Add CPython 3.7.14, 3.8.14 and 3.9.14 by @edgarrmondragon in #2456
- Update miniconda3-3.9-4.12.0 by @Tsuki in #2460
- Add CPython 3.11.0rc2 by @ViktorHaag in #2459
- Add patches for 3.7.14 to support Apple Silicon by @samdoran in #2463
- Add ability to easily skip all use of Homebrew by @samdoran in #2464
- Drop Travis integration by @sobolevn in #2468
- Build CPython 3.12+ with --with-dsymutil in MacOS by @native-api in #2471
- Add Pyston 2.3.5 by @scop in #2476 Full Changelog:
https://github.com/pyenv/pyenv/compare/v2.3.4...v2.3.5
Update to 2.3.4
- Add CPython 3.11.0rc1 by @edgarrmondragon in #2434
- Add support for multiple versions in pyenv uninstall by @hardikpnsp in
#2432
- Add micropython 1.18 and 1.19.1 by @dmitriy-serdyuk in #2443
- CI: support Micropython, deleted scripts; build with -v by @native-api
in #2447
- Re-allow paths in .python-version while still preventing CVE-2022-35861
by @comrumino in #2442
- CI: Bump OS versions by @native-api in #2448
- Add Cinder 3.8 by @filips123 in #2433
- Add support for multiple versions in pyenv uninstall in #2432
- Add micropython 1.18 and 1.19.1 in #2443
- Add Cinder 3.8 in #2433
Update to 2.3.3
- Use version sort in pyenv versions by @fofoni in #2405
- Add CPython 3.11.0b4 by @majorgreys in #2411
- Python-build: Replace deprecated git protocol use with https in docs by
@ssbarnea in #2413
- Fix relative path traversal due to using version string in path by
@comrumino in #2412
- Allow pypy2 and pypy3 patching by @brogon in #2421, #2419
- Add CPython 3.11.0b5 by @edgarrmondragon in #2420
- Add GraalPython 22.2.0 by @msimacek in #2425
- Add CPython 3.10.6 by @edgarrmondragon in #2428
- Add CPython 3.11.0b4 by @majorgreys in #2411
- Replace deprecated git protocol use with https by @ssbarnea in docs #2413
- Fix relative path traversal due to using version string in path by
@comrumino in #2412
- Fix patterns for pypy2.*/pypy3.* versions by @brogon in #2419
Update to 2.3.2
- Add CPython 3.11.0b2 by @saaketp in #2380
- Honor CFLAGS_EXTRA for MicroPython #2006 by @yggdr in #2007
- Add post-install checks for curses, ctypes, lzma, and tkinter by
@aphedges in #2353
- Add CPython 3.11.0b3 by @edgarrmondragon in #2382
- Add flags for Homebrew into python-config --ldflags by @native-api in
#2384
- Add CPython 3.10.5 by @illia-v in #2386
- Add Anaconda 2019.10, 2021.04, 2022.05; support Anaconda in
add_miniconda.py by @native-api in #2385
- Add Pyston-2.3.4 by @dand-oss in #2390
- Update Anaconda3-2022.05 MacOSX arm64 md5 by @bkbncn in #2391
- Fix boo#1201582 to fix CVE-2022-35861 (from commit 22fa683, file
pyenv-CVE-2022-35861.patch)
Update to 2.3.0
- Bump openssl 1.1 to 1.1.1n for CPython 3.7 3.8 3.9 by @tuzi3040 in #2276
- Doc Fix: Escape a hash character causing unwanted GitHub Issue linking
by @edrogers in #2282
- Add CPython 3.9.12 by @saaketp in #2296
- Add CPython 3.10.4 by @saaketp in #2295
- Add patch for 3.6.15 to support Xcode 13.3 by @nshine in #2288
- Add patch for 3.7.12 to support Xcode 13.3 by @samdoran in #2292
- Add CONTRIBUTING.md by @native-api in #2287
- Add PyPy 7.3.9 release 2022-03-30 by @dand-oss in #2308
- Add Pyston 2.3.3 by @scop in #2316
- Add CPython 3.11.0a7 by @illia-v in #2315
- Add "nogil" Python v3.9.10 by @colesbury in #2342
- Support XCode 13.3 in all releases that officially support MacOS 11 by
@native-api in #2344
- Add GraalPython 22.1.0 by @msimacek in #2346
- Make PYENV_DEBUG imply -v for pyenv install by @native-api in #2347
- Simplify init scheme by @native-api in #2310
- Don't use Homebrew outside of MacOS by @native-api in #2349
- Add :latest syntax to documentation for the install command by @hay in
#2351
Update to 2.2.5
- fix issue 2236 for CPython 3.6.15 and 3.7.12 by @fofoni in #2237
- python-build: add URL for get-pip for Python 3.6 by @fofoni in #2238
- Add pyston-2.3.2 by @dmrlawson in #2240
- CPython 3.11.0a5 by @saaketp in #2241
- CPython 3.11.0a6 by @saaketp in #2266
- Add miniconda 4.11.0 by @aphedges in #2268
- docs(pyenv-prefix): note support for multiple versions by @scop in #2270
- pypy 7.3.8 02/20/2022 release by @dand-oss in #2253
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10183=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
pyenv-2.3.5-bp154.2.3.1
- openSUSE Backports SLE-15-SP4 (noarch):
pyenv-bash-completion-2.3.5-bp154.2.3.1
pyenv-fish-completion-2.3.5-bp154.2.3.1
pyenv-zsh-completion-2.3.5-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-35861.html
https://bugzilla.suse.com/1201582
1
0
SUSE-SU-2022:3820-1: moderate: Security update for podman
by opensuse-security@opensuse.org 31 Oct '22
by opensuse-security@opensuse.org 31 Oct '22
31 Oct '22
SUSE Security Update: Security update for podman
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3820-1
Rating: moderate
References: #1202809
Cross-References: CVE-2022-2989
CVSS scores:
CVE-2022-2989 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2022-2989 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Containers 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for podman fixes the following issues:
- CVE-2022-2989: Fixed possible information disclosure and modification
(bsc#1202809).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3820=1
- SUSE Linux Enterprise Module for Containers 15-SP4:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3820=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3820=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
podman-3.4.7-150400.4.6.1
podman-debuginfo-3.4.7-150400.4.6.1
podman-remote-3.4.7-150400.4.6.1
podman-remote-debuginfo-3.4.7-150400.4.6.1
- openSUSE Leap 15.4 (noarch):
podman-cni-config-3.4.7-150400.4.6.1
podman-docker-3.4.7-150400.4.6.1
- SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64):
podman-3.4.7-150400.4.6.1
podman-debuginfo-3.4.7-150400.4.6.1
podman-remote-3.4.7-150400.4.6.1
podman-remote-debuginfo-3.4.7-150400.4.6.1
- SUSE Linux Enterprise Module for Containers 15-SP4 (noarch):
podman-cni-config-3.4.7-150400.4.6.1
podman-docker-3.4.7-150400.4.6.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
podman-3.4.7-150400.4.6.1
podman-debuginfo-3.4.7-150400.4.6.1
- SUSE Linux Enterprise Micro 5.3 (noarch):
podman-cni-config-3.4.7-150400.4.6.1
References:
https://www.suse.com/security/cve/CVE-2022-2989.html
https://bugzilla.suse.com/1202809
1
0
SUSE-SU-2022:3819-1: moderate: Security update for podman
by opensuse-security@opensuse.org 31 Oct '22
by opensuse-security@opensuse.org 31 Oct '22
31 Oct '22
SUSE Security Update: Security update for podman
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3819-1
Rating: moderate
References: #1202809
Cross-References: CVE-2022-2989
CVSS scores:
CVE-2022-2989 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2022-2989 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for podman fixes the following issues:
- CVE-2022-2989: Fixed possible information disclosure and modification
(bsc#1202809).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3819=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3819=1
- SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3819=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3819=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3819=1
- SUSE Enterprise Storage 7.1:
zypper in -t patch SUSE-Storage-7.1-2022-3819=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
podman-3.4.7-150300.9.12.1
podman-debuginfo-3.4.7-150300.9.12.1
- openSUSE Leap Micro 5.2 (noarch):
podman-cni-config-3.4.7-150300.9.12.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
podman-3.4.7-150300.9.12.1
- openSUSE Leap 15.3 (noarch):
podman-cni-config-3.4.7-150300.9.12.1
- SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64):
podman-3.4.7-150300.9.12.1
- SUSE Linux Enterprise Module for Containers 15-SP3 (noarch):
podman-cni-config-3.4.7-150300.9.12.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
podman-3.4.7-150300.9.12.1
podman-debuginfo-3.4.7-150300.9.12.1
- SUSE Linux Enterprise Micro 5.2 (noarch):
podman-cni-config-3.4.7-150300.9.12.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
podman-3.4.7-150300.9.12.1
- SUSE Linux Enterprise Micro 5.1 (noarch):
podman-cni-config-3.4.7-150300.9.12.1
- SUSE Enterprise Storage 7.1 (aarch64 x86_64):
podman-3.4.7-150300.9.12.1
podman-debuginfo-3.4.7-150300.9.12.1
References:
https://www.suse.com/security/cve/CVE-2022-2989.html
https://bugzilla.suse.com/1202809
1
0
openSUSE-SU-2022:10179-1: important: Security update for jhead
by opensuse-security@opensuse.org 31 Oct '22
by opensuse-security@opensuse.org 31 Oct '22
31 Oct '22
openSUSE Security Update: Security update for jhead
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10179-1
Rating: important
References: #1204409
Cross-References: CVE-2022-41751
CVSS scores:
CVE-2022-41751 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for jhead fixes the following issues:
- CVE-2022-41751: Fixed shell injection via filenames (boo#1204409)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10179=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
jhead-3.06.0.1-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-41751.html
https://bugzilla.suse.com/1204409
1
0
openSUSE-SU-2022:10181-1: important: Security update for opera
by opensuse-security@opensuse.org 31 Oct '22
by opensuse-security@opensuse.org 31 Oct '22
31 Oct '22
openSUSE Security Update: Security update for opera
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10181-1
Rating: important
References:
Cross-References: CVE-2022-3445 CVE-2022-3446 CVE-2022-3447
CVE-2022-3448 CVE-2022-3449 CVE-2022-3450
Affected Products:
openSUSE Leap 15.3:NonFree
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for opera fixes the following issues:
Update to 92.0.4561.21
- CHR-9037 Update chromium on desktop-stable-106-4561 to 106.0.5249.119
- DNA-102295 Missing GX.games section in settings
- DNA-102308 Presubmit errors
- DNA-102329 [Consent flow] clicking on "Customize settings" doesn't
resize the popup
- DNA-102340 Sidebar control panel doesn't hide
- DNA-102348 Replace old Dify url with a new one
- DNA-102430 Translations for O92
- DNA-102534 Allow staging RH Agent extension to use VPN Pro API
- DNA-102548 Rich hints extension crashes on Linux
- DNA-102551 Promote O92 to stable
- Complete Opera 92.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-92/
- The update to chromium 106.0.5249.119 fixes following issues:
CVE-2022-3445, CVE-2022-3446, CVE-2022-3447, CVE-2022-3448,
CVE-2022-3449, CVE-2022-3450
Update to 91.0.4516.77
- DNA-101988 Implement dark mode for consent flow popups
- DNA-102348 Replace old Dify url with a new one
Update to 91.0.4516.65
- DNA-101240 Save ���remind in 3 days��� setting
- DNA-101622 Add a way to check if browser is connected to webenv
- DNA-101838 Unfiltered dropdown disabled by default on stable
- DNA-101990 Boost sites into top sites
- DNA-101998 flag tiktok-panel doesn���t work
- DNA-102075 Crash at extensions::ExtensionApiFrameIdMap::
OnRenderFrameDeleted(content::RenderFrameHost*)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:NonFree:
zypper in -t patch openSUSE-2022-10181=1
Package List:
- openSUSE Leap 15.3:NonFree (x86_64):
opera-92.0.4561.21-lp153.2.66.1
References:
https://www.suse.com/security/cve/CVE-2022-3445.html
https://www.suse.com/security/cve/CVE-2022-3446.html
https://www.suse.com/security/cve/CVE-2022-3447.html
https://www.suse.com/security/cve/CVE-2022-3448.html
https://www.suse.com/security/cve/CVE-2022-3449.html
https://www.suse.com/security/cve/CVE-2022-3450.html
1
0
openSUSE-SU-2022:10178-1: important: Security update for jhead
by opensuse-security@opensuse.org 31 Oct '22
by opensuse-security@opensuse.org 31 Oct '22
31 Oct '22
openSUSE Security Update: Security update for jhead
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10178-1
Rating: important
References: #1204409
Cross-References: CVE-2022-41751
CVSS scores:
CVE-2022-41751 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for jhead fixes the following issues:
- CVE-2022-41751: Fixed shell injection via filenames (boo#1204409)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10178=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
jhead-3.00-bp153.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-41751.html
https://bugzilla.suse.com/1204409
1
0
openSUSE-SU-2022:10182-1: important: Security update for opera
by opensuse-security@opensuse.org 31 Oct '22
by opensuse-security@opensuse.org 31 Oct '22
31 Oct '22
openSUSE Security Update: Security update for opera
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10182-1
Rating: important
References:
Cross-References: CVE-2022-3445 CVE-2022-3446 CVE-2022-3447
CVE-2022-3448 CVE-2022-3449 CVE-2022-3450
Affected Products:
openSUSE Leap 15.4:NonFree
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for opera fixes the following issues:
Update to 92.0.4561.21
- CHR-9037 Update chromium on desktop-stable-106-4561 to 106.0.5249.119
- DNA-102295 Missing GX.games section in settings
- DNA-102308 Presubmit errors
- DNA-102329 [Consent flow] clicking on "Customize settings" doesn't
resize the popup
- DNA-102340 Sidebar control panel doesn't hide
- DNA-102348 Replace old Dify url with a new one
- DNA-102430 Translations for O92
- DNA-102534 Allow staging RH Agent extension to use VPN Pro API
- DNA-102548 Rich hints extension crashes on Linux
- DNA-102551 Promote O92 to stable
- Complete Opera 92.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-92/
- The update to chromium 106.0.5249.119 fixes following issues:
CVE-2022-3445, CVE-2022-3446, CVE-2022-3447, CVE-2022-3448,
CVE-2022-3449, CVE-2022-3450
Update to 91.0.4516.77
- DNA-101988 Implement dark mode for consent flow popups
- DNA-102348 Replace old Dify url with a new one
Update to 91.0.4516.65
- DNA-101240 Save ���remind in 3 days��� setting
- DNA-101622 Add a way to check if browser is connected to webenv
- DNA-101838 Unfiltered dropdown disabled by default on stable
- DNA-101990 Boost sites into top sites
- DNA-101998 flag tiktok-panel doesn���t work
- DNA-102075 Crash at extensions::ExtensionApiFrameIdMap::
OnRenderFrameDeleted(content::RenderFrameHost*)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:NonFree:
zypper in -t patch openSUSE-2022-10182=1
Package List:
- openSUSE Leap 15.4:NonFree (x86_64):
opera-92.0.4561.21-lp154.2.26.1
References:
https://www.suse.com/security/cve/CVE-2022-3445.html
https://www.suse.com/security/cve/CVE-2022-3446.html
https://www.suse.com/security/cve/CVE-2022-3447.html
https://www.suse.com/security/cve/CVE-2022-3448.html
https://www.suse.com/security/cve/CVE-2022-3449.html
https://www.suse.com/security/cve/CVE-2022-3450.html
1
0
openSUSE-SU-2022:10177-1: important: Security update for chromium
by opensuse-security@opensuse.org 31 Oct '22
by opensuse-security@opensuse.org 31 Oct '22
31 Oct '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10177-1
Rating: important
References: #1204732 #1204819
Cross-References: CVE-2022-3652 CVE-2022-3653 CVE-2022-3654
CVE-2022-3655 CVE-2022-3656 CVE-2022-3657
CVE-2022-3658 CVE-2022-3659 CVE-2022-3660
CVE-2022-3661 CVE-2022-3723
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 107.0.5304.87 (boo#1204819)
* CVE-2022-3723: Type Confusion in V8
Chromium 107.0.5304.68 (boo#1204732)
* CVE-2022-3652: Type Confusion in V8
* CVE-2022-3653: Heap buffer overflow in Vulkan
* CVE-2022-3654: Use after free in Layout
* CVE-2022-3655: Heap buffer overflow in Media Galleries
* CVE-2022-3656: Insufficient data validation in File System
* CVE-2022-3657: Use after free in Extensions
* CVE-2022-3658: Use after free in Feedback service on Chrome OS
* CVE-2022-3659: Use after free in Accessibility
* CVE-2022-3660: Inappropriate implementation in Full screen mode
* CVE-2022-3661: Insufficient data validation in Extensions
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10177=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-107.0.5304.87-bp153.2.133.1
chromedriver-debuginfo-107.0.5304.87-bp153.2.133.1
chromium-107.0.5304.87-bp153.2.133.1
chromium-debuginfo-107.0.5304.87-bp153.2.133.1
References:
https://www.suse.com/security/cve/CVE-2022-3652.html
https://www.suse.com/security/cve/CVE-2022-3653.html
https://www.suse.com/security/cve/CVE-2022-3654.html
https://www.suse.com/security/cve/CVE-2022-3655.html
https://www.suse.com/security/cve/CVE-2022-3656.html
https://www.suse.com/security/cve/CVE-2022-3657.html
https://www.suse.com/security/cve/CVE-2022-3658.html
https://www.suse.com/security/cve/CVE-2022-3659.html
https://www.suse.com/security/cve/CVE-2022-3660.html
https://www.suse.com/security/cve/CVE-2022-3661.html
https://www.suse.com/security/cve/CVE-2022-3723.html
https://bugzilla.suse.com/1204732
https://bugzilla.suse.com/1204819
1
0
SUSE-SU-2022:3809-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 31 Oct '22
by opensuse-security@opensuse.org 31 Oct '22
31 Oct '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3809-1
Rating: important
References: #1023051 #1065729 #1152489 #1156395 #1177471
#1179722 #1179723 #1181862 #1185032 #1191662
#1191667 #1191881 #1192594 #1194023 #1194272
#1194535 #1196444 #1197158 #1197659 #1197755
#1197756 #1197757 #1197760 #1197763 #1197920
#1198971 #1199291 #1200288 #1200313 #1200431
#1200622 #1200845 #1200868 #1200869 #1200870
#1200871 #1200872 #1200873 #1201019 #1201309
#1201310 #1201420 #1201489 #1201610 #1201705
#1201726 #1201865 #1201948 #1201990 #1202095
#1202096 #1202097 #1202341 #1202346 #1202347
#1202385 #1202393 #1202396 #1202447 #1202577
#1202636 #1202638 #1202672 #1202677 #1202701
#1202708 #1202709 #1202710 #1202711 #1202712
#1202713 #1202714 #1202715 #1202716 #1202717
#1202718 #1202720 #1202722 #1202745 #1202756
#1202810 #1202811 #1202860 #1202895 #1202898
#1202960 #1202984 #1203063 #1203098 #1203107
#1203117 #1203135 #1203136 #1203137 #1203159
#1203290 #1203389 #1203410 #1203424 #1203514
#1203552 #1203622 #1203737 #1203769 #1203770
#1203802 #1203906 #1203909 #1203935 #1203939
#1203987 #1203992 #1204051 #1204059 #1204060
#1204125 PED-529 SLE-24635
Cross-References: CVE-2016-3695 CVE-2020-16119 CVE-2020-27784
CVE-2021-4155 CVE-2021-4203 CVE-2022-20368
CVE-2022-20369 CVE-2022-2503 CVE-2022-2586
CVE-2022-2588 CVE-2022-26373 CVE-2022-2663
CVE-2022-2905 CVE-2022-2977 CVE-2022-3028
CVE-2022-3169 CVE-2022-32296 CVE-2022-3239
CVE-2022-3303 CVE-2022-36879 CVE-2022-39188
CVE-2022-39190 CVE-2022-40768 CVE-2022-41218
CVE-2022-41222 CVE-2022-41674 CVE-2022-41848
CVE-2022-41849 CVE-2022-42719 CVE-2022-42720
CVE-2022-42721 CVE-2022-42722
CVSS scores:
CVE-2016-3695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2016-3695 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-27784 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-27784 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2021-4155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-2905 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2905 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-32296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39190 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39190 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Realtime 15-SP3
SUSE Linux Enterprise Real Time 15-SP3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves 32 vulnerabilities, contains two
features and has 84 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in
drivers/acpi/apei/einj.c that allowed users to simulate hardware errors
and consequently cause a denial of service (bnc#1023051).
- CVE-2020-16119: Fixed a use-after-free due to reuse of a DCCP socket
with an attached dccps_hc_tx_ccid object as a listener after being
released (bnc#1177471).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl()
printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way
XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-2503: Fixed a LoadPin bypass in Dm-verity (bnc#1202677).
- CVE-2022-2586: Fixed issue in netfilter that allowed CHAIN_ID to refer
to another table (bsc#1202095).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
the message handling could be confused and incorrectly matches the
message (bnc#1202097).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke
descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-3169: Fixed a denial of service that resulted in a PCIe link
disconnect (bnc#1203290).
- CVE-2022-32296: Fixed issue where TCP servers were able to identify
clients by observing what source ports are used (bnc#1200288).
- CVE-2022-3239: Fixed a use-after-free in the video4linux driver
(bnc#1203552).
- CVE-2022-3303: Fixed a race at SNDCTL_DSP_SYNC (bsc#1203769).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
- CVE-2022-39190: Fixed an issue that was discovered in
net/netfilter/nf_tables_api.c and could cause a denial of service upon
binding to an already bound chain (bnc#1203117).
- CVE-2022-40768: Fixed information leak in drivers/scsi/stex.c due to
stex_queuecommand_lck lack a memset for the PASSTHRU_CMD case
(bnc#1203514).
- CVE-2022-41218: Fixed a use-after-free due to refcount races at
releasing (bsc#1202960).
- CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap
lock is not held during a PUD move (bnc#1203622).
- CVE-2022-41674: Fixed a DoS issue where kernel can crash on the
reception of specific WiFi Frames (bsc#1203770).
- CVE-2022-41848: Fixed a use-after-free in mgslpc_ops (bsc#1203987).
- CVE-2022-41849: Fixed a use-after-free in ufx_ops_open() (bsc#1203992).
- CVE-2022-42719: Fixed MBSSID parsing use-after-free (bsc#1204051).
- CVE-2022-42720: Fixed BSS refcounting bugs (bsc#1204059).
- CVE-2022-42721: Avoid nontransmitted BSS list corruption (bsc#1204060).
- CVE-2022-42722: Fixed crash in beacon protection for P2P-device
(bsc#1204125).
The following non-security bugs were fixed:
- Fixed parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- acpi: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
(git-fixes).
- acpi: LPSS: Fix missing check in register_device_clock() (git-fixes).
- acpi: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- acpi: processor idle: Practically limit "Dummy wait" workaround to old
Intel systems (bnc#1203802).
- acpi: processor: Remove freq Qos request for all CPUs (git-fixes).
- acpi: property: Return type of acpi_add_nondev_subnodes() should be bool
(git-fixes).
- acpi: video: Force backlight native for some TongFang devices
(git-fixes).
- alsa: aloop: Fix random zeros in capture data when using jiffies timer
(git-fixes).
- alsa: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- alsa: emu10k1: Fix out of bounds access in
snd_emu10k1_pcm_channel_alloc() (git-fixes).
- alsa: hda/cirrus - support for iMac 12,1 model (git-fixes).
- alsa: hda/conexant: Add quirk for LENOVO 20149 Notebook model
(git-fixes).
- alsa: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
(git-fixes).
- alsa: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
- alsa: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- alsa: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- alsa: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- alsa: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- alsa: hda/realtek: Add quirk for HP Dev One (git-fixes).
- alsa: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- alsa: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- alsa: hda/realtek: Add quirk for TongFang devices with pop noise
(git-fixes).
- alsa: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- alsa: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
- alsa: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
(git-fixes).
- alsa: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- alsa: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- alsa: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
- alsa: hda/realtek: Re-arrange quirk table entries (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine
(git-fixes).
- alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP
machines (git-fixes).
- alsa: hda/sigmatel: Fix unused variable warning for beep power change
(git-fixes).
- alsa: hda/sigmatel: Keep power up while beep is enabled (git-fixes).
- alsa: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- alsa: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- alsa: info: Fix llseek return value when using callback (git-fixes).
- alsa: seq: Fix data-race at module auto-loading (git-fixes).
- alsa: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- alsa: usb-audio: Fix an out-of-bounds bug in
__snd_usb_parse_audio_interface() (git-fixes).
- alsa: usb-audio: Inform the delayed registration more properly
(git-fixes).
- alsa: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
(git-fixes).
- alsa: usb-audio: Register card again for iface over delayed_register
option (git-fixes).
- alsa: usb-audio: Split endpoint setups for hw_params and prepare
(git-fixes).
- alsa: usb-audio: fix spelling mistakes (git-fixes).
- arm64/mm: Validate hotplug range before creating linear mapping
(git-fixes)
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
(git-fixes)
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id
(git-fixes)
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to
(bsc#1202341)
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
(git-fixes)
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- arm64: kexec_file: use more system keyrings to verify kernel image
signature (bsc#1196444).
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- arm64: mm: fix p?d_leaf() (git-fixes)
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds
(git-fixes)
- arm64: signal: nofpsimd: Do not allocate fp/simd context when not
available (git-fixes).
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- arm: 9077/1: PLT: Move struct plt_entries definition to header
(git-fixes).
- arm: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
(git-fixes).
- arm: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- arm: 9098/1: ftrace: MODULE_PLT: Fix build problem without
DYNAMIC_FTRACE (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- asoc: SOF: debug: Fix potential buffer overflow by snprintf()
(git-fixes).
- asoc: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- asoc: codecs: da7210: add check for i2c_add_driver (git-fixes).
- asoc: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
(git-fixes).
- asoc: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- asoc: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
(git-fixes).
- asoc: nau8824: Fix semaphore unbalance at error paths (git-fixes).
- asoc: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- asoc: tas2770: Allow mono streams (git-fixes).
- asoc: tas2770: Reinit regcache on reset (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- blk-iocost: clamp inuse and skip noops in __propagate_weights()
(bsc#1202722).
- blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).
- blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).
- blk-iocost: rename propagate_active_weights() to propagate_weights()
(bsc#1202722).
- blktrace: fix blk_rq_merge documentation (git-fixes).
- bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- bpf: Compile out btf_parse_module() if module BTF is not enabled
(git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition
(git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).
- ceph: do not truncate file in atomic_open (bsc#1202811).
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- cgroup: Use separate src/dst nodes when preloading css_sets for
migration (bsc#1201610).
- cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
(bsc#1203906).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
(git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
(git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from the PHY
(git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral
(git-fixes).
- drm/amd/display: Limit user regamma to a valid value (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains (git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
- drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
- drm/amdgpu: remove useless condition in
amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations()
error (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
- drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
(git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
(git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- drm/radeon: add a force flush to delay work when radeon (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes
(git-fixes).
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as
other kernel binary packages there is no need to carry duplicate sources
in dtb packages.
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
(git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).
- ext4: fix overhead calculation to account for the reserved gdt blocks
(bsc#1200869).
- ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no
sense (bsc#1200870).
- ext4: recover csum seed of tmp_inode after migrating to extents
(bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
(git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area
(git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped
pages (bsc#1200873).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace
is dead (git-fixes).
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
(git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- hid: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
(git-fixes).
- hid: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
- hid: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
(git-fixes).
- hid: wacom: Do not register pad_input for touch switch (git-fixes).
- hid: wacom: Only report rotation for art pen (git-fixes).
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info
(bsc#1202701).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- ice: report supported and advertised autoneg using PHY capabilities
(git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is configured
(bsc#1203737).
- input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
- input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(git-fixes).
- input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- input: rk805-pwrkey - fix module autoloading (git-fixes).
- input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement
(git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
(git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly
(git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference
(git-fixes).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
(git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal
aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in
jbd2_journal_commit_transaction() (bsc#1202715).
- jfs: fix GPF in diFree (bsc#1203389).
- jfs: fix memleak in jfs_mount (git-fixes).
- jfs: more checks for invalid superblock (git-fixes).
- jfs: prevent NULL deref in diFree (bsc#1203389).
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- kabi: cgroup: Restore KABI of css_set (bsc#1201610).
- kbuild: do not create built-in objects for external module builds
(jsc#SLE-24559 bsc#1202756).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862
git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- kernel-source: include the kernel signature file We assume that the
upstream tarball is used for released kernels. Then we can also include
the signature file and keyring in the kernel-source src.rpm. Because of
mkspec code limitation exclude the signature and keyring from binary
packages always - mkspec does not parse spec conditionals.
- kexec, KEYS, s390: Make use of built-in and secondary keyring for
signature verification (bsc#1196444).
- kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: do not verify the signature without the lockdown or mandatory
signature (bsc#1203737).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
(bsc#1196444).
- kexec_file: drop weak attribute from functions (bsc#1196444).
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- kvm: PPC: Book3S HV: Context tracking exit guest context before enabling
irqs (bsc#1065729).
- kvm: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
(bsc#1156395).
- kvm: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
(bsc#1156395).
- kvm: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- kvm: PPC: Use arch_get_random_seed_long instead of powernv variant
(bsc#1156395).
- kvm: VMX: Refuse to load kvm_intel if EPT and NX are disabled
(git-fixes).
- kvm: nVMX: Let userspace set nVMX MSR to any _host_ supported value
(git-fixes).
- kvm: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
(git-fixes).
- kvm: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
(git-fixes).
- kvm: x86: Mark TSS busy during LTR emulation _after_ all fault checks
(git-fixes).
- kvm: x86: Set error code to segment selector on LLDT/LTR non-canonical
#GP (git-fixes).
- kvm: x86: accept userspace interrupt only if no event is injected
(git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc()
(git-fixes).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
(git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- list: add "list_del_init_careful()" to go with "list_empty_careful()"
(bsc#1202745).
- locking/lockdep: Avoid potential access of invalid memory in lock_class
(git-fixes).
- loop: Fix missing discard support when using LOOP_CONFIGURE
(bsc#1202718).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md-raid10: fix KASAN warning (git-fixes).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- md: call __md_stop_writes in md_stop (git-fixes).
- md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
- media: aspeed-video: ignore interrupts that are not enabled (git-fixes).
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- media: coda: Fix reported H264 profile (git-fixes).
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- mkspec: eliminate @NOSOURCE@ macro This should be alsways used with
@SOURCES@, just include the content there.
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
bsc#1203159).
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock
(bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified beginning
(bsc#1201990).
- mmap locking API: add mmap_lock_is_contended() (bsc#1201990).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe()
(git-fixes).
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
(git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
(git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
(git-fixes).
- net/mlx5e: Check for needed capability for cvlan matching (git-fixes).
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: davinci_emac: Fix incorrect masking of tx and rx error channel
(git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- net: enetc: Use pci_release_region() to release some resources
(git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- net: ethernet: ezchip: fix error handling (git-fixes).
- net: ethernet: ezchip: remove redundant check (git-fixes).
- net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
(git-fixes).
- net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).
- net: fec_ptp: add clock rate zero check (git-fixes).
- net: hns: Fix kernel-doc (git-fixes).
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add support of XDP_REDIRECT action (bsc#1201310, jsc#PED-529).
- net: mana: Add the Linux MANA PF driver (bsc#1201309, jsc#PED-529).
- net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in
ethtool (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in
SIOCSHWTSTAMP (git-fixes).
- net: netcp: Fix an error message (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer (git-fixes).
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).
- net: stmmac: dwmac1000: Fix extended MAC address registers definition
(git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in
vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in
vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c
(bsc#1200431).
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
(git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent methods
(git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfs: fix nfs_path in case of a rename retry (git-fixes).
- nfsd: Add missing NFSv2 .pc_func methods (git-fixes).
- nfsd: Clamp WRITE offsets (git-fixes).
- nfsd: Fix offset type in I/O trace points (git-fixes).
- nfsd: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nfsd: prevent integer overflow on 32 bit systems (git-fixes).
- nfsd: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- nfsv4.1: Do not decrease the value of seq_nr_highest_sent (git-fixes).
- nfsv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
(git-fixes).
- nfsv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- nfsv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
(git-fixes).
- nfsv4: Fix races in the legacy idmapper upcall (git-fixes).
- nfsv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- nfsv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error
(git-fixes).
- ntb: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme: fix RCU hole that allowed for endless looping in multipath round
robin (bsc#1202636).
- nvmet: Expose max queues to configfs (bsc#1201865).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- ocfs2: drop acl cache for directories too (bsc#1191667).
- ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- of/device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
- padata: introduce internal padata_get/put_pd() helpers (bsc#1202638).
- padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638).
- parisc/sticon: fix reverse colors (bsc#1152489).
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489)
- pci/acpi: Guard ARM64-specific mcfg_quirks (git-fixes).
- pci: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- pci: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- pci: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- pci: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- pci: hv: Make the code arch neutral by adding arch specific interfaces
(bsc#1200845).
- pci: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- pci: hv: Reuse existing IRTE allocation in compose_msi_msg()
(bsc#1200845).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- perf bench: Share some global variables to fix build with gcc 10
(git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
(git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap
fixes (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for
PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot
(bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
(bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- profiling: fix shift too large makes kernel panic (git-fixes).
- psi: Fix uaf issue when psi trigger is destroyed while being polled
(bsc#1203909).
- qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness()
(git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- regulator: core: Clean up on enable failure (git-fixes).
- regulator: pfuze100: Fix the global-out-of-bounds access in
pfuze100_regulator_probe() (git-fixes).
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
(bsc#1202714).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config
(git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
We do the move only on 15.5+.
- rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and
print line are the same for both cases. The usrmerged case only ignores
more, so refactor it to make it more obvious.
- rpm/kernel-source.spec.in: simplify finding of broken symlinks "find
-xtype l" will report them, so use that to make the search a bit faster
(without using shell).
- s390/crash: fix incorrect number of bytes to copy to user space
(git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied
(git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE
(git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594
LTC#197522).
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode (bsc#1202984
LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984
LTC#199607).
- s390/qeth: set static link info during initialization (bsc#1202984
LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984
LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607).
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
(git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID
cases (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling
(bsc#1203939).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE
(bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload
(bsc#1203939).
- scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same
NPort ID (bsc#1203939).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for
GFT_ID (bsc#1203063).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT
discovery (bsc#1203063).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed
phba (bsc#1185032 bsc#1203939).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
(bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE
(bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential padding
(bsc#1203939).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency
(bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN Manager
application (bsc#1203939).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status
(bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()
(bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational
(bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading
stale packets" (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: sg: Allow waiting for commands to complete on removed device
(git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in
dw8250_tx_wait_empty() (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
(git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for tegra20 and
tegra30 (git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
(git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
(git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
(git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- struct ehci_hcd: hide new member (git-fixes).
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- sunrpc: Clean up scheduling of autoclose (git-fixes).
- sunrpc: Do not call connect() more than once on a TCP socket (git-fixes).
- sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- sunrpc: Do not leak sockets in xs_local_connect() (git-fixes).
- sunrpc: Fix READ_PLUS crasher (git-fixes).
- sunrpc: Fix misplaced barrier in call_decode (git-fixes).
- sunrpc: Prevent immediate close+reconnect (git-fixes).
- sunrpc: RPC level errors should set task->tk_rpc_status (git-fixes).
- sunrpc: Reinitialise the backchannel request buffers before reuse
(git-fixes).
- sunrpc: fix expiry of auth creds (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions
(git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
(git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
- tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data
(git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit
engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- usb.h: struct usb_device: hide new member (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- usb: core: Fix RST error in hub.c (git-fixes).
- usb: core: Prevent nested device-reset calls (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).
- usb: dwc3: disable USB core PHY management (git-fixes).
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
(git-fixes).
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation
(git-fixes).
- usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback
(git-fixes).
- usb: dwc3: gadget: Store resource index of start cmd (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings.
- usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
(git-fixes).
- usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of
uvcg_info (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: otg-fsm: Fix hrtimer list corruption (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- usb: serial: ch341: fix lost character on LCR updates (git-fixes).
- usb: serial: ch341: name prescaler, divisor registers (git-fixes).
- usb: serial: cp210x: add Decagon UCA device id (git-fixes).
- usb: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- usb: serial: option: add Quectel EM060K modem (git-fixes).
- usb: serial: option: add Quectel RM520N (git-fixes).
- usb: serial: option: add Quectel RM520N (git-fixes).
- usb: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
(git-fixes).
- usb: serial: option: add support for OPPO R11 diag port (git-fixes).
- usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP
receptacles (git-fixes).
- usb: typec: ucsi: Remove incorrect warning (git-fixes).
- usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes).
- usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes).
- usb: xhci-mtk: add some schedule error number (git-fixes).
- usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes).
- usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes).
- usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
(git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
(git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
(git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io()
(git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmci: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- vmci: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291,
jsc#SLE-24635).
- vmci: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC
(bsc#1199291, jsc#SLE-24635).
- vmci: Fix some error handling paths in vmci_guest_probe_device()
(bsc#1199291, jsc#SLE-24635).
- vmci: Release notification_bitmap in error path (bsc#1199291,
jsc#SLE-24635).
- vmci: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: add support for DMA datagrams receive (bsc#1199291,
jsc#SLE-24635).
- vmci: dma dg: add support for DMA datagrams sends (bsc#1199291,
jsc#SLE-24635).
- vmci: dma dg: allocate send and receive buffers for DMA datagrams
(bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: detect DMA datagram capability (bsc#1199291,
jsc#SLE-24635).
- vmci: dma dg: register dummy IRQ handlers for DMA datagrams
(bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: whitespace formatting change for vmci register defines
(bsc#1199291, jsc#SLE-24635).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support
(bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in
vsock_connect_timeout() (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in
armada_37xx_wdt_probe() (git-fixes).
- watchdog: wdat_wdt: Set the min and max timeout values properly
(bsc#1194023).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
(git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is
disconnected (git-fixes).
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- x86/bugs: Reenable retbleed=off While for older kernels the return
thunks are statically built in and cannot be dynamically patched out,
retbleed=off should still work so that it can be disabled.
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- x86/olpc: fix 'logical not is only applied to the left hand side'
(git-fixes).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: mark a data structure sick if there are cross-referencing errors
(git-fixes).
- xfs: only reset incore inode health state flags when reclaiming an inode
(git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3809=1
- SUSE Linux Enterprise Module for Realtime 15-SP3:
zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-3809=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3809=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3809=1
Package List:
- openSUSE Leap Micro 5.2 (x86_64):
kernel-rt-5.3.18-150300.106.1
kernel-rt-debuginfo-5.3.18-150300.106.1
kernel-rt-debugsource-5.3.18-150300.106.1
- SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch):
kernel-devel-rt-5.3.18-150300.106.1
kernel-source-rt-5.3.18-150300.106.1
- SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64):
cluster-md-kmp-rt-5.3.18-150300.106.1
cluster-md-kmp-rt-debuginfo-5.3.18-150300.106.1
dlm-kmp-rt-5.3.18-150300.106.1
dlm-kmp-rt-debuginfo-5.3.18-150300.106.1
gfs2-kmp-rt-5.3.18-150300.106.1
gfs2-kmp-rt-debuginfo-5.3.18-150300.106.1
kernel-rt-5.3.18-150300.106.1
kernel-rt-debuginfo-5.3.18-150300.106.1
kernel-rt-debugsource-5.3.18-150300.106.1
kernel-rt-devel-5.3.18-150300.106.1
kernel-rt-devel-debuginfo-5.3.18-150300.106.1
kernel-rt_debug-debuginfo-5.3.18-150300.106.1
kernel-rt_debug-debugsource-5.3.18-150300.106.1
kernel-rt_debug-devel-5.3.18-150300.106.1
kernel-rt_debug-devel-debuginfo-5.3.18-150300.106.1
kernel-syms-rt-5.3.18-150300.106.1
ocfs2-kmp-rt-5.3.18-150300.106.1
ocfs2-kmp-rt-debuginfo-5.3.18-150300.106.1
- SUSE Linux Enterprise Micro 5.2 (x86_64):
kernel-rt-5.3.18-150300.106.1
kernel-rt-debuginfo-5.3.18-150300.106.1
kernel-rt-debugsource-5.3.18-150300.106.1
- SUSE Linux Enterprise Micro 5.1 (x86_64):
kernel-rt-5.3.18-150300.106.1
kernel-rt-debuginfo-5.3.18-150300.106.1
kernel-rt-debugsource-5.3.18-150300.106.1
References:
https://www.suse.com/security/cve/CVE-2016-3695.html
https://www.suse.com/security/cve/CVE-2020-16119.html
https://www.suse.com/security/cve/CVE-2020-27784.html
https://www.suse.com/security/cve/CVE-2021-4155.html
https://www.suse.com/security/cve/CVE-2021-4203.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-2503.html
https://www.suse.com/security/cve/CVE-2022-2586.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2663.html
https://www.suse.com/security/cve/CVE-2022-2905.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-3169.html
https://www.suse.com/security/cve/CVE-2022-32296.html
https://www.suse.com/security/cve/CVE-2022-3239.html
https://www.suse.com/security/cve/CVE-2022-3303.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://www.suse.com/security/cve/CVE-2022-39190.html
https://www.suse.com/security/cve/CVE-2022-40768.html
https://www.suse.com/security/cve/CVE-2022-41218.html
https://www.suse.com/security/cve/CVE-2022-41222.html
https://www.suse.com/security/cve/CVE-2022-41674.html
https://www.suse.com/security/cve/CVE-2022-41848.html
https://www.suse.com/security/cve/CVE-2022-41849.html
https://www.suse.com/security/cve/CVE-2022-42719.html
https://www.suse.com/security/cve/CVE-2022-42720.html
https://www.suse.com/security/cve/CVE-2022-42721.html
https://www.suse.com/security/cve/CVE-2022-42722.html
https://bugzilla.suse.com/1023051
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1177471
https://bugzilla.suse.com/1179722
https://bugzilla.suse.com/1179723
https://bugzilla.suse.com/1181862
https://bugzilla.suse.com/1185032
https://bugzilla.suse.com/1191662
https://bugzilla.suse.com/1191667
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1192594
https://bugzilla.suse.com/1194023
https://bugzilla.suse.com/1194272
https://bugzilla.suse.com/1194535
https://bugzilla.suse.com/1196444
https://bugzilla.suse.com/1197158
https://bugzilla.suse.com/1197659
https://bugzilla.suse.com/1197755
https://bugzilla.suse.com/1197756
https://bugzilla.suse.com/1197757
https://bugzilla.suse.com/1197760
https://bugzilla.suse.com/1197763
https://bugzilla.suse.com/1197920
https://bugzilla.suse.com/1198971
https://bugzilla.suse.com/1199291
https://bugzilla.suse.com/1200288
https://bugzilla.suse.com/1200313
https://bugzilla.suse.com/1200431
https://bugzilla.suse.com/1200622
https://bugzilla.suse.com/1200845
https://bugzilla.suse.com/1200868
https://bugzilla.suse.com/1200869
https://bugzilla.suse.com/1200870
https://bugzilla.suse.com/1200871
https://bugzilla.suse.com/1200872
https://bugzilla.suse.com/1200873
https://bugzilla.suse.com/1201019
https://bugzilla.suse.com/1201309
https://bugzilla.suse.com/1201310
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201489
https://bugzilla.suse.com/1201610
https://bugzilla.suse.com/1201705
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201865
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1201990
https://bugzilla.suse.com/1202095
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202097
https://bugzilla.suse.com/1202341
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202385
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202396
https://bugzilla.suse.com/1202447
https://bugzilla.suse.com/1202577
https://bugzilla.suse.com/1202636
https://bugzilla.suse.com/1202638
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202677
https://bugzilla.suse.com/1202701
https://bugzilla.suse.com/1202708
https://bugzilla.suse.com/1202709
https://bugzilla.suse.com/1202710
https://bugzilla.suse.com/1202711
https://bugzilla.suse.com/1202712
https://bugzilla.suse.com/1202713
https://bugzilla.suse.com/1202714
https://bugzilla.suse.com/1202715
https://bugzilla.suse.com/1202716
https://bugzilla.suse.com/1202717
https://bugzilla.suse.com/1202718
https://bugzilla.suse.com/1202720
https://bugzilla.suse.com/1202722
https://bugzilla.suse.com/1202745
https://bugzilla.suse.com/1202756
https://bugzilla.suse.com/1202810
https://bugzilla.suse.com/1202811
https://bugzilla.suse.com/1202860
https://bugzilla.suse.com/1202895
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1202960
https://bugzilla.suse.com/1202984
https://bugzilla.suse.com/1203063
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203107
https://bugzilla.suse.com/1203117
https://bugzilla.suse.com/1203135
https://bugzilla.suse.com/1203136
https://bugzilla.suse.com/1203137
https://bugzilla.suse.com/1203159
https://bugzilla.suse.com/1203290
https://bugzilla.suse.com/1203389
https://bugzilla.suse.com/1203410
https://bugzilla.suse.com/1203424
https://bugzilla.suse.com/1203514
https://bugzilla.suse.com/1203552
https://bugzilla.suse.com/1203622
https://bugzilla.suse.com/1203737
https://bugzilla.suse.com/1203769
https://bugzilla.suse.com/1203770
https://bugzilla.suse.com/1203802
https://bugzilla.suse.com/1203906
https://bugzilla.suse.com/1203909
https://bugzilla.suse.com/1203935
https://bugzilla.suse.com/1203939
https://bugzilla.suse.com/1203987
https://bugzilla.suse.com/1203992
https://bugzilla.suse.com/1204051
https://bugzilla.suse.com/1204059
https://bugzilla.suse.com/1204060
https://bugzilla.suse.com/1204125
1
0
openSUSE-SU-2022:10180-1: important: Security update for chromium
by opensuse-security@opensuse.org 31 Oct '22
by opensuse-security@opensuse.org 31 Oct '22
31 Oct '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10180-1
Rating: important
References: #1204732 #1204819
Cross-References: CVE-2022-3652 CVE-2022-3653 CVE-2022-3654
CVE-2022-3655 CVE-2022-3656 CVE-2022-3657
CVE-2022-3658 CVE-2022-3659 CVE-2022-3660
CVE-2022-3661 CVE-2022-3723
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 107.0.5304.87 (boo#1204819)
* CVE-2022-3723: Type Confusion in V8
Chromium 107.0.5304.68 (boo#1204732)
* CVE-2022-3652: Type Confusion in V8
* CVE-2022-3653: Heap buffer overflow in Vulkan
* CVE-2022-3654: Use after free in Layout
* CVE-2022-3655: Heap buffer overflow in Media Galleries
* CVE-2022-3656: Insufficient data validation in File System
* CVE-2022-3657: Use after free in Extensions
* CVE-2022-3658: Use after free in Feedback service on Chrome OS
* CVE-2022-3659: Use after free in Accessibility
* CVE-2022-3660: Inappropriate implementation in Full screen mode
* CVE-2022-3661: Insufficient data validation in Extensions
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10180=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):
chromedriver-107.0.5304.87-bp154.2.40.1
chromedriver-debuginfo-107.0.5304.87-bp154.2.40.1
chromium-107.0.5304.87-bp154.2.40.1
chromium-debuginfo-107.0.5304.87-bp154.2.40.1
References:
https://www.suse.com/security/cve/CVE-2022-3652.html
https://www.suse.com/security/cve/CVE-2022-3653.html
https://www.suse.com/security/cve/CVE-2022-3654.html
https://www.suse.com/security/cve/CVE-2022-3655.html
https://www.suse.com/security/cve/CVE-2022-3656.html
https://www.suse.com/security/cve/CVE-2022-3657.html
https://www.suse.com/security/cve/CVE-2022-3658.html
https://www.suse.com/security/cve/CVE-2022-3659.html
https://www.suse.com/security/cve/CVE-2022-3660.html
https://www.suse.com/security/cve/CVE-2022-3661.html
https://www.suse.com/security/cve/CVE-2022-3723.html
https://bugzilla.suse.com/1204732
https://bugzilla.suse.com/1204819
1
0
openSUSE-SU-2022:10170-1: moderate: Security update for cacti, cacti-spine
by opensuse-security@opensuse.org 30 Oct '22
by opensuse-security@opensuse.org 30 Oct '22
30 Oct '22
openSUSE Security Update: Security update for cacti, cacti-spine
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10170-1
Rating: moderate
References: #1203952
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Package Hub for SUSE Linux Enterprise 12
openSUSE Backports SLE-15-SP3
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for cacti, cacti-spine fixes the following issues:
cacti-spine 1.2.22, delivering a number of bug fixes:
* When polling time is exceed, spine does not always exit as expected
* Spine logging at `-V 5` includes an extra line feed
* Incorrect SNMP responses can cause spine to crash
* Properly handle devices that timeout responding to the Extended Uptime
* MariaDB can cause spine to abort prematurely despite error handling
* Spine should log the error time when exiting via signal
cacti-spine 1.2.21:
* Disable DES if Net-SNMP doesn't have it
cacti 1.2.22, providing one security fix, a number of bug fixes and a
collection of improvements:
* When creating new graphs, cross site injection is possible (boo#1203952)
* When creating user from template, multiple Domain FullName and Mail are
not propagated
* Nectar Aggregate 95th emailed report broken
* Boost may not find archive tables correctly
* Users may be unable to change their password when forced during a login
* Net-SNMP Memory Graph Template has Wrong GPRINT
* Search in tree view unusable on larger installations
* Increased bulk insert size to avoid partial inserts and potential data
loss.
* Call to undefined function boost_debug in Cacti log
* When no guest template is set, login cookies are not properly set
* Later RRDtool releases do not need to check last_update time
* Regex filters are not always long enough
* Domains based LDAP and AD Fullname and Email not auto-populated
* Cacti polling and boost report the wrong number of Data Sources when
Devices are disabled
* When editing Graph Template Items there are cases where VDEF's are
hidden when they should be shown
* Database SSL setting lacks default value
* Update default path cacti under *BSD by xmacan
* Web Basic authentication not creating template user
* Unable to change the Heartbeat of a Data Source Profile
* Tree Search Does Not Properly Search All Trees
* When structured paths are setup, RRDfiles may not always be created when
possible
* When parsing the logs, caching would help speed up processing
* Deprecation warnings when attempting real-time Graphs with PHP8.1
* Custom Timespan is lost when clicking other tree branches
* Non device based Data Sources not being polled
* When Resource XML file inproperly formatted, graph creation can fail
with errors
* Update code style to support PHP 8 requirements
* None" shows all graphs
* Realtime popup window experiences issues on some browsers
* Auth settings do not always properly reflect the options selected by
ddb4github
* MySQL can cause cacti to become stalled due to locking issues
* Boost process can get hung under rare conditions until the poller times
out
* Exporting graphs under PHP 8 can cause errors
* Host table has wrong default for disabled and deleted columns
* RRD storage paths do not scale properly
* When importing, make it possible to only import certain components
* Update change_device script to include new features by bmfmancini
* Make help pages use latest online version wherever possible
* Cacti should show PHP INI locations during install
* Detect PHP INI values that are different in the INI vs running config
* Added Gradient Color support for AREA charts by thurban
* Update CDEF functions for RRDtool
* When boost is running, it's not clear which processes are running and
how long they have to complete
cacti 1.2.21:
* Add a CLI script to install/enable/disable/uninstall plugins
* Add log message when purging DS stats and poller repopulate
* A collection of bug fixes
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10170=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10170=1
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2022-10170=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
cacti-spine-1.2.22-bp154.2.3.1
cacti-spine-debuginfo-1.2.22-bp154.2.3.1
cacti-spine-debugsource-1.2.22-bp154.2.3.1
- openSUSE Backports SLE-15-SP4 (noarch):
cacti-1.2.22-bp154.2.3.1
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
cacti-spine-1.2.22-bp153.2.12.1
- openSUSE Backports SLE-15-SP3 (noarch):
cacti-1.2.22-bp153.2.12.1
- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):
cacti-spine-1.2.22-23.1
- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):
cacti-1.2.22-29.1
References:
https://bugzilla.suse.com/1203952
1
0
openSUSE-SU-2022:10170-1: moderate: Security update for cacti, cacti-spine
by opensuse-security@opensuse.org 30 Oct '22
by opensuse-security@opensuse.org 30 Oct '22
30 Oct '22
openSUSE Security Update: Security update for cacti, cacti-spine
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10170-1
Rating: moderate
References: #1203952
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for cacti, cacti-spine fixes the following issues:
cacti-spine 1.2.22, delivering a number of bug fixes:
* When polling time is exceed, spine does not always exit as expected
* Spine logging at `-V 5` includes an extra line feed
* Incorrect SNMP responses can cause spine to crash
* Properly handle devices that timeout responding to the Extended Uptime
* MariaDB can cause spine to abort prematurely despite error handling
* Spine should log the error time when exiting via signal
cacti-spine 1.2.21:
* Disable DES if Net-SNMP doesn't have it
cacti 1.2.22, providing one security fix, a number of bug fixes and a
collection of improvements:
* When creating new graphs, cross site injection is possible (boo#1203952)
* When creating user from template, multiple Domain FullName and Mail are
not propagated
* Nectar Aggregate 95th emailed report broken
* Boost may not find archive tables correctly
* Users may be unable to change their password when forced during a login
* Net-SNMP Memory Graph Template has Wrong GPRINT
* Search in tree view unusable on larger installations
* Increased bulk insert size to avoid partial inserts and potential data
loss.
* Call to undefined function boost_debug in Cacti log
* When no guest template is set, login cookies are not properly set
* Later RRDtool releases do not need to check last_update time
* Regex filters are not always long enough
* Domains based LDAP and AD Fullname and Email not auto-populated
* Cacti polling and boost report the wrong number of Data Sources when
Devices are disabled
* When editing Graph Template Items there are cases where VDEF's are
hidden when they should be shown
* Database SSL setting lacks default value
* Update default path cacti under *BSD by xmacan
* Web Basic authentication not creating template user
* Unable to change the Heartbeat of a Data Source Profile
* Tree Search Does Not Properly Search All Trees
* When structured paths are setup, RRDfiles may not always be created when
possible
* When parsing the logs, caching would help speed up processing
* Deprecation warnings when attempting real-time Graphs with PHP8.1
* Custom Timespan is lost when clicking other tree branches
* Non device based Data Sources not being polled
* When Resource XML file inproperly formatted, graph creation can fail
with errors
* Update code style to support PHP 8 requirements
* None" shows all graphs
* Realtime popup window experiences issues on some browsers
* Auth settings do not always properly reflect the options selected by
ddb4github
* MySQL can cause cacti to become stalled due to locking issues
* Boost process can get hung under rare conditions until the poller times
out
* Exporting graphs under PHP 8 can cause errors
* Host table has wrong default for disabled and deleted columns
* RRD storage paths do not scale properly
* When importing, make it possible to only import certain components
* Update change_device script to include new features by bmfmancini
* Make help pages use latest online version wherever possible
* Cacti should show PHP INI locations during install
* Detect PHP INI values that are different in the INI vs running config
* Added Gradient Color support for AREA charts by thurban
* Update CDEF functions for RRDtool
* When boost is running, it's not clear which processes are running and
how long they have to complete
cacti 1.2.21:
* Add a CLI script to install/enable/disable/uninstall plugins
* Add log message when purging DS stats and poller repopulate
* A collection of bug fixes
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2022-10170=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):
cacti-spine-1.2.22-23.1
- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):
cacti-1.2.22-29.1
References:
https://bugzilla.suse.com/1203952
1
0
openSUSE-SU-2022:10171-1: important: Security update for pdns-recursor
by opensuse-security@opensuse.org 30 Oct '22
by opensuse-security@opensuse.org 30 Oct '22
30 Oct '22
openSUSE Security Update: Security update for pdns-recursor
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10171-1
Rating: important
References: #1202664
Cross-References: CVE-2022-37428
CVSS scores:
CVE-2022-37428 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-37428 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for pdns-recursor fixes the following issues:
pdns-recursor was updated to 4.6.3:
* fixes incomplete exception handling related to protobuf message
generation (boo#1202664, CVE-2022-37428)
pdns-recursor was updated to 4.6.2:
* Reject non-apex NSEC(3)s that have both the NS and SOA bits set
* A CNAME answer on DS query should abort DS retrieval
* Allow disabling of processing the root hints
* If we get NODATA on an AAAA in followCNAMERecords, try native dns64
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10171=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le x86_64):
pdns-recursor-4.6.3-bp154.2.3.1
pdns-recursor-debuginfo-4.6.3-bp154.2.3.1
pdns-recursor-debugsource-4.6.3-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-37428.html
https://bugzilla.suse.com/1202664
1
0
openSUSE-SU-2022:10169-1: important: Security update for libmad
by opensuse-security@opensuse.org 30 Oct '22
by opensuse-security@opensuse.org 30 Oct '22
30 Oct '22
openSUSE Security Update: Security update for libmad
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10169-1
Rating: important
References: #1036968
Cross-References: CVE-2017-8373
CVSS scores:
CVE-2017-8373 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2017-8373 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libmad fixes the following issues:
- CVE-2017-8373: Fixed a heap-based buffer overflow in mad_layer_III
(boo#1036968).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2022-10169=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):
libmad-devel-0.15.1b-8.1
libmad0-0.15.1b-8.1
References:
https://www.suse.com/security/cve/CVE-2017-8373.html
https://bugzilla.suse.com/1036968
1
0
openSUSE-SU-2022:10168-1: important: Security update for exim
by opensuse-security@opensuse.org 30 Oct '22
by opensuse-security@opensuse.org 30 Oct '22
30 Oct '22
openSUSE Security Update: Security update for exim
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10168-1
Rating: important
References: #1204427
Cross-References: CVE-2022-3559
CVSS scores:
CVE-2022-3559 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for exim fixes the following issues:
- CVE-2022-3559: Fixed a use after free in processing of the component
Regex Handler (boo#1204427, Bug 2915)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10168=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):
exim-4.94.2-bp154.2.3.1
eximon-4.94.2-bp154.2.3.1
eximstats-html-4.94.2-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-3559.html
https://bugzilla.suse.com/1204427
1
0
SUSE-SU-2022:3807-1: important: Security update for libconfuse0
by opensuse-security@opensuse.org 28 Oct '22
by opensuse-security@opensuse.org 28 Oct '22
28 Oct '22
SUSE Security Update: Security update for libconfuse0
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3807-1
Rating: important
References: #1203326
Cross-References: CVE-2022-40320
CVSS scores:
CVE-2022-40320 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-40320 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for HPC 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libconfuse0 fixes the following issues:
- CVE-2022-40320: Fixed a heap-based buffer over-read in cfg_tilde_expand
in confuse.c (bsc#1203326).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3807=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3807=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3807=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3807=1
- SUSE Linux Enterprise Module for HPC 15-SP3:
zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-3807=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3807=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3807=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3807=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3807=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3807=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3807=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libconfuse-devel-2.8-150000.3.3.1
libconfuse0-2.8-150000.3.3.1
libconfuse0-debuginfo-2.8-150000.3.3.1
libconfuse0-debugsource-2.8-150000.3.3.1
- openSUSE Leap 15.4 (noarch):
libconfuse0-lang-2.8-150000.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libconfuse-devel-2.8-150000.3.3.1
libconfuse0-2.8-150000.3.3.1
libconfuse0-debuginfo-2.8-150000.3.3.1
libconfuse0-debugsource-2.8-150000.3.3.1
- openSUSE Leap 15.3 (noarch):
libconfuse0-lang-2.8-150000.3.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (ppc64le s390x):
libconfuse-devel-2.8-150000.3.3.1
libconfuse0-2.8-150000.3.3.1
libconfuse0-debuginfo-2.8-150000.3.3.1
libconfuse0-debugsource-2.8-150000.3.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch):
libconfuse0-lang-2.8-150000.3.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (ppc64le s390x):
libconfuse-devel-2.8-150000.3.3.1
libconfuse0-2.8-150000.3.3.1
libconfuse0-debuginfo-2.8-150000.3.3.1
libconfuse0-debugsource-2.8-150000.3.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
libconfuse0-lang-2.8-150000.3.3.1
- SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64):
libconfuse-devel-2.8-150000.3.3.1
libconfuse0-2.8-150000.3.3.1
libconfuse0-debuginfo-2.8-150000.3.3.1
libconfuse0-debugsource-2.8-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libconfuse-devel-2.8-150000.3.3.1
libconfuse0-2.8-150000.3.3.1
libconfuse0-debuginfo-2.8-150000.3.3.1
libconfuse0-debugsource-2.8-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libconfuse-devel-2.8-150000.3.3.1
libconfuse0-2.8-150000.3.3.1
libconfuse0-debuginfo-2.8-150000.3.3.1
libconfuse0-debugsource-2.8-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libconfuse-devel-2.8-150000.3.3.1
libconfuse0-2.8-150000.3.3.1
libconfuse0-debuginfo-2.8-150000.3.3.1
libconfuse0-debugsource-2.8-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libconfuse-devel-2.8-150000.3.3.1
libconfuse0-2.8-150000.3.3.1
libconfuse0-debuginfo-2.8-150000.3.3.1
libconfuse0-debugsource-2.8-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libconfuse-devel-2.8-150000.3.3.1
libconfuse0-2.8-150000.3.3.1
libconfuse0-debuginfo-2.8-150000.3.3.1
libconfuse0-debugsource-2.8-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libconfuse-devel-2.8-150000.3.3.1
libconfuse0-2.8-150000.3.3.1
libconfuse0-debuginfo-2.8-150000.3.3.1
libconfuse0-debugsource-2.8-150000.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-40320.html
https://bugzilla.suse.com/1203326
1
0
SUSE-SU-2022:3802-1: important: Security update for openjpeg2
by opensuse-security@opensuse.org 27 Oct '22
by opensuse-security@opensuse.org 27 Oct '22
27 Oct '22
SUSE Security Update: Security update for openjpeg2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3802-1
Rating: important
References: #1140205 #1149789 #1179594 #1179821 #1180042
#1180043 #1180044 #1180046
Cross-References: CVE-2018-20846 CVE-2018-21010 CVE-2020-27814
CVE-2020-27824 CVE-2020-27841 CVE-2020-27842
CVE-2020-27843 CVE-2020-27845
CVSS scores:
CVE-2018-20846 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-20846 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-21010 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-21010 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-27814 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-27814 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2020-27824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-27824 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVE-2020-27841 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-27841 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
CVE-2020-27842 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-27842 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
CVE-2020-27843 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-27843 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
CVE-2020-27845 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-27845 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
This update for openjpeg2 fixes the following issues:
- CVE-2018-20846: Fixed OOB read in pi_next_lrcp, pi_next_rlcp,
pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in
openmj2/pi.c (bsc#1140205).
- CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile
in bin/common/color.c (bsc#1149789).
- CVE-2020-27814: Fixed heap buffer overflow in lib/openjp2/mqc.c
(bsc#1179594),
- CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes()
(bsc#1179821).
- CVE-2020-27841: Fixed buffer over-read in lib/openjp2/pi.c
(bsc#1180042).
- CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset
function in lib/openjp2/tgt.c (bsc#1180043).
- CVE-2020-27843: Fixed OOB read in opj_t2_encode_packet function in
openjp2/t2.c (bsc#1180044).
- CVE-2020-27845: Fixed heap-based buffer over-read in functions
opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in
openjp2/pi.c (bsc#1180046).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3802=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3802=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3802=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3802=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3802=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3802=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3802=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3802=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3802=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3802=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3802=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3802=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3802=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3802=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3802=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3802=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3802=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3802=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3802=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3802=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3802=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3802=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3802=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3802=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- openSUSE Leap 15.4 (x86_64):
libopenjp2-7-32bit-2.3.0-150000.3.8.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- openSUSE Leap 15.3 (x86_64):
libopenjp2-7-32bit-2.3.0-150000.3.8.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Manager Proxy 4.1 (x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libopenjp2-7-32bit-2.3.0-150000.3.8.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libopenjp2-7-32bit-2.3.0-150000.3.8.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-32bit-2.3.0-150000.3.8.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
libopenjp2-7-32bit-2.3.0-150000.3.8.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libopenjp2-7-32bit-2.3.0-150000.3.8.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libopenjp2-7-32bit-2.3.0-150000.3.8.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
- SUSE Enterprise Storage 6 (x86_64):
libopenjp2-7-32bit-2.3.0-150000.3.8.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1
- SUSE CaaS Platform 4.0 (x86_64):
libopenjp2-7-2.3.0-150000.3.8.1
libopenjp2-7-32bit-2.3.0-150000.3.8.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.8.1
libopenjp2-7-debuginfo-2.3.0-150000.3.8.1
openjpeg2-2.3.0-150000.3.8.1
openjpeg2-debuginfo-2.3.0-150000.3.8.1
openjpeg2-debugsource-2.3.0-150000.3.8.1
openjpeg2-devel-2.3.0-150000.3.8.1
References:
https://www.suse.com/security/cve/CVE-2018-20846.html
https://www.suse.com/security/cve/CVE-2018-21010.html
https://www.suse.com/security/cve/CVE-2020-27814.html
https://www.suse.com/security/cve/CVE-2020-27824.html
https://www.suse.com/security/cve/CVE-2020-27841.html
https://www.suse.com/security/cve/CVE-2020-27842.html
https://www.suse.com/security/cve/CVE-2020-27843.html
https://www.suse.com/security/cve/CVE-2020-27845.html
https://bugzilla.suse.com/1140205
https://bugzilla.suse.com/1149789
https://bugzilla.suse.com/1179594
https://bugzilla.suse.com/1179821
https://bugzilla.suse.com/1180042
https://bugzilla.suse.com/1180043
https://bugzilla.suse.com/1180044
https://bugzilla.suse.com/1180046
1
0
SUSE-SU-2022:3806-1: important: Security update for dbus-1
by opensuse-security@opensuse.org 27 Oct '22
by opensuse-security@opensuse.org 27 Oct '22
27 Oct '22
SUSE Security Update: Security update for dbus-1
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3806-1
Rating: important
References: #1087072 #1204111 #1204112 #1204113
Cross-References: CVE-2022-42010 CVE-2022-42011 CVE-2022-42012
CVSS scores:
CVE-2022-42010 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42010 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2022-42011 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42011 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2022-42012 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42012 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an
invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length
array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a
message in non-native endianness with out-of-band Unix file descriptor
(bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3806=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3806=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3806=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
dbus-1-1.12.2-150400.18.5.1
dbus-1-debuginfo-1.12.2-150400.18.5.1
dbus-1-debugsource-1.12.2-150400.18.5.1
dbus-1-devel-1.12.2-150400.18.5.1
dbus-1-x11-1.12.2-150400.18.5.1
dbus-1-x11-debuginfo-1.12.2-150400.18.5.1
dbus-1-x11-debugsource-1.12.2-150400.18.5.1
libdbus-1-3-1.12.2-150400.18.5.1
libdbus-1-3-debuginfo-1.12.2-150400.18.5.1
- openSUSE Leap 15.4 (noarch):
dbus-1-devel-doc-1.12.2-150400.18.5.1
- openSUSE Leap 15.4 (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150400.18.5.1
dbus-1-devel-32bit-1.12.2-150400.18.5.1
libdbus-1-3-32bit-1.12.2-150400.18.5.1
libdbus-1-3-32bit-debuginfo-1.12.2-150400.18.5.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
dbus-1-1.12.2-150400.18.5.1
dbus-1-debuginfo-1.12.2-150400.18.5.1
dbus-1-debugsource-1.12.2-150400.18.5.1
dbus-1-devel-1.12.2-150400.18.5.1
dbus-1-x11-1.12.2-150400.18.5.1
dbus-1-x11-debuginfo-1.12.2-150400.18.5.1
dbus-1-x11-debugsource-1.12.2-150400.18.5.1
libdbus-1-3-1.12.2-150400.18.5.1
libdbus-1-3-debuginfo-1.12.2-150400.18.5.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150400.18.5.1
libdbus-1-3-32bit-1.12.2-150400.18.5.1
libdbus-1-3-32bit-debuginfo-1.12.2-150400.18.5.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
dbus-1-1.12.2-150400.18.5.1
dbus-1-debuginfo-1.12.2-150400.18.5.1
dbus-1-debugsource-1.12.2-150400.18.5.1
dbus-1-x11-1.12.2-150400.18.5.1
dbus-1-x11-debuginfo-1.12.2-150400.18.5.1
dbus-1-x11-debugsource-1.12.2-150400.18.5.1
libdbus-1-3-1.12.2-150400.18.5.1
libdbus-1-3-debuginfo-1.12.2-150400.18.5.1
References:
https://www.suse.com/security/cve/CVE-2022-42010.html
https://www.suse.com/security/cve/CVE-2022-42011.html
https://www.suse.com/security/cve/CVE-2022-42012.html
https://bugzilla.suse.com/1087072
https://bugzilla.suse.com/1204111
https://bugzilla.suse.com/1204112
https://bugzilla.suse.com/1204113
1
0
SUSE-SU-2022:3805-1: important: Security update for dbus-1
by opensuse-security@opensuse.org 27 Oct '22
by opensuse-security@opensuse.org 27 Oct '22
27 Oct '22
SUSE Security Update: Security update for dbus-1
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3805-1
Rating: important
References: #1087072 #1204111 #1204112 #1204113
Cross-References: CVE-2022-42010 CVE-2022-42011 CVE-2022-42012
CVSS scores:
CVE-2022-42010 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42010 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2022-42011 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42011 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2022-42012 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42012 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an
invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length
array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a
message in non-native endianness with out-of-band Unix file descriptor
(bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3805=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3805=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3805=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3805=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3805=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3805=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3805=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3805=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3805=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3805=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3805=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3805=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3805=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3805=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3805=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3805=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3805=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3805=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3805=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3805=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- openSUSE Leap 15.3 (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
dbus-1-devel-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- openSUSE Leap 15.3 (noarch):
dbus-1-devel-doc-1.12.2-150100.8.14.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Manager Server 4.1 (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Manager Proxy 4.1 (x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Enterprise Storage 7 (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
- SUSE Enterprise Storage 6 (x86_64):
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
- SUSE CaaS Platform 4.0 (x86_64):
dbus-1-1.12.2-150100.8.14.1
dbus-1-32bit-debuginfo-1.12.2-150100.8.14.1
dbus-1-debuginfo-1.12.2-150100.8.14.1
dbus-1-debugsource-1.12.2-150100.8.14.1
dbus-1-devel-1.12.2-150100.8.14.1
dbus-1-x11-1.12.2-150100.8.14.1
dbus-1-x11-debuginfo-1.12.2-150100.8.14.1
dbus-1-x11-debugsource-1.12.2-150100.8.14.1
libdbus-1-3-1.12.2-150100.8.14.1
libdbus-1-3-32bit-1.12.2-150100.8.14.1
libdbus-1-3-32bit-debuginfo-1.12.2-150100.8.14.1
libdbus-1-3-debuginfo-1.12.2-150100.8.14.1
References:
https://www.suse.com/security/cve/CVE-2022-42010.html
https://www.suse.com/security/cve/CVE-2022-42011.html
https://www.suse.com/security/cve/CVE-2022-42012.html
https://bugzilla.suse.com/1087072
https://bugzilla.suse.com/1204111
https://bugzilla.suse.com/1204112
https://bugzilla.suse.com/1204113
1
0
SUSE-SU-2022:3795-1: moderate: Security update for qemu
by opensuse-security@opensuse.org 27 Oct '22
by opensuse-security@opensuse.org 27 Oct '22
27 Oct '22
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3795-1
Rating: moderate
References: #1192115 #1198038 #1201367
Cross-References: CVE-2022-0216 CVE-2022-35414
CVSS scores:
CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for qemu fixes the following issues:
- CVE-2022-0216: Fixed a use after free issue found in
hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation
that leads to a crash. (bsc#1201367)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3795=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3795=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3795=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3795=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
qemu-6.2.0-150400.37.8.2
qemu-accel-qtest-6.2.0-150400.37.8.2
qemu-accel-qtest-debuginfo-6.2.0-150400.37.8.2
qemu-accel-tcg-x86-6.2.0-150400.37.8.2
qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.8.2
qemu-arm-6.2.0-150400.37.8.2
qemu-arm-debuginfo-6.2.0-150400.37.8.2
qemu-audio-alsa-6.2.0-150400.37.8.2
qemu-audio-alsa-debuginfo-6.2.0-150400.37.8.2
qemu-audio-jack-6.2.0-150400.37.8.2
qemu-audio-jack-debuginfo-6.2.0-150400.37.8.2
qemu-audio-oss-debuginfo-6.2.0-150400.37.8.2
qemu-audio-pa-6.2.0-150400.37.8.2
qemu-audio-pa-debuginfo-6.2.0-150400.37.8.2
qemu-audio-spice-6.2.0-150400.37.8.2
qemu-audio-spice-debuginfo-6.2.0-150400.37.8.2
qemu-block-curl-6.2.0-150400.37.8.2
qemu-block-curl-debuginfo-6.2.0-150400.37.8.2
qemu-block-dmg-6.2.0-150400.37.8.2
qemu-block-dmg-debuginfo-6.2.0-150400.37.8.2
qemu-block-gluster-6.2.0-150400.37.8.2
qemu-block-gluster-debuginfo-6.2.0-150400.37.8.2
qemu-block-iscsi-6.2.0-150400.37.8.2
qemu-block-iscsi-debuginfo-6.2.0-150400.37.8.2
qemu-block-nfs-6.2.0-150400.37.8.2
qemu-block-nfs-debuginfo-6.2.0-150400.37.8.2
qemu-block-rbd-6.2.0-150400.37.8.2
qemu-block-rbd-debuginfo-6.2.0-150400.37.8.2
qemu-block-ssh-6.2.0-150400.37.8.2
qemu-block-ssh-debuginfo-6.2.0-150400.37.8.2
qemu-chardev-baum-6.2.0-150400.37.8.2
qemu-chardev-baum-debuginfo-6.2.0-150400.37.8.2
qemu-chardev-spice-6.2.0-150400.37.8.2
qemu-chardev-spice-debuginfo-6.2.0-150400.37.8.2
qemu-debuginfo-6.2.0-150400.37.8.2
qemu-debugsource-6.2.0-150400.37.8.2
qemu-extra-6.2.0-150400.37.8.2
qemu-extra-debuginfo-6.2.0-150400.37.8.2
qemu-guest-agent-6.2.0-150400.37.8.2
qemu-guest-agent-debuginfo-6.2.0-150400.37.8.2
qemu-hw-display-qxl-6.2.0-150400.37.8.2
qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.8.2
qemu-hw-display-virtio-gpu-6.2.0-150400.37.8.2
qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.8.2
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.8.2
qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.8.2
qemu-hw-display-virtio-vga-6.2.0-150400.37.8.2
qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.8.2
qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.8.2
qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.8.2
qemu-hw-usb-host-6.2.0-150400.37.8.2
qemu-hw-usb-host-debuginfo-6.2.0-150400.37.8.2
qemu-hw-usb-redirect-6.2.0-150400.37.8.2
qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.8.2
qemu-hw-usb-smartcard-6.2.0-150400.37.8.2
qemu-hw-usb-smartcard-debuginfo-6.2.0-150400.37.8.2
qemu-ivshmem-tools-6.2.0-150400.37.8.2
qemu-ivshmem-tools-debuginfo-6.2.0-150400.37.8.2
qemu-ksm-6.2.0-150400.37.8.2
qemu-lang-6.2.0-150400.37.8.2
qemu-linux-user-6.2.0-150400.37.8.1
qemu-linux-user-debuginfo-6.2.0-150400.37.8.1
qemu-linux-user-debugsource-6.2.0-150400.37.8.1
qemu-ppc-6.2.0-150400.37.8.2
qemu-ppc-debuginfo-6.2.0-150400.37.8.2
qemu-s390x-6.2.0-150400.37.8.2
qemu-s390x-debuginfo-6.2.0-150400.37.8.2
qemu-testsuite-6.2.0-150400.37.8.4
qemu-tools-6.2.0-150400.37.8.2
qemu-tools-debuginfo-6.2.0-150400.37.8.2
qemu-ui-curses-6.2.0-150400.37.8.2
qemu-ui-curses-debuginfo-6.2.0-150400.37.8.2
qemu-ui-gtk-6.2.0-150400.37.8.2
qemu-ui-gtk-debuginfo-6.2.0-150400.37.8.2
qemu-ui-opengl-6.2.0-150400.37.8.2
qemu-ui-opengl-debuginfo-6.2.0-150400.37.8.2
qemu-ui-spice-app-6.2.0-150400.37.8.2
qemu-ui-spice-app-debuginfo-6.2.0-150400.37.8.2
qemu-ui-spice-core-6.2.0-150400.37.8.2
qemu-ui-spice-core-debuginfo-6.2.0-150400.37.8.2
qemu-vhost-user-gpu-6.2.0-150400.37.8.2
qemu-vhost-user-gpu-debuginfo-6.2.0-150400.37.8.2
qemu-x86-6.2.0-150400.37.8.2
qemu-x86-debuginfo-6.2.0-150400.37.8.2
- openSUSE Leap 15.4 (s390x x86_64):
qemu-kvm-6.2.0-150400.37.8.2
- openSUSE Leap 15.4 (noarch):
qemu-SLOF-6.2.0-150400.37.8.2
qemu-ipxe-1.0.0+-150400.37.8.2
qemu-microvm-6.2.0-150400.37.8.2
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.8.2
qemu-sgabios-8-150400.37.8.2
qemu-skiboot-6.2.0-150400.37.8.2
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.8.2
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
qemu-6.2.0-150400.37.8.2
qemu-block-curl-6.2.0-150400.37.8.2
qemu-block-curl-debuginfo-6.2.0-150400.37.8.2
qemu-block-iscsi-6.2.0-150400.37.8.2
qemu-block-iscsi-debuginfo-6.2.0-150400.37.8.2
qemu-block-rbd-6.2.0-150400.37.8.2
qemu-block-rbd-debuginfo-6.2.0-150400.37.8.2
qemu-block-ssh-6.2.0-150400.37.8.2
qemu-block-ssh-debuginfo-6.2.0-150400.37.8.2
qemu-chardev-baum-6.2.0-150400.37.8.2
qemu-chardev-baum-debuginfo-6.2.0-150400.37.8.2
qemu-debuginfo-6.2.0-150400.37.8.2
qemu-debugsource-6.2.0-150400.37.8.2
qemu-guest-agent-6.2.0-150400.37.8.2
qemu-guest-agent-debuginfo-6.2.0-150400.37.8.2
qemu-hw-usb-host-6.2.0-150400.37.8.2
qemu-hw-usb-host-debuginfo-6.2.0-150400.37.8.2
qemu-ksm-6.2.0-150400.37.8.2
qemu-lang-6.2.0-150400.37.8.2
qemu-ui-curses-6.2.0-150400.37.8.2
qemu-ui-curses-debuginfo-6.2.0-150400.37.8.2
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le x86_64):
qemu-audio-spice-6.2.0-150400.37.8.2
qemu-audio-spice-debuginfo-6.2.0-150400.37.8.2
qemu-chardev-spice-6.2.0-150400.37.8.2
qemu-chardev-spice-debuginfo-6.2.0-150400.37.8.2
qemu-hw-display-qxl-6.2.0-150400.37.8.2
qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.8.2
qemu-hw-display-virtio-vga-6.2.0-150400.37.8.2
qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.8.2
qemu-hw-usb-redirect-6.2.0-150400.37.8.2
qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.8.2
qemu-ui-gtk-6.2.0-150400.37.8.2
qemu-ui-gtk-debuginfo-6.2.0-150400.37.8.2
qemu-ui-opengl-6.2.0-150400.37.8.2
qemu-ui-opengl-debuginfo-6.2.0-150400.37.8.2
qemu-ui-spice-app-6.2.0-150400.37.8.2
qemu-ui-spice-app-debuginfo-6.2.0-150400.37.8.2
qemu-ui-spice-core-6.2.0-150400.37.8.2
qemu-ui-spice-core-debuginfo-6.2.0-150400.37.8.2
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (s390x x86_64):
qemu-hw-display-virtio-gpu-6.2.0-150400.37.8.2
qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.8.2
qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.8.2
qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.8.2
qemu-kvm-6.2.0-150400.37.8.2
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (ppc64le):
qemu-ppc-6.2.0-150400.37.8.2
qemu-ppc-debuginfo-6.2.0-150400.37.8.2
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64):
qemu-arm-6.2.0-150400.37.8.2
qemu-arm-debuginfo-6.2.0-150400.37.8.2
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
qemu-SLOF-6.2.0-150400.37.8.2
qemu-ipxe-1.0.0+-150400.37.8.2
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.8.2
qemu-sgabios-8-150400.37.8.2
qemu-skiboot-6.2.0-150400.37.8.2
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.8.2
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64):
qemu-accel-tcg-x86-6.2.0-150400.37.8.2
qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.8.2
qemu-audio-alsa-6.2.0-150400.37.8.2
qemu-audio-alsa-debuginfo-6.2.0-150400.37.8.2
qemu-audio-pa-6.2.0-150400.37.8.2
qemu-audio-pa-debuginfo-6.2.0-150400.37.8.2
qemu-x86-6.2.0-150400.37.8.2
qemu-x86-debuginfo-6.2.0-150400.37.8.2
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (s390x):
qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.8.2
qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.8.2
qemu-s390x-6.2.0-150400.37.8.2
qemu-s390x-debuginfo-6.2.0-150400.37.8.2
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
qemu-debuginfo-6.2.0-150400.37.8.2
qemu-debugsource-6.2.0-150400.37.8.2
qemu-tools-6.2.0-150400.37.8.2
qemu-tools-debuginfo-6.2.0-150400.37.8.2
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
qemu-6.2.0-150400.37.8.2
qemu-audio-spice-6.2.0-150400.37.8.2
qemu-audio-spice-debuginfo-6.2.0-150400.37.8.2
qemu-chardev-spice-6.2.0-150400.37.8.2
qemu-chardev-spice-debuginfo-6.2.0-150400.37.8.2
qemu-debuginfo-6.2.0-150400.37.8.2
qemu-debugsource-6.2.0-150400.37.8.2
qemu-guest-agent-6.2.0-150400.37.8.2
qemu-guest-agent-debuginfo-6.2.0-150400.37.8.2
qemu-hw-display-qxl-6.2.0-150400.37.8.2
qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.8.2
qemu-hw-display-virtio-gpu-6.2.0-150400.37.8.2
qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.8.2
qemu-hw-display-virtio-vga-6.2.0-150400.37.8.2
qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.8.2
qemu-hw-usb-redirect-6.2.0-150400.37.8.2
qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.8.2
qemu-tools-6.2.0-150400.37.8.2
qemu-tools-debuginfo-6.2.0-150400.37.8.2
qemu-ui-opengl-6.2.0-150400.37.8.2
qemu-ui-opengl-debuginfo-6.2.0-150400.37.8.2
qemu-ui-spice-core-6.2.0-150400.37.8.2
qemu-ui-spice-core-debuginfo-6.2.0-150400.37.8.2
- SUSE Linux Enterprise Micro 5.3 (aarch64):
qemu-arm-6.2.0-150400.37.8.2
qemu-arm-debuginfo-6.2.0-150400.37.8.2
- SUSE Linux Enterprise Micro 5.3 (x86_64):
qemu-accel-tcg-x86-6.2.0-150400.37.8.2
qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.8.2
qemu-x86-6.2.0-150400.37.8.2
qemu-x86-debuginfo-6.2.0-150400.37.8.2
- SUSE Linux Enterprise Micro 5.3 (noarch):
qemu-ipxe-1.0.0+-150400.37.8.2
qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.8.2
qemu-sgabios-8-150400.37.8.2
qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.8.2
- SUSE Linux Enterprise Micro 5.3 (s390x):
qemu-s390x-6.2.0-150400.37.8.2
qemu-s390x-debuginfo-6.2.0-150400.37.8.2
References:
https://www.suse.com/security/cve/CVE-2022-0216.html
https://www.suse.com/security/cve/CVE-2022-35414.html
https://bugzilla.suse.com/1192115
https://bugzilla.suse.com/1198038
https://bugzilla.suse.com/1201367
1
0
SUSE-SU-2022:3800-1: important: Security update for MozillaThunderbird
by opensuse-security@opensuse.org 27 Oct '22
by opensuse-security@opensuse.org 27 Oct '22
27 Oct '22
SUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3800-1
Rating: important
References: #1203477 #1204411 #1204421
Cross-References: CVE-2022-3155 CVE-2022-3266 CVE-2022-39236
CVE-2022-39249 CVE-2022-39250 CVE-2022-39251
CVE-2022-40956 CVE-2022-40957 CVE-2022-40958
CVE-2022-40959 CVE-2022-40960 CVE-2022-40962
CVSS scores:
CVE-2022-39236 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-39236 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2022-39249 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-39249 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-39250 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-39250 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-39251 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-39251 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 12 vulnerabilities is now available.
Description:
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 102.4.0 (bsc#1204421)
* changed: Thunderbird will automatically detect and repair OpenPGP key
storage corruption caused by using the profile import tool in
Thunderbird 102
* fixed: POP message download into a large folder (~13000 messages)
caused Thunderbird to temporarily freeze
* fixed: Forwarding messages with special characters in Subject failed
on Windows
* fixed: Links for FileLink attachments were not added when attachment
filename contained Unicode characters
* fixed: Address Book display pane continued to show contacts after
deletion
* fixed: Printing address book did not include all contact details
* fixed: CardDAV contacts without a Name property did not save to Google
Contacts
* fixed: "Publish Calendar" did not work
* fixed: Calendar database storage improvements
* fixed: Incorrectly handled error responses from CalDAV servers
sometimes caused events to disappear from calendar
* fixed: Various visual and UX improvements
- Mozilla Thunderbird 102.3.3
* new: Option added to show containing address book for a contact when
using `All Address Books` in vertical mode (bmo#1778871)
* changed: Thunderbird will try to use POP NTLM authentication even if
not advertised by server (bmo#1793349)
* changed: Task List and Today Pane sidebars will no longer load when
not visible (bmo#1788549)
* fixed: Sending a message while a recipient pill was being modified did
not save changes (bmo#1779785)
* fixed: Nickname column was not available in horizontal view
of Address Book (bmo#1778000)
* fixed: Multiline organization values were displayed across two columns
in horizontal view of Address Book (bmo#1777780)
* fixed: Contact vCard fields with multiple values such as Categories
were truncated when saved (bmo#1792399)
* fixed: ICS calendar files with a `FREEBUSY` property could not be
imported (bmo#1783441)
* fixed: Thunderbird would hang if calendar event exceeded the year 2035
(bmo#1789999)
- Mozilla Thunderbird 102.3.2
* changed: Thunderbird will try to use POP CRAM-MD5 authentication even
if not advertised by server (bmo#1789975)
* fixed: Checking messages on POP3 accounts caused POP folder to lock if
mail server was slow or non-responsive (bmo#1792451)
* fixed: Newsgroups named with consecutive dots would not appear when
refreshing list of newsgroups (bmo#1787789)
* fixed: Sending news articles containing lines starting with dot were
sometimes clipped (bmo#1787955)
* fixed: CardDAV server sync silently failed if sync token expired
(bmo#1791183)
* fixed: Contacts from LDAP on macOS address books were not displayed
(bmo#1791347)
* fixed: Chat account input now accepts URIs for supported chat
protocols (bmo#1776706)
* fixed: Chat ScreenName field was not migrated to new address book
(bmo#1789990)
* fixed: Creating a New Event from the Today Pane used the currently
selected day from the main calendar instead of from the Today Pane
(bmo#1791203)
* fixed: `New Event` button in Today Pane was incorrectly disabled
sometimes (bmo#1792058)
* fixed: Event reminder windows did not close after being dismissed or
snoozed (bmo#1791228)
* fixed: Improved performance of recurring event date calculation
(bmo#1787677)
* fixed: Quarterly calendar events on the last day of the month repeated
one month early (bmo#1789362)
* fixed: Thunderbird would hang if calendar event exceeded the year 2035
(bmo#1789999)
* fixed: Whitespace in calendar events was incorrectly handled when
upgrading from Thunderbird 91 to 102 (bmo#1790339)
* fixed: Various visual and UX improvements (bmo#1755623,bmo#17
83903,bmo#1785851,bmo#1786434,bmo#1787286,bmo#1788151,bmo#178
9728,bmo#1790499)
- Mozilla Thunderbird 102.3.1
* changed: Compose window encryption options now only appear for
encryption technologies that have already been configured (bmo#1788988)
* changed: Number of contacts in currently selected address book now
displayed at bottom of Address Book list column (bmo#1745571)
* fixed: Password prompt did not include server hostname for POP servers
(bmo#1786920)
* fixed: `Edit Contact` was missing from Contacts sidebar context menus
(bmo#1771795)
* fixed: Address Book contact lists cut off display of some characters,
the result being unreadable (bmo#1780909)
* fixed: Menu items for dark-themed alarm dialog were invisible
on Windows 7 (bmo#1791738)
* fixed: Various security fixes MFSA 2022-43 (bsc#1204411)
* CVE-2022-39249 (bmo#1791765) Matrix SDK bundled with Thunderbird
vulnerable to an impersonation attack by malicious server
administrators
* CVE-2022-39250 (bmo#1791765) Matrix SDK bundled with Thunderbird
vulnerable to a device verification attack
* CVE-2022-39251 (bmo#1791765) Matrix SDK bundled with Thunderbird
vulnerable to an impersonation attack
* CVE-2022-39236 (bmo#1791765) Matrix SDK bundled with Thunderbird
vulnerable to a data corruption issue
- Mozilla Thunderbird 102.3
* changed: Thunderbird will no longer attempt to import account
passwords when importing from another Thunderbird profile in
order to prevent profile corruption and permanent data loss.
(bmo#1790605)
* changed: Devtools performance profile will use Thunderbird presets
instead of Web Developer presets (bmo#1785954)
* fixed: Thunderbird startup performance improvements (bmo#1785967)
* fixed: Saving email source and images failed (bmo#1777323,bmo#1778804)
* fixed: Error message was shown repeatedly when temporary disk space
was full (bmo#1788580)
* fixed: Attaching OpenPGP keys without a set size to non- encrypted
messages briefly displayed a size of zero bytes (bmo#1788952)
* fixed: Global Search entry box initially contained "undefined"
(bmo#1780963)
* fixed: Delete from POP Server mail filter rule intermittently failed
to trigger (bmo#1789418)
* fixed: Connections to POP3 servers without UIDL support failed
(bmo#1789314)
* fixed: Pop accounts with "Fetch headers only" set downloaded complete
messages if server did not advertise TOP capability (bmo#1789356)
* fixed: "File -> New -> Address Book Contact" from Compose window did
not work (bmo#1782418)
* fixed: Attach "My vCard" option in compose window was not available
(bmo#1787614)
* fixed: Improved performance of matching a contact to an email address
(bmo#1782725)
* fixed: Address book only recognized a contact's first two email
addresses (bmo#1777156)
* fixed: Address book search and autocomplete failed if a contact vCard
could not be parsed (bmo#1789793)
* fixed: Downloading NNTP messages for offline use failed (bmo#1785773)
* fixed: NNTP client became stuck when connecting to Public- Inbox
servers (bmo#1786203)
* fixed: Various visual and UX improvements
(bmo#1782235,bmo#1787448,bmo#1788725,bmo#1790324)
* fixed: Various security fixes
* unresolved: No dedicated "Department" field in address book
(bmo#1777780) MFSA 2022-42 (bsc#1203477)
* CVE-2022-3266 (bmo#1767360) Out of bounds read when decoding H264
* CVE-2022-40959 (bmo#1782211) Bypassing FeaturePolicy restrictions on
transient pages
* CVE-2022-40960 (bmo#1787633) Data-race when parsing non-UTF-8 URLs in
threads
* CVE-2022-40958 (bmo#1779993) Bypassing Secure Context restriction for
cookies with __Host and __Secure prefix
* CVE-2022-40956 (bmo#1770094) Content-Security-Policy base-uri bypass
* CVE-2022-40957 (bmo#1777604) Incoherent instruction cache when
building WASM on ARM64
* CVE-2022-3155 (bmo#1789061) Attachment files saved to disk on macOS
could be executed without warning
* CVE-2022-40962 (bmo#1776655, bmo#1777574, bmo#1784835, bmo#1785109,
bmo#1786502, bmo#1789440) Memory safety bugs fixed in Thunderbird 102.3
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3800=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3800=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3800=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3800=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3800=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3800=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-102.4.0-150200.8.85.1
MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1
MozillaThunderbird-debugsource-102.4.0-150200.8.85.1
MozillaThunderbird-translations-common-102.4.0-150200.8.85.1
MozillaThunderbird-translations-other-102.4.0-150200.8.85.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-102.4.0-150200.8.85.1
MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1
MozillaThunderbird-debugsource-102.4.0-150200.8.85.1
MozillaThunderbird-translations-common-102.4.0-150200.8.85.1
MozillaThunderbird-translations-other-102.4.0-150200.8.85.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
MozillaThunderbird-102.4.0-150200.8.85.1
MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1
MozillaThunderbird-debugsource-102.4.0-150200.8.85.1
MozillaThunderbird-translations-common-102.4.0-150200.8.85.1
MozillaThunderbird-translations-other-102.4.0-150200.8.85.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
MozillaThunderbird-102.4.0-150200.8.85.1
MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1
MozillaThunderbird-debugsource-102.4.0-150200.8.85.1
MozillaThunderbird-translations-common-102.4.0-150200.8.85.1
MozillaThunderbird-translations-other-102.4.0-150200.8.85.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x):
MozillaThunderbird-102.4.0-150200.8.85.1
MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1
MozillaThunderbird-debugsource-102.4.0-150200.8.85.1
MozillaThunderbird-translations-common-102.4.0-150200.8.85.1
MozillaThunderbird-translations-other-102.4.0-150200.8.85.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x):
MozillaThunderbird-102.4.0-150200.8.85.1
MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1
MozillaThunderbird-debugsource-102.4.0-150200.8.85.1
MozillaThunderbird-translations-common-102.4.0-150200.8.85.1
MozillaThunderbird-translations-other-102.4.0-150200.8.85.1
References:
https://www.suse.com/security/cve/CVE-2022-3155.html
https://www.suse.com/security/cve/CVE-2022-3266.html
https://www.suse.com/security/cve/CVE-2022-39236.html
https://www.suse.com/security/cve/CVE-2022-39249.html
https://www.suse.com/security/cve/CVE-2022-39250.html
https://www.suse.com/security/cve/CVE-2022-39251.html
https://www.suse.com/security/cve/CVE-2022-40956.html
https://www.suse.com/security/cve/CVE-2022-40957.html
https://www.suse.com/security/cve/CVE-2022-40958.html
https://www.suse.com/security/cve/CVE-2022-40959.html
https://www.suse.com/security/cve/CVE-2022-40960.html
https://www.suse.com/security/cve/CVE-2022-40962.html
https://bugzilla.suse.com/1203477
https://bugzilla.suse.com/1204411
https://bugzilla.suse.com/1204421
1
0
SUSE-SU-2022:3785-1: important: Security update for curl
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for curl
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3785-1
Rating: important
References: #1204383 #1204386
Cross-References: CVE-2022-32221 CVE-2022-42916
CVSS scores:
CVE-2022-32221 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-42916 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
- CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3785=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3785=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3785=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
curl-7.79.1-150400.5.9.1
curl-debuginfo-7.79.1-150400.5.9.1
curl-debugsource-7.79.1-150400.5.9.1
libcurl-devel-7.79.1-150400.5.9.1
libcurl4-7.79.1-150400.5.9.1
libcurl4-debuginfo-7.79.1-150400.5.9.1
- openSUSE Leap 15.4 (x86_64):
libcurl-devel-32bit-7.79.1-150400.5.9.1
libcurl4-32bit-7.79.1-150400.5.9.1
libcurl4-32bit-debuginfo-7.79.1-150400.5.9.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
curl-7.79.1-150400.5.9.1
curl-debuginfo-7.79.1-150400.5.9.1
curl-debugsource-7.79.1-150400.5.9.1
libcurl-devel-7.79.1-150400.5.9.1
libcurl4-7.79.1-150400.5.9.1
libcurl4-debuginfo-7.79.1-150400.5.9.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libcurl4-32bit-7.79.1-150400.5.9.1
libcurl4-32bit-debuginfo-7.79.1-150400.5.9.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
curl-7.79.1-150400.5.9.1
curl-debuginfo-7.79.1-150400.5.9.1
curl-debugsource-7.79.1-150400.5.9.1
libcurl4-7.79.1-150400.5.9.1
libcurl4-debuginfo-7.79.1-150400.5.9.1
References:
https://www.suse.com/security/cve/CVE-2022-32221.html
https://www.suse.com/security/cve/CVE-2022-42916.html
https://bugzilla.suse.com/1204383
https://bugzilla.suse.com/1204386
1
0
SUSE-SU-2022:3782-1: important: Security update for libmad
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for libmad
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3782-1
Rating: important
References: #1036968 #1036969
Cross-References: CVE-2017-8372 CVE-2017-8373
CVSS scores:
CVE-2017-8372 (NVD) : 4.7 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2017-8372 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2017-8373 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2017-8373 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for libmad fixes the following issues:
- CVE-2017-8373: Fixed heap-based buffer overflow in mad_layer_III
(bsc#1036968).
- CVE-2017-8372: Fixed assertion failure in layer3.c (bsc#1036969).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3782=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3782=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3782=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3782=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3782=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3782=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3782=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3782=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3782=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3782=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3782=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3782=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3782=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3782=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3782=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3782=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3782=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3782=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3782=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3782=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3782=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3782=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3782=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- openSUSE Leap 15.4 (x86_64):
libmad0-32bit-0.15.1b-150000.5.3.1
libmad0-32bit-debuginfo-0.15.1b-150000.5.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- openSUSE Leap 15.3 (x86_64):
libmad0-32bit-0.15.1b-150000.5.3.1
libmad0-32bit-debuginfo-0.15.1b-150000.5.3.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Manager Proxy 4.1 (x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
- SUSE CaaS Platform 4.0 (x86_64):
libmad-debugsource-0.15.1b-150000.5.3.1
libmad-devel-0.15.1b-150000.5.3.1
libmad0-0.15.1b-150000.5.3.1
libmad0-debuginfo-0.15.1b-150000.5.3.1
References:
https://www.suse.com/security/cve/CVE-2017-8372.html
https://www.suse.com/security/cve/CVE-2017-8373.html
https://bugzilla.suse.com/1036968
https://bugzilla.suse.com/1036969
1
0
SUSE-SU-2022:3781-1: moderate: Security update for container-suseconnect
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for container-suseconnect
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3781-1
Rating: moderate
References: #1204397
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update of container-suseconnect is a rebuilt of the previous sources
against the current security updated go compiler.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3781=1
- SUSE Linux Enterprise Module for Containers 15-SP4:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3781=1
- SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3781=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
container-suseconnect-2.3.0-150000.4.19.2
- SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64):
container-suseconnect-2.3.0-150000.4.19.2
- SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64):
container-suseconnect-2.3.0-150000.4.19.2
References:
https://bugzilla.suse.com/1204397
1
0
SUSE-SU-2022:3784-1: critical: Security update for libtasn1
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for libtasn1
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3784-1
Rating: critical
References: #1204690
Cross-References: CVE-2021-46848
CVSS scores:
CVE-2021-46848 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2021-46848 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects
asn1_encode_simple_der (bsc#1204690)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3784=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3784=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3784=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3784=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3784=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3784=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3784=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3784=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3784=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3784=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3784=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3784=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3784=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3784=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3784=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3784=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3784=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3784=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3784=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3784=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3784=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3784=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3784=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3784=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3784=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3784=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3784=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- openSUSE Leap 15.4 (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
libtasn1-devel-32bit-4.13-150000.4.8.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- openSUSE Leap 15.3 (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
libtasn1-devel-32bit-4.13-150000.4.8.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Manager Server 4.1 (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Manager Proxy 4.1 (x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise Server for SAP 15 (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Enterprise Storage 7 (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
- SUSE Enterprise Storage 6 (x86_64):
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
- SUSE CaaS Platform 4.0 (x86_64):
libtasn1-4.13-150000.4.8.1
libtasn1-6-32bit-4.13-150000.4.8.1
libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1
libtasn1-6-4.13-150000.4.8.1
libtasn1-6-debuginfo-4.13-150000.4.8.1
libtasn1-debuginfo-4.13-150000.4.8.1
libtasn1-debugsource-4.13-150000.4.8.1
libtasn1-devel-4.13-150000.4.8.1
References:
https://www.suse.com/security/cve/CVE-2021-46848.html
https://bugzilla.suse.com/1204690
1
0
SUSE-SU-2022:3783-1: important: Security update for telnet
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for telnet
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3783-1
Rating: important
References: #1203759
Cross-References: CVE-2022-39028
CVSS scores:
CVE-2022-39028 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39028 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP4
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for telnet fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in telnetd
(bsc#1203759).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3783=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3783=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3783=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3783=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3783=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3783=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3783=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3783=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3783=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3783=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3783=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3783=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3783=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3783=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3783=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3783=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3783=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3783=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3783=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Manager Proxy 4.1 (x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64):
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE CaaS Platform 4.0 (x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-39028.html
https://bugzilla.suse.com/1203759
1
0
SUSE-SU-2022:3775-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3775-1
Rating: important
References: #1177471 #1185032 #1194023 #1196444 #1197659
#1199564 #1200313 #1200622 #1201309 #1201310
#1201489 #1201645 #1201865 #1201990 #1202095
#1202341 #1202385 #1202677 #1202960 #1202984
#1203159 #1203290 #1203313 #1203389 #1203410
#1203424 #1203514 #1203552 #1203622 #1203737
#1203769 #1203770 #1203906 #1203909 #1203935
#1203939 #1203987 #1203992 #1204051 #1204059
#1204060 #1204125 #1204289 #1204290 #1204291
#1204292 PED-529
Cross-References: CVE-2020-16119 CVE-2022-20008 CVE-2022-2503
CVE-2022-2586 CVE-2022-3169 CVE-2022-3239
CVE-2022-3303 CVE-2022-40768 CVE-2022-41218
CVE-2022-41222 CVE-2022-41674 CVE-2022-41848
CVE-2022-41849 CVE-2022-42719 CVE-2022-42720
CVE-2022-42721 CVE-2022-42722
CVSS scores:
CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves 17 vulnerabilities, contains one
feature and has 29 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed
local users to obtain sensitive information from kernel memory.
(bnc#1203514)
- CVE-2022-3169: Fixed a denial of service flaw which occurs when
consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET
are sent. (bnc#1203290)
- CVE-2022-42722: Fixed crash in beacon protection for P2P-device.
(bsc#1204125)
- CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)
- CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)
- CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to
improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in
drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that
could lead a local user to able to crash the system or escalate their
privileges (bnc#1203552).
- CVE-2022-41848: Fixed a race condition and resultant use-after-free if a
physically proximate attacker removes a PCMCIA device while calling
ioctl (bnc#1203987).
- CVE-2022-41849: Fixed a race condition and resultant use-after-free if a
physically proximate attacker removes a USB device while calling open
(bnc#1203992).
- CVE-2022-41674: Fixed a DoS issue where kernel can crash on the
reception of specific WiFi Frames (bsc#1203770).
- CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft
table is deleted (bnc#1202095).
- CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap
lock is not held during a PUD move (bnc#1203622).
- CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads
allowed users with root privileges to switch out the target with an
equivalent dm-linear target and bypass verification till reboot. This
allowed root to bypass LoadPin and can be used to load untrusted and
unverified kernel modules and firmware, which implies arbitrary kernel
execution and persistence for peripherals that do not verify firmware
updates (bnc#1202677).
- CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due
to uninitialized data. This could lead to local information disclosure
if reading from an SD card that triggers errors, with no additional
execution privileges needed. (bnc#1199564)
- CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a
local attacker due to reuse of a DCCP socket. (bnc#1177471)
The following non-security bugs were fixed:
- ALSA: aloop: Fix random zeros in capture data when using jiffies timer
(git-fixes).
- ALSA: emu10k1: Fix out of bounds access in
snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in
__snd_usb_parse_audio_interface() (git-fixes).
- ALSA: usb-audio: fix spelling mistakes (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly
(git-fixes).
- ALSA: usb-audio: Register card again for iface over delayed_register
option (git-fixes).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
(git-fixes).
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
(git-fixes)
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to
(bsc#1202341)
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id
(git-fixes)
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
(git-fixes)
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- arm64: kexec_file: use more system keyrings to verify kernel image
signature (bsc#1196444).
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- arm64: mm: fix p?d_leaf() (git-fixes)
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds
(git-fixes)
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- arm64/mm: Validate hotplug range before creating linear mapping
(git-fixes)
- bpf: Compile out btf_parse_module() if module BTF is not enabled
(git-fixes).
- cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
(bsc#1203906).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- drm/radeon: add a force flush to delay work when radeon (git-fixes).
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as
other kernel binary packages there is no need to carry duplicate sources
in dtb packages.
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
(git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace
is dead (git-fixes).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
(git-fixes).
- HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
(git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is configured
(bsc#1203737).
- Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
- Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
- JFS: fix GPF in diFree (bsc#1203389).
- JFS: fix memleak in jfs_mount (git-fixes).
- JFS: more checks for invalid superblock (git-fixes).
- JFS: prevent NULL deref in diFree (bsc#1203389).
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: do not verify the signature without the lockdown or mandatory
signature (bsc#1203737).
- kexec: drop weak attribute from arch_kexec_apply_relocations[_add]
(bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
- kexec: KEYS: s390: Make use of built-in and secondary keyring for
signature verification (bsc#1196444).
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
(git-fixes).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
(git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical
#GP (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
bsc#1203159).
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock
(bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified beginning
(bsc#1201990).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).
- NFS: Fix races in the legacy idmapper upcall (git-fixes).
- NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
- NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvmet: Expose max queues to configfs (bsc#1201865).
- of: device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap
fixes (git-fixes).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- psi: Fix uaf issue when psi trigger is destroyed while being polled
(bsc#1203909).
- regulator: core: Clean up on enable failure (git-fixes).
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode (bsc#1202984
LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984
LTC#199607).
- s390/qeth: set static link info during initialization (bsc#1202984
LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984
LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607).
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
(git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID
cases (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling
(bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload
(bsc#1203939).
- scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same
NPort ID (bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed
phba (bsc#1185032 bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
(bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE
(bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential padding
(bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency
(bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN Manager
application (bsc#1203939).
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status
(bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()
(bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational
(bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading
stale packets" (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: sg: Allow waiting for commands to complete on removed device
(git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
(git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- struct ehci_hcd: hide new member (git-fixes).
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).
- SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: fix expiry of auth creds (git-fixes).
- SUNRPC: Fix misplaced barrier in call_decode (git-fixes).
- SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before reuse
(git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
- USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- USB: core: Fix RST error in hub.c (git-fixes).
- USB: core: Prevent nested device-reset calls (git-fixes).
- USB: dwc3: disable USB core PHY management (git-fixes).
- USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- USB: otg-fsm: Fix hrtimer list corruption (git-fixes).
- USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- USB: serial: ch341: fix lost character on LCR updates (git-fixes).
- USB: serial: ch341: name prescaler, divisor registers (git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
(git-fixes).
- USB: serial: option: add support for OPPO R11 diag port (git-fixes).
- USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).
- USB: struct usb_device: hide new member (git-fixes).
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- watchdog: wdat_wdt: Set the min and max timeout values properly
(bsc#1194023).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- x86/bugs: Reenable retbleed=off While for older kernels the return
thunks are statically built in and cannot be dynamically patched out,
retbleed=off should still work so that it can be disabled.
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3775=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3775=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3775=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3775=1
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3775=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3775=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3775=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3775=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3775=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3775=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3775=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
kernel-default-5.3.18-150300.59.98.1
kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.98.1
dtb-zte-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.98.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.98.1
dlm-kmp-default-5.3.18-150300.59.98.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.98.1
gfs2-kmp-default-5.3.18-150300.59.98.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-5.3.18-150300.59.98.1
kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-base-rebuild-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
kernel-default-devel-5.3.18-150300.59.98.1
kernel-default-devel-debuginfo-5.3.18-150300.59.98.1
kernel-default-extra-5.3.18-150300.59.98.1
kernel-default-extra-debuginfo-5.3.18-150300.59.98.1
kernel-default-livepatch-5.3.18-150300.59.98.1
kernel-default-livepatch-devel-5.3.18-150300.59.98.1
kernel-default-optional-5.3.18-150300.59.98.1
kernel-default-optional-debuginfo-5.3.18-150300.59.98.1
kernel-obs-build-5.3.18-150300.59.98.1
kernel-obs-build-debugsource-5.3.18-150300.59.98.1
kernel-obs-qa-5.3.18-150300.59.98.1
kernel-syms-5.3.18-150300.59.98.1
kselftests-kmp-default-5.3.18-150300.59.98.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.98.1
ocfs2-kmp-default-5.3.18-150300.59.98.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1
reiserfs-kmp-default-5.3.18-150300.59.98.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.98.1
kernel-debug-debuginfo-5.3.18-150300.59.98.1
kernel-debug-debugsource-5.3.18-150300.59.98.1
kernel-debug-devel-5.3.18-150300.59.98.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.98.1
kernel-debug-livepatch-devel-5.3.18-150300.59.98.1
kernel-kvmsmall-5.3.18-150300.59.98.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.98.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.98.1
kernel-kvmsmall-devel-5.3.18-150300.59.98.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.98.1
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.98.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
dlm-kmp-preempt-5.3.18-150300.59.98.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
gfs2-kmp-preempt-5.3.18-150300.59.98.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-5.3.18-150300.59.98.1
kernel-preempt-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-debugsource-5.3.18-150300.59.98.1
kernel-preempt-devel-5.3.18-150300.59.98.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-extra-5.3.18-150300.59.98.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.98.1
kernel-preempt-optional-5.3.18-150300.59.98.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.98.1
kselftests-kmp-preempt-5.3.18-150300.59.98.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
ocfs2-kmp-preempt-5.3.18-150300.59.98.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
reiserfs-kmp-preempt-5.3.18-150300.59.98.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.98.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
dlm-kmp-64kb-5.3.18-150300.59.98.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
dtb-al-5.3.18-150300.59.98.1
dtb-allwinner-5.3.18-150300.59.98.1
dtb-altera-5.3.18-150300.59.98.1
dtb-amd-5.3.18-150300.59.98.1
dtb-amlogic-5.3.18-150300.59.98.1
dtb-apm-5.3.18-150300.59.98.1
dtb-arm-5.3.18-150300.59.98.1
dtb-broadcom-5.3.18-150300.59.98.1
dtb-cavium-5.3.18-150300.59.98.1
dtb-exynos-5.3.18-150300.59.98.1
dtb-freescale-5.3.18-150300.59.98.1
dtb-hisilicon-5.3.18-150300.59.98.1
dtb-lg-5.3.18-150300.59.98.1
dtb-marvell-5.3.18-150300.59.98.1
dtb-mediatek-5.3.18-150300.59.98.1
dtb-nvidia-5.3.18-150300.59.98.1
dtb-qcom-5.3.18-150300.59.98.1
dtb-renesas-5.3.18-150300.59.98.1
dtb-rockchip-5.3.18-150300.59.98.1
dtb-socionext-5.3.18-150300.59.98.1
dtb-sprd-5.3.18-150300.59.98.1
dtb-xilinx-5.3.18-150300.59.98.1
dtb-zte-5.3.18-150300.59.98.1
gfs2-kmp-64kb-5.3.18-150300.59.98.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
kernel-64kb-5.3.18-150300.59.98.1
kernel-64kb-debuginfo-5.3.18-150300.59.98.1
kernel-64kb-debugsource-5.3.18-150300.59.98.1
kernel-64kb-devel-5.3.18-150300.59.98.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.98.1
kernel-64kb-extra-5.3.18-150300.59.98.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.98.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.98.1
kernel-64kb-optional-5.3.18-150300.59.98.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.98.1
kselftests-kmp-64kb-5.3.18-150300.59.98.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
ocfs2-kmp-64kb-5.3.18-150300.59.98.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
reiserfs-kmp-64kb-5.3.18-150300.59.98.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.98.1
kernel-docs-5.3.18-150300.59.98.1
kernel-docs-html-5.3.18-150300.59.98.1
kernel-macros-5.3.18-150300.59.98.1
kernel-source-5.3.18-150300.59.98.1
kernel-source-vanilla-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.98.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.98.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
kernel-default-extra-5.3.18-150300.59.98.1
kernel-default-extra-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-debugsource-5.3.18-150300.59.98.1
kernel-preempt-extra-5.3.18-150300.59.98.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
kernel-default-livepatch-5.3.18-150300.59.98.1
kernel-default-livepatch-devel-5.3.18-150300.59.98.1
kernel-livepatch-5_3_18-150300_59_98-default-1-150300.7.5.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
reiserfs-kmp-default-5.3.18-150300.59.98.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.3.18-150300.59.98.1
kernel-obs-build-debugsource-5.3.18-150300.59.98.1
kernel-syms-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-debugsource-5.3.18-150300.59.98.1
kernel-preempt-devel-5.3.18-150300.59.98.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-150300.59.98.1
kernel-source-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-150300.59.98.1
kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
kernel-default-devel-5.3.18-150300.59.98.1
kernel-default-devel-debuginfo-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-150300.59.98.1
kernel-preempt-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-debugsource-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-150300.59.98.1
kernel-64kb-debuginfo-5.3.18-150300.59.98.1
kernel-64kb-debugsource-5.3.18-150300.59.98.1
kernel-64kb-devel-5.3.18-150300.59.98.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-150300.59.98.1
kernel-macros-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.98.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.98.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.98.1
kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.98.1
kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.98.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.98.1
dlm-kmp-default-5.3.18-150300.59.98.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.98.1
gfs2-kmp-default-5.3.18-150300.59.98.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
ocfs2-kmp-default-5.3.18-150300.59.98.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1
References:
https://www.suse.com/security/cve/CVE-2020-16119.html
https://www.suse.com/security/cve/CVE-2022-20008.html
https://www.suse.com/security/cve/CVE-2022-2503.html
https://www.suse.com/security/cve/CVE-2022-2586.html
https://www.suse.com/security/cve/CVE-2022-3169.html
https://www.suse.com/security/cve/CVE-2022-3239.html
https://www.suse.com/security/cve/CVE-2022-3303.html
https://www.suse.com/security/cve/CVE-2022-40768.html
https://www.suse.com/security/cve/CVE-2022-41218.html
https://www.suse.com/security/cve/CVE-2022-41222.html
https://www.suse.com/security/cve/CVE-2022-41674.html
https://www.suse.com/security/cve/CVE-2022-41848.html
https://www.suse.com/security/cve/CVE-2022-41849.html
https://www.suse.com/security/cve/CVE-2022-42719.html
https://www.suse.com/security/cve/CVE-2022-42720.html
https://www.suse.com/security/cve/CVE-2022-42721.html
https://www.suse.com/security/cve/CVE-2022-42722.html
https://bugzilla.suse.com/1177471
https://bugzilla.suse.com/1185032
https://bugzilla.suse.com/1194023
https://bugzilla.suse.com/1196444
https://bugzilla.suse.com/1197659
https://bugzilla.suse.com/1199564
https://bugzilla.suse.com/1200313
https://bugzilla.suse.com/1200622
https://bugzilla.suse.com/1201309
https://bugzilla.suse.com/1201310
https://bugzilla.suse.com/1201489
https://bugzilla.suse.com/1201645
https://bugzilla.suse.com/1201865
https://bugzilla.suse.com/1201990
https://bugzilla.suse.com/1202095
https://bugzilla.suse.com/1202341
https://bugzilla.suse.com/1202385
https://bugzilla.suse.com/1202677
https://bugzilla.suse.com/1202960
https://bugzilla.suse.com/1202984
https://bugzilla.suse.com/1203159
https://bugzilla.suse.com/1203290
https://bugzilla.suse.com/1203313
https://bugzilla.suse.com/1203389
https://bugzilla.suse.com/1203410
https://bugzilla.suse.com/1203424
https://bugzilla.suse.com/1203514
https://bugzilla.suse.com/1203552
https://bugzilla.suse.com/1203622
https://bugzilla.suse.com/1203737
https://bugzilla.suse.com/1203769
https://bugzilla.suse.com/1203770
https://bugzilla.suse.com/1203906
https://bugzilla.suse.com/1203909
https://bugzilla.suse.com/1203935
https://bugzilla.suse.com/1203939
https://bugzilla.suse.com/1203987
https://bugzilla.suse.com/1203992
https://bugzilla.suse.com/1204051
https://bugzilla.suse.com/1204059
https://bugzilla.suse.com/1204060
https://bugzilla.suse.com/1204125
https://bugzilla.suse.com/1204289
https://bugzilla.suse.com/1204290
https://bugzilla.suse.com/1204291
https://bugzilla.suse.com/1204292
1
0
SUSE-SU-2022:3768-1: important: Security update for qemu
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3768-1
Rating: important
References: #1175144 #1182282 #1185000 #1192463 #1198035
#1198037 #1198038 #1201367
Cross-References: CVE-2020-17380 CVE-2021-3409 CVE-2021-3507
CVE-2021-4206 CVE-2021-4207 CVE-2022-0216
CVE-2022-35414
CVSS scores:
CVE-2020-17380 (NVD) : 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CVE-2020-17380 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3409 (NVD) : 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3409 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3507 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE-2021-3507 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 7 vulnerabilities and has one errata
is now available.
Description:
This update for qemu fixes the following issues:
- CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and
CVE-2020-25085 in sdhi controller. (bsc#1182282)
- CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead
to heap buffer overflow. (bsc#1198035)
- CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap
buffer overflow. (bsc#1198037)
- CVE-2022-0216: Fixed a use after free issue found in
hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation
that leads to a crash. (bsc#1201367)
- CVE-2021-3507: Fixed a heap buffer overflow in DMA read data transfers.
(bsc#1185000)
- CVE-2020-17380: Fixed a heap buffer overflow in
sdhci_sdma_transfer_multi_blocks. (bsc#1175144)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3768=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3768=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3768=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3768=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3768=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3768=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3768=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.3 (aarch64 x86_64):
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le):
qemu-ppc-3.1.1.1-150100.80.43.2
qemu-ppc-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x x86_64):
qemu-kvm-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le):
qemu-ppc-3.1.1.1-150100.80.43.2
qemu-ppc-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64):
qemu-arm-3.1.1.1-150100.80.43.2
qemu-arm-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
qemu-s390-3.1.1.1-150100.80.43.2
qemu-s390-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64):
qemu-arm-3.1.1.1-150100.80.43.2
qemu-arm-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64):
qemu-arm-3.1.1.1-150100.80.43.2
qemu-arm-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Enterprise Storage 6 (aarch64 x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Enterprise Storage 6 (aarch64):
qemu-arm-3.1.1.1-150100.80.43.2
qemu-arm-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Enterprise Storage 6 (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Enterprise Storage 6 (x86_64):
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE CaaS Platform 4.0 (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE CaaS Platform 4.0 (x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
References:
https://www.suse.com/security/cve/CVE-2020-17380.html
https://www.suse.com/security/cve/CVE-2021-3409.html
https://www.suse.com/security/cve/CVE-2021-3507.html
https://www.suse.com/security/cve/CVE-2021-4206.html
https://www.suse.com/security/cve/CVE-2021-4207.html
https://www.suse.com/security/cve/CVE-2022-0216.html
https://www.suse.com/security/cve/CVE-2022-35414.html
https://bugzilla.suse.com/1175144
https://bugzilla.suse.com/1182282
https://bugzilla.suse.com/1185000
https://bugzilla.suse.com/1192463
https://bugzilla.suse.com/1198035
https://bugzilla.suse.com/1198037
https://bugzilla.suse.com/1198038
https://bugzilla.suse.com/1201367
1
0
SUSE-SU-2022:3751-1: moderate: Security update for SUSE Manager Client Tools
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3751-1
Rating: moderate
References: #1198903 #1201535 #1201539 SLE-23422 SLE-23439
SLE-24565 SLE-24791
Cross-References: CVE-2022-31097 CVE-2022-31107
CVSS scores:
CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
SUSE Manager Tools 15
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves two vulnerabilities, contains four
features and has one errata is now available.
Description:
This update fixes the following issues:
dracut-saltboot:
- Update to version 0.1.1661440542.6cbe0da
* Use standard susemanager.conf
* Move image services to dracut-saltboot package
* Use salt bundle
golang-github-lusitaniae-apache_exporter:
- Update to upstream release 0.11.0 (jsc#SLE-24791)
* Add TLS support
* Switch to logger, please check --log.level and --log.format flags
- Update to version 0.10.1
* Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
- Update to version 0.10.0
* Add Apache Proxy and other metrics
- Update to version 0.8.0
* Change commandline flags
* Add metrics: Apache version, request duration total
- Adapted to build on Enterprise Linux 8
- Require building with Go 1.15
- Add %license macro for LICENSE file
grafana:
- Update to version 8.3.10
+ Security:
* CVE-2022-31097: Cross Site Scripting vulnerability in the Unified
Alerting (bsc#1201535)
* CVE-2022-31107: Fixes OAuth account takeover vulnerability
(bsc#1201539)
- Update to version 8.3.9
+ Bug fixes:
* Geomap: Display legend
* Prometheus: Fix timestamp truncation
- Update to version 8.3.7
+ Bug fix:
* Provisioning: Ensure that the default value for orgID is set when
provisioning datasources to be deleted.
- Update to version 8.3.6
+ Features and enhancements:
* Cloud Monitoring: Reduce request size when listing labels.
* Explore: Show scalar data result in a table instead of graph.
* Snapshots: Updates the default external snapshot server URL.
* Table: Makes footer not overlap table content.
* Tempo: Add request histogram to service graph datalink.
* Tempo: Add time range to tempo search query behind a feature flag.
* Tempo: Auto-clear results when changing query type.
* Tempo: Display start time in search results as relative time.
* CloudMonitoring: Fix resource labels in query editor.
* Cursor sync: Apply the settings without saving the dashboard.
* LibraryPanels: Fix for Error while cleaning library panels.
* Logs Panel: Fix timestamp parsing for string dates without timezone.
* Prometheus: Fix some of the alerting queries that use reduce/math
operation.
* TablePanel: Fix ad-hoc variables not working on default datasources.
* Text Panel: Fix alignment of elements.
* Variables: Fix for constant variables in self referencing links.
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)
mgr-daemon:
- Version 4.3.6-1
* Update translation strings
spacecmd:
- Version 4.3.15-1
* Process date values in spacecmd api calls (bsc#1198903)
spacewalk-client-tools:
- Version 4.3.12-1
* Update translation strings
uyuni-common-libs:
- Version 4.3.6-1
* Do not allow creating path if nonexistent user or group in fileutils.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3751=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3751=1
- SUSE Manager Tools 15:
zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3751=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3751=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3751=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3751=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3751=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3751=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3751=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3751=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3751=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- openSUSE Leap 15.4 (noarch):
dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1
spacecmd-4.3.15-150000.3.86.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- openSUSE Leap 15.3 (noarch):
dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1
spacecmd-4.3.15-150000.3.86.1
- SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
grafana-8.3.10-150000.1.33.1
grafana-debuginfo-8.3.10-150000.1.33.1
python3-uyuni-common-libs-4.3.6-150000.1.27.2
- SUSE Manager Tools 15 (noarch):
dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1
mgr-daemon-4.3.6-150000.1.38.1
python3-spacewalk-check-4.3.12-150000.3.68.2
python3-spacewalk-client-setup-4.3.12-150000.3.68.2
python3-spacewalk-client-tools-4.3.12-150000.3.68.2
spacecmd-4.3.15-150000.3.86.1
spacewalk-check-4.3.12-150000.3.68.2
spacewalk-client-setup-4.3.12-150000.3.68.2
spacewalk-client-tools-4.3.12-150000.3.68.2
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1
References:
https://www.suse.com/security/cve/CVE-2022-31097.html
https://www.suse.com/security/cve/CVE-2022-31107.html
https://bugzilla.suse.com/1198903
https://bugzilla.suse.com/1201535
https://bugzilla.suse.com/1201539
1
0
SUSE-SU-2022:3773-1: important: Security update for curl
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for curl
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3773-1
Rating: important
References: #1204383
Cross-References: CVE-2022-32221
CVSS scores:
CVE-2022-32221 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3773=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3773=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3773=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3773=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3773=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3773=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3773=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3773=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3773=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3773=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3773=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3773=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3773=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3773=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- openSUSE Leap 15.3 (x86_64):
libcurl-devel-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Manager Server 4.1 (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Manager Proxy 4.1 (x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Enterprise Storage 7 (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
References:
https://www.suse.com/security/cve/CVE-2022-32221.html
https://bugzilla.suse.com/1204383
1
0
SUSE-SU-2022:3766-1: important: Security update for buildah
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for buildah
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3766-1
Rating: important
References: #1167864 #1181961 #1202812
Cross-References: CVE-2020-10696 CVE-2021-20206 CVE-2022-2990
CVSS scores:
CVE-2020-10696 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-10696 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2990 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2022-2990 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for buildah fixes the following issues:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to
execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being
overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed possible information disclosure and modification /
bsc#1202812
Buildah was updated to version 1.27.1:
* run: add container gid to additional groups
- Add fix for CVE-2022-2990 / bsc#1202812
Update to version 1.27.0:
* Don't try to call runLabelStdioPipes if spec.Linux is not set
* build: support filtering cache by duration using --cache-ttl
* build: support building from commit when using git repo as build context
* build: clean up git repos correctly when using subdirs
* integration tests: quote "?" in shell scripts
* test: manifest inspect should have OCIv1 annotation
* vendor: bump to c/common@87fab4b7019a
* Failure to determine a file or directory should print an error
* refactor: remove unused CommitOptions from generateBuildOutput
* stage_executor: generate output for cases with no commit
* stage_executor, commit: output only if last stage in build
* Use errors.Is() instead of os.Is{Not,}Exist
* Minor test tweak for podman-remote compatibility
* Cirrus: Use the latest imgts container
* imagebuildah: complain about the right Dockerfile
* tests: don't try to wrap `nil` errors
* cmd/buildah.commitCmd: don't shadow "err"
* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig
* Fix a copy/paste error message
* Fix a typo in an error message
* build,cache: support pulling/pushing cache layers to/from remote sources
* Update vendor of containers/(common, storage, image)
* Rename chroot/run.go to chroot/run_linux.go
* Don't bother telling codespell to skip files that don't exist
* Set user namespace defaults correctly for the library
* imagebuildah: optimize cache hits for COPY and ADD instructions
* Cirrus: Update VM images w/ updated bats
* docs, run: show SELinux label flag for cache and bind mounts
* imagebuildah, build: remove undefined concurrent writes
* bump github.com/opencontainers/runtime-tools
* Add FreeBSD support for 'buildah info'
* Vendor in latest containers/(storage, common, image)
* Add freebsd cross build targets
* Make the jail package build on 32bit platforms
* Cirrus: Ensure the build-push VM image is labeled
* GHA: Fix dynamic script filename
* Vendor in containers/(common, storage, image)
* Run codespell
* Remove import of github.com/pkg/errors
* Avoid using cgo in pkg/jail
* Rename footypes to fooTypes for naming consistency
* Move cleanupTempVolumes and cleanupRunMounts to run_common.go
* Make the various run mounts work for FreeBSD
* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go
* Move runSetupRunMounts to run_common.go
* Move cleanableDestinationListFromMounts to run_common.go
* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD
* Move setupMounts and runSetupBuiltinVolumes to run_common.go
* Tidy up - runMakeStdioPipe can't be shared with linux
* Move runAcceptTerminal to run_common.go
* Move stdio copying utilities to run_common.go
* Move runUsingRuntime and runCollectOutput to run_common.go
* Move fileCloser, waitForSync and contains to run_common.go
* Move checkAndOverrideIsolationOptions to run_common.go
* Move DefaultNamespaceOptions to run_common.go
* Move getNetworkInterface to run_common.go
* Move configureEnvironment to run_common.go
* Don't crash in configureUIDGID if Process.Capabilities is nil
* Move configureUIDGID to run_common.go
* Move runLookupPath to run_common.go
* Move setupTerminal to run_common.go
* Move etc file generation utilities to run_common.go
* Add run support for FreeBSD
* Add a simple FreeBSD jail library
* Add FreeBSD support to pkg/chrootuser
* Sync call signature for RunUsingChroot with chroot/run.go
* test: verify feature to resolve basename with args
* vendor: bump openshift/imagebuilder to master@4151e43
* GHA: Remove required reserved-name use
* buildah: set XDG_RUNTIME_DIR before setting default runroot
* imagebuildah: honor build output even if build container is not commited
* chroot: honor DefaultErrnoRet
* [CI:DOCS] improve pull-policy documentation
* tests: retrofit test since --file does not supports dir
* Switch to golang native error wrapping
* BuildDockerfiles: error out if path to containerfile is a directory
* define.downloadToDirectory: fail early if bad HTTP response
* GHA: Allow re-use of Cirrus-Cron fail-mail workflow
* add: fail on bad http response instead of writing to container
* [CI:DOCS] Update buildahimage comment
* lint: inspectable is never nil
* vendor: c/common to common@7e1563b
* build: support OCI hooks for ephemeral build containers
* [CI:BUILD] Install latest buildah instead of compiling
* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]
* Make sure cpp is installed in buildah images
* demo: use unshare for rootless invocations
* buildah.spec.rpkg: initial addition
* build: fix test for subid 4
* build, userns: add support for --userns=auto
* Fix building upstream buildah image
* Remove redundant buildahimages-are-sane validation
* Docs: Update multi-arch buildah images readme
* Cirrus: Migrate multiarch build off github actions
* retrofit-tests: we skip unused stages so use stages
* stage_executor: dont rely on stage while looking for additional-context
* buildkit, multistage: skip computing unwanted stages
* More test cleanup
* copier: work around freebsd bug for "mkdir /"
* Replace $BUILDAH_BINARY with buildah() function
* Fix up buildah images
* Make util and copier build on FreeBSD
* Vendor in latest github.com/sirupsen/logrus
* Makefile: allow building without .git
* run_unix: don't return an error from getNetworkInterface
* run_unix: return a valid DefaultNamespaceOptions
* Update vendor of containers/storage
* chroot: use ActKillThread instead of ActKill
* use resolvconf package from c/common/libnetwork
* update c/common to latest main
* copier: add `NoOverwriteNonDirDir` option
* Sort buildoptions and move cli/build functions to internal
* Fix TODO: de-spaghettify run mounts
* Move options parsing out of build.go and into pkg/cli
* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps
* build, multiarch: support splitting build logs for --platform
* [CI:BUILD] WIP Cleanup Image Dockerfiles
* cli remove stutter
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* Fix use generic/ambiguous DEBUG name
* Cirrus: use Ubuntu 22.04 LTS
* Fix codespell errors
* Remove util.StringInSlice because it is defined in containers/common
* buildah: add support for renaming a device in rootless setups
* squash: never use build cache when computing last step of last stage
* Update vendor of containers/(common, storage, image)
* buildkit: supports additionalBuildContext in builds via --build-context
* buildah source pull/push: show progress bar
* run: allow resuing secret twice in different RUN steps
* test helpers: default to being rootless-aware
* Add --cpp-flag flag to buildah build
* build: accept branch and subdirectory when context is git repo
* Vendor in latest containers/common
* vendor: update c/storage and c/image
* Fix gentoo install docs
* copier: move NSS load to new process
* Add test for prevention of reusing encrypted layers
* Make `buildah build --label foo` create an empty "foo" label again
Update to version 1.26.4:
* build, multiarch: support splitting build logs for --platform
* copier: add `NoOverwriteNonDirDir` option
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* buildkit: supports additionalBuildContext in builds via --build-context
* Add --cpp-flag flag to buildah build
Update to version 1.26.3:
* define.downloadToDirectory: fail early if bad HTTP response
* add: fail on bad http response instead of writing to container
* squash: never use build cache when computing last step of last stage
* run: allow resuing secret twice in different RUN steps
* integration tests: update expected error messages
* integration tests: quote "?" in shell scripts
* Use errors.Is() to check for storage errors
* lint: inspectable is never nil
* chroot: use ActKillThread instead of ActKill
* chroot: honor DefaultErrnoRet
* Set user namespace defaults correctly for the library
* contrib/rpm/buildah.spec: fix `rpm` parser warnings
Drop requires on apparmor pattern, should be moved elsewhere for systems
which want AppArmor instead of SELinux.
- Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is
required to build.
Update to version 1.26.2:
* buildah: add support for renaming a device in rootless setups
Update to version 1.26.1:
* Make `buildah build --label foo` create an empty "foo" label again
* imagebuildah,build: move deepcopy of args before we spawn goroutine
* Vendor in containers/storage v1.40.2
* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated
* help output: get more consistent about option usage text
* Handle OS version and features flags
* buildah build: --annotation and --label should remove values
* buildah build: add a --env
* buildah: deep copy options.Args before performing concurrent build/stage
* test: inline platform and builtinargs behaviour
* vendor: bump imagebuilder to master/009dbc6
* build: automatically set correct TARGETPLATFORM where expected
* Vendor in containers/(common, storage, image)
* imagebuildah, executor: process arg variables while populating baseMap
* buildkit: add support for custom build output with --output
* Cirrus: Update CI VMs to F36
* fix staticcheck linter warning for deprecated function
* Fix docs build on FreeBSD
* copier.unwrapError(): update for Go 1.16
* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit
* copier.Put(): write to read-only directories
* Ed's periodic test cleanup
* using consistent lowercase 'invalid' word in returned err msg
* use etchosts package from c/common
* run: set actual hostname in /etc/hostname to match docker parity
* Update vendor of containers/(common,storage,image)
* manifest-create: allow creating manifest list from local image
* Update vendor of storage,common,image
* Initialize network backend before first pull
* oci spec: change special mount points for namespaces
* tests/helpers.bash: assert handle corner cases correctly
* buildah: actually use containers.conf settings
* integration tests: learn to start a dummy registry
* Fix error check to work on Podman
* buildah build should accept at most one arg
* tests: reduce concurrency for flaky bud-multiple-platform-no-run
* vendor in latest containers/common,image,storage
* manifest-add: allow override arch,variant while adding image
* Remove a stray `\` from .containerenv
* Vendor in latest opencontainers/selinux v1.10.1
* build, commit: allow removing default identity labels
* Create shorter names for containers based on image IDs
* test: skip rootless on cgroupv2 in root env
* fix hang when oci runtime fails
* Set permissions for GitHub actions
* copier test: use correct UID/GID in test archives
* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3766=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3766=1
- SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3766=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3766=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3766=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3766=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libgpg-error-debugsource-1.42-150300.9.3.1
libgpg-error0-1.42-150300.9.3.1
libgpg-error0-debuginfo-1.42-150300.9.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
buildah-1.27.1-150300.8.11.1
libgpg-error-debugsource-1.42-150300.9.3.1
libgpg-error-devel-1.42-150300.9.3.1
libgpg-error-devel-debuginfo-1.42-150300.9.3.1
libgpg-error0-1.42-150300.9.3.1
libgpg-error0-debuginfo-1.42-150300.9.3.1
- openSUSE Leap 15.3 (x86_64):
libgpg-error-devel-32bit-1.42-150300.9.3.1
libgpg-error-devel-32bit-debuginfo-1.42-150300.9.3.1
libgpg-error0-32bit-1.42-150300.9.3.1
libgpg-error0-32bit-debuginfo-1.42-150300.9.3.1
- SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64):
buildah-1.27.1-150300.8.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libgpg-error-debugsource-1.42-150300.9.3.1
libgpg-error-devel-1.42-150300.9.3.1
libgpg-error-devel-debuginfo-1.42-150300.9.3.1
libgpg-error0-1.42-150300.9.3.1
libgpg-error0-debuginfo-1.42-150300.9.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libgpg-error0-32bit-1.42-150300.9.3.1
libgpg-error0-32bit-debuginfo-1.42-150300.9.3.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libgpg-error-debugsource-1.42-150300.9.3.1
libgpg-error0-1.42-150300.9.3.1
libgpg-error0-debuginfo-1.42-150300.9.3.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libgpg-error-debugsource-1.42-150300.9.3.1
libgpg-error0-1.42-150300.9.3.1
libgpg-error0-debuginfo-1.42-150300.9.3.1
References:
https://www.suse.com/security/cve/CVE-2020-10696.html
https://www.suse.com/security/cve/CVE-2021-20206.html
https://www.suse.com/security/cve/CVE-2022-2990.html
https://bugzilla.suse.com/1167864
https://bugzilla.suse.com/1181961
https://bugzilla.suse.com/1202812
1
0
SUSE-SU-2022:3765-1: important: Security update for grafana
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for grafana
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3765-1
Rating: important
References: #1195726 #1195727 #1195728 #1201535 #1201539
SLE-23422 SLE-23439 SLE-24565
Cross-References: CVE-2022-21702 CVE-2022-21703 CVE-2022-21713
CVE-2022-31097 CVE-2022-31107
CVSS scores:
CVE-2022-21702 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2022-21702 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
CVE-2022-21703 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-21703 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2022-21713 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 5 vulnerabilities, contains three
features is now available.
Description:
This update for grafana fixes the following issues:
Updated to version 8.3.10 (jsc#SLE-24565, jsc#SLE-23422, jsc#SLE-23439):
- CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting
(bsc#1201535).
- CVE-2022-31107: Fixed OAuth account takeover vulnerability
(bsc#1201539).
- CVE-2022-21702: Fixed XSS through attacker-controlled data source
(bsc#1195726).
- CVE-2022-21703: Fixed Cross Site Request Forgery (bsc#1195727).
- CVE-2022-21713: Fixed Teams API IDOR (bsc#1195728).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3765=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3765=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3765=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
grafana-8.3.10-150200.3.26.1
grafana-debuginfo-8.3.10-150200.3.26.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
grafana-8.3.10-150200.3.26.1
grafana-debuginfo-8.3.10-150200.3.26.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64):
grafana-8.3.10-150200.3.26.1
References:
https://www.suse.com/security/cve/CVE-2022-21702.html
https://www.suse.com/security/cve/CVE-2022-21703.html
https://www.suse.com/security/cve/CVE-2022-21713.html
https://www.suse.com/security/cve/CVE-2022-31097.html
https://www.suse.com/security/cve/CVE-2022-31107.html
https://bugzilla.suse.com/1195726
https://bugzilla.suse.com/1195727
https://bugzilla.suse.com/1195728
https://bugzilla.suse.com/1201535
https://bugzilla.suse.com/1201539
1
0
SUSE-SU-2022:3745-1: moderate: Security update for golang-github-prometheus-node_exporter
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for golang-github-prometheus-node_exporter
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3745-1
Rating: moderate
References: #1196338 SLE-24238 SLE-24239
Cross-References: CVE-2022-21698
CVSS scores:
CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability, contains two
features is now available.
Description:
This update for golang-github-prometheus-node_exporter fixes the following
issues:
(bsc#1196338, jsc#SLE-24238, jsc#SLE-24239, jsc#SUMA-114, CVE-2022-21698)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3745=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3745=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3745=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3745=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3745=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3745=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3745=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3745=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3745=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3745=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3745=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3745=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3745=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3745=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3745=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3745=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3745=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3745=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3745=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Manager Proxy 4.1 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE CaaS Platform 4.0 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
References:
https://www.suse.com/security/cve/CVE-2022-21698.html
https://bugzilla.suse.com/1196338
1
0
SUSE-SU-2022:3767-1: important: Recommended update for bind
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Recommended update for bind
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3767-1
Rating: important
References: #1201689 #1203250 #1203614 #1203618 #1203619
#1203620 SLE-24600
Cross-References: CVE-2022-2795 CVE-2022-3080 CVE-2022-38177
CVE-2022-38178
CVSS scores:
CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-3080 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3080 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves four vulnerabilities, contains one
feature and has two fixes is now available.
Description:
This update for bind fixes the following issues:
Update to release 9.16.33:
- CVE-2022-2795: Fixed potential performance degredation due to missing
database lookup limits when processing large delegations (bsc#1203614).
- CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in
the cache for the incoming query and the stale-answer-client-timeout
option is set to 0 (bsc#1203618).
- CVE-2022-38177: Fixed a memory leak that could be externally triggered
in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
- CVE-2022-38178: Fixed memory leaks that could be externally triggered in
the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).
- Add systemd drop-in directory for named service (bsc#1201689).
- Add modified createNamedConfInclude script and README-bind.chrootenv
(bsc#1203250).
- Feature Changes:
- Response Rate Limiting (RRL) code now treats all QNAMEs that are
subject to wildcard processing within a given zone as the same name,
to prevent circumventing the limits enforced by RRL.
- Zones using dnssec-policy now require dynamic DNS or inline-signing to
be configured explicitly.
- A backward-compatible approach was implemented for encoding
internationalized domain names (IDN) in dig and converting the domain
to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion.
- The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically
disabled on systems where they are disallowed by the security policy.
Primary zones using those algorithms need to be migrated to new
algorithms prior to running on these systems, as graceful migration to
different DNSSEC algorithms is not possible when RSASHA1 is disallowed
by the operating system.
- Log messages related to fetch limiting have been improved to provide
more complete information. Specifically, the final counts of allowed
and spilled fetches are now logged before the counter object is
destroyed.
- Non-dynamic zones that inherit dnssec-policy from the view or options
blocks were not marked as inline-signed and therefore never scheduled
to be re-signed. This has been fixed.
- The old max-zone-ttl zone option was meant to be superseded by the
max-zone-ttl option in dnssec-policy; however, the latter option was
not fully effective. This has been corrected: zones no longer load if
they contain TTLs greater than the limit configured in dnssec-policy.
For zones with both the old max-zone-ttl option and dnssec-policy
configured, the old option is ignored, and a warning is generated.
- rndc dumpdb -expired was fixed to include expired RRsets, even if
stale-cache-enable is set to no and the cache-cleaning time window has
passed. (jsc#SLE-24600)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3767=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3767=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3767=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
bind-9.16.33-150400.5.11.1
bind-debuginfo-9.16.33-150400.5.11.1
bind-debugsource-9.16.33-150400.5.11.1
bind-utils-9.16.33-150400.5.11.1
bind-utils-debuginfo-9.16.33-150400.5.11.1
- openSUSE Leap 15.4 (noarch):
bind-doc-9.16.33-150400.5.11.1
python3-bind-9.16.33-150400.5.11.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
bind-9.16.33-150400.5.11.1
bind-debuginfo-9.16.33-150400.5.11.1
bind-debugsource-9.16.33-150400.5.11.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
bind-doc-9.16.33-150400.5.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
bind-debuginfo-9.16.33-150400.5.11.1
bind-debugsource-9.16.33-150400.5.11.1
bind-utils-9.16.33-150400.5.11.1
bind-utils-debuginfo-9.16.33-150400.5.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
python3-bind-9.16.33-150400.5.11.1
References:
https://www.suse.com/security/cve/CVE-2022-2795.html
https://www.suse.com/security/cve/CVE-2022-3080.html
https://www.suse.com/security/cve/CVE-2022-38177.html
https://www.suse.com/security/cve/CVE-2022-38178.html
https://bugzilla.suse.com/1201689
https://bugzilla.suse.com/1203250
https://bugzilla.suse.com/1203614
https://bugzilla.suse.com/1203618
https://bugzilla.suse.com/1203619
https://bugzilla.suse.com/1203620
1
0
SUSE-SU-2022:3729-1: important: Security update for bind
by opensuse-security@opensuse.org 25 Oct '22
by opensuse-security@opensuse.org 25 Oct '22
25 Oct '22
SUSE Security Update: Security update for bind
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3729-1
Rating: important
References: #1203614 #1203619 #1203620
Cross-References: CVE-2022-2795 CVE-2022-38177 CVE-2022-38178
CVSS scores:
CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for bind fixes the following issues:
- CVE-2022-2795: Fixed potential performance degredation due to missing
database lookup limits when processing large delegations (bsc#1203614).
- CVE-2022-38177: Fixed a memory leak that could be externally triggered
in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
- CVE-2022-38178: Fixed memory leaks that could be externally triggered
in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3729=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3729=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3729=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3729=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3729=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3729=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3729=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3729=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3729=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3729=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3729=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3729=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3729=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3729=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3729=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (x86_64):
bind-devel-32bit-9.16.6-150000.12.63.1
libbind9-1600-32bit-9.16.6-150000.12.63.1
libbind9-1600-32bit-debuginfo-9.16.6-150000.12.63.1
libdns1605-32bit-9.16.6-150000.12.63.1
libdns1605-32bit-debuginfo-9.16.6-150000.12.63.1
libirs1601-32bit-9.16.6-150000.12.63.1
libirs1601-32bit-debuginfo-9.16.6-150000.12.63.1
libisc1606-32bit-9.16.6-150000.12.63.1
libisc1606-32bit-debuginfo-9.16.6-150000.12.63.1
libisccc1600-32bit-9.16.6-150000.12.63.1
libisccc1600-32bit-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-32bit-9.16.6-150000.12.63.1
libisccfg1600-32bit-debuginfo-9.16.6-150000.12.63.1
libns1604-32bit-9.16.6-150000.12.63.1
libns1604-32bit-debuginfo-9.16.6-150000.12.63.1
- openSUSE Leap 15.3 (x86_64):
bind-devel-32bit-9.16.6-150000.12.63.1
libbind9-1600-32bit-9.16.6-150000.12.63.1
libbind9-1600-32bit-debuginfo-9.16.6-150000.12.63.1
libdns1605-32bit-9.16.6-150000.12.63.1
libdns1605-32bit-debuginfo-9.16.6-150000.12.63.1
libirs1601-32bit-9.16.6-150000.12.63.1
libirs1601-32bit-debuginfo-9.16.6-150000.12.63.1
libisc1606-32bit-9.16.6-150000.12.63.1
libisc1606-32bit-debuginfo-9.16.6-150000.12.63.1
libisccc1600-32bit-9.16.6-150000.12.63.1
libisccc1600-32bit-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-32bit-9.16.6-150000.12.63.1
libisccfg1600-32bit-debuginfo-9.16.6-150000.12.63.1
libns1604-32bit-9.16.6-150000.12.63.1
libns1604-32bit-debuginfo-9.16.6-150000.12.63.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Manager Server 4.1 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Manager Proxy 4.1 (x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Manager Proxy 4.1 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Enterprise Storage 7 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Enterprise Storage 6 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE CaaS Platform 4.0 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE CaaS Platform 4.0 (x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
References:
https://www.suse.com/security/cve/CVE-2022-2795.html
https://www.suse.com/security/cve/CVE-2022-38177.html
https://www.suse.com/security/cve/CVE-2022-38178.html
https://bugzilla.suse.com/1203614
https://bugzilla.suse.com/1203619
https://bugzilla.suse.com/1203620
1
0
SUSE-SU-2022:3730-1: important: Security update for python-paramiko
by opensuse-security@opensuse.org 25 Oct '22
by opensuse-security@opensuse.org 25 Oct '22
25 Oct '22
SUSE Security Update: Security update for python-paramiko
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3730-1
Rating: important
References: #1111151 #1200603
Cross-References: CVE-2018-1000805
CVSS scores:
CVE-2018-1000805 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2018-1000805 (SUSE): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Python2 15-SP3
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for python-paramiko fixes the following issues:
Updated to version 2.4.3:
- CVE-2018-1000805: Fixed authentication bypass (bsc#1111151).
Bugfixes:
- Fixed Ed25519 key handling for certain key comment lengths (bsc#1200603).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3730=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3730=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3730=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3730=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3730=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3730=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3730=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3730=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3730=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3730=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3730=1
- SUSE Linux Enterprise Module for Python2 15-SP3:
zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3730=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3730=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3730=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3730=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3730=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3730=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3730=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3730=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3730=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (noarch):
python-paramiko-doc-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- openSUSE Leap 15.3 (noarch):
python-paramiko-doc-2.4.3-150100.6.15.1
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Manager Server 4.1 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Manager Proxy 4.1 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Module for Python2 15-SP3 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Enterprise Storage 7 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Enterprise Storage 6 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE CaaS Platform 4.0 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
References:
https://www.suse.com/security/cve/CVE-2018-1000805.html
https://bugzilla.suse.com/1111151
https://bugzilla.suse.com/1200603
1
0
SUSE-SU-2022:3731-1: important: Security update for python-waitress
by opensuse-security@opensuse.org 25 Oct '22
by opensuse-security@opensuse.org 25 Oct '22
25 Oct '22
SUSE Security Update: Security update for python-waitress
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3731-1
Rating: important
References: #1197255
Cross-References: CVE-2022-24761
CVSS scores:
CVE-2022-24761 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-24761 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-waitress fixes the following issues:
- CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP
requests leading to request smuggling. (bsc#1197255)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3731=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3731=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3731=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3731=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3731=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3731=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3731=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3731=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3731=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3731=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3731=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3731=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3731=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3731=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3731=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3731=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3731=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3731=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3731=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- openSUSE Leap 15.3 (noarch):
python2-waitress-1.4.3-150000.3.6.1
python3-waitress-1.4.3-150000.3.6.1
- SUSE Manager Server 4.1 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Manager Proxy 4.1 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch):
python2-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
python2-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Enterprise Storage 7 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Enterprise Storage 6 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE CaaS Platform 4.0 (noarch):
python3-waitress-1.4.3-150000.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-24761.html
https://bugzilla.suse.com/1197255
1
0
25 Oct '22
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3727-1
Rating: moderate
References: #1027519 #1167608 #1201631 #1201994 #1203806
#1203807
Cross-References: CVE-2022-33746 CVE-2022-33748
CVSS scores:
CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves two vulnerabilities and has four
fixes is now available.
Description:
This update for xen fixes the following issues:
Updated to version 4.16.2 (bsc#1027519):
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing
(bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
Bugfixes:
- Fixed Xen DomU unable to emulate audio device (bsc#1201994).
- Fixed logic error in built-in default of max_event_channels
(bsc#1167608, bsc#1201631).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3727=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3727=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3727=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3727=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
xen-4.16.2_06-150400.4.11.1
xen-debugsource-4.16.2_06-150400.4.11.1
xen-devel-4.16.2_06-150400.4.11.1
xen-doc-html-4.16.2_06-150400.4.11.1
xen-libs-4.16.2_06-150400.4.11.1
xen-libs-debuginfo-4.16.2_06-150400.4.11.1
xen-tools-4.16.2_06-150400.4.11.1
xen-tools-debuginfo-4.16.2_06-150400.4.11.1
xen-tools-domU-4.16.2_06-150400.4.11.1
xen-tools-domU-debuginfo-4.16.2_06-150400.4.11.1
- openSUSE Leap 15.4 (x86_64):
xen-libs-32bit-4.16.2_06-150400.4.11.1
xen-libs-32bit-debuginfo-4.16.2_06-150400.4.11.1
- openSUSE Leap 15.4 (noarch):
xen-tools-xendomains-wait-disk-4.16.2_06-150400.4.11.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64):
xen-4.16.2_06-150400.4.11.1
xen-debugsource-4.16.2_06-150400.4.11.1
xen-devel-4.16.2_06-150400.4.11.1
xen-tools-4.16.2_06-150400.4.11.1
xen-tools-debuginfo-4.16.2_06-150400.4.11.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
xen-tools-xendomains-wait-disk-4.16.2_06-150400.4.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
xen-debugsource-4.16.2_06-150400.4.11.1
xen-libs-4.16.2_06-150400.4.11.1
xen-libs-debuginfo-4.16.2_06-150400.4.11.1
xen-tools-domU-4.16.2_06-150400.4.11.1
xen-tools-domU-debuginfo-4.16.2_06-150400.4.11.1
- SUSE Linux Enterprise Micro 5.3 (x86_64):
xen-debugsource-4.16.2_06-150400.4.11.1
xen-libs-4.16.2_06-150400.4.11.1
xen-libs-debuginfo-4.16.2_06-150400.4.11.1
References:
https://www.suse.com/security/cve/CVE-2022-33746.html
https://www.suse.com/security/cve/CVE-2022-33748.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1167608
https://bugzilla.suse.com/1201631
https://bugzilla.suse.com/1201994
https://bugzilla.suse.com/1203806
https://bugzilla.suse.com/1203807
1
0
SUSE-SU-2022:3726-1: important: Security update for MozillaFirefox
by opensuse-security@opensuse.org 25 Oct '22
by opensuse-security@opensuse.org 25 Oct '22
25 Oct '22
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3726-1
Rating: important
References: #1204421
Cross-References: CVE-2022-42927 CVE-2022-42928 CVE-2022-42929
CVE-2022-42932
CVSS scores:
CVE-2022-42927 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-42928 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-42929 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-42932 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
- Updated to version 102.4.0 ESR (bsc#1204421)
- CVE-2022-42927: Fixed same-origin policy violation that could have
leaked cross-origin URLs.
- CVE-2022-42928: Fixed memory Corruption in JS Engine.
- CVE-2022-42929: Fixed denial of Service via window.print.
- CVE-2022-42932: Fixed memory safety bugs.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3726=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3726=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3726=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3726=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3726=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3726=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3726=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3726=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3726=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3726=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3726=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3726=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3726=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-branding-upstream-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-branding-upstream-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Manager Proxy 4.1 (x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64):
MozillaFirefox-devel-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64):
MozillaFirefox-devel-102.4.0-150200.152.64.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
References:
https://www.suse.com/security/cve/CVE-2022-42927.html
https://www.suse.com/security/cve/CVE-2022-42928.html
https://www.suse.com/security/cve/CVE-2022-42929.html
https://www.suse.com/security/cve/CVE-2022-42932.html
https://bugzilla.suse.com/1204421
1
0
SUSE-SU-2022:3710-1: important: Security update for multipath-tools
by opensuse-security@opensuse.org 24 Oct '22
by opensuse-security@opensuse.org 24 Oct '22
24 Oct '22
SUSE Security Update: Security update for multipath-tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3710-1
Rating: important
References: #1189551 #1191900 #1195506 #1197570 #1202616
#1202739 PED-1448
Cross-References: CVE-2022-41973 CVE-2022-41974
CVSS scores:
CVE-2022-41973 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves two vulnerabilities, contains one
feature and has four fixes is now available.
Description:
This update for multipath-tools fixes the following issues:
- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd.
(bsc#1202739)
- multipathd: add "force_reconfigure" option (bsc#1189551) The command
"multipathd -kreconfigure" changes behavior: instead
of reloading every map, it checks map configuration and reloads
only modified maps. This speeds up the reconfigure operation
substantially. The old behavior can be reinstated by setting
"force_reconfigure yes" in multipath.conf (not recommended). Note:
"force_reconfigure yes" is not supported in SLE15-SP4 and beyond,
which provide the command "multipathd -k'reconfigure all'"
- multipathd: avoid stalled clients during reconfigure (bsc#1189551)
- multipathd: handle client disconnect correctly (bsc#1189551)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570)
- multipathd: disallow changing to/from fpin marginal paths on reconfig
- multipathd handle fpin events (bsc#1195506,jsc#PED-1448)
- multipath: fix exit status of multipath -T (bsc#1191900)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3710=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3710=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3710=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3710=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3710=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1
kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1
kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1
kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1
kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1
kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1
References:
https://www.suse.com/security/cve/CVE-2022-41973.html
https://www.suse.com/security/cve/CVE-2022-41974.html
https://bugzilla.suse.com/1189551
https://bugzilla.suse.com/1191900
https://bugzilla.suse.com/1195506
https://bugzilla.suse.com/1197570
https://bugzilla.suse.com/1202616
https://bugzilla.suse.com/1202739
1
0
SUSE-SU-2022:3711-1: important: Security update for multipath-tools
by opensuse-security@opensuse.org 24 Oct '22
by opensuse-security@opensuse.org 24 Oct '22
24 Oct '22
SUSE Security Update: Security update for multipath-tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3711-1
Rating: important
References: #1197570 #1199342 #1199345 #1199346 #1199347
#1201483 #1202616 #1202739
Cross-References: CVE-2022-41973 CVE-2022-41974
CVSS scores:
CVE-2022-41973 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves two vulnerabilities and has 6 fixes
is now available.
Description:
This update for multipath-tools fixes the following issues:
- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd.
(bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- libmultipath: fix find_multipaths_timeout for unknown hardware
(bsc#1201483)
- multipath-tools: fix "multipath -ll" for Native NVME Multipath devices
(bsc#1201483)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346,
bsc#1197570)
- multipathd: avoid delays during uevent processing (bsc#1199347)
- multipathd: Don't keep starting TUR threads, if they always hang.
(bsc#1199345)
- Fix busy loop with delayed_reconfigure (bsc#1199342)
- multipath.conf: add support for "protocol" subsection in "overrides"
section to set certain config options by protocol.
- Removed the previously deprecated options getuid_callout, config_dir,
multipath_dir, pg_timeout
- Add disclaimer about vendor support
- Change built-in defaults for NVMe: group by prio, and immediate failback
- Fixes for minor issues reported by coverity
- Fix for memory leak with uid_attrs
- Updates for built in hardware db
- Logging improvements
- multipathd: use remove_map_callback for delayed reconfigure
- Fix handling of path addition in read-only arrays on NVMe
- Updates of built-in hardware database
- libmultipath: only warn once about unsupported dev_loss_tmo
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3711=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3711=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3711=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1
kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp-devel-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp0_2_0-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp0_2_0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-devel-0.9.0+62+suse.3e048d4-150400.4.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1
kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp-devel-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp0_2_0-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp0_2_0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-devel-0.9.0+62+suse.3e048d4-150400.4.7.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1
kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.7.1
References:
https://www.suse.com/security/cve/CVE-2022-41973.html
https://www.suse.com/security/cve/CVE-2022-41974.html
https://bugzilla.suse.com/1197570
https://bugzilla.suse.com/1199342
https://bugzilla.suse.com/1199345
https://bugzilla.suse.com/1199346
https://bugzilla.suse.com/1199347
https://bugzilla.suse.com/1201483
https://bugzilla.suse.com/1202616
https://bugzilla.suse.com/1202739
1
0
SUSE-SU-2022:3712-1: important: Security update for multipath-tools
by opensuse-security@opensuse.org 24 Oct '22
by opensuse-security@opensuse.org 24 Oct '22
24 Oct '22
SUSE Security Update: Security update for multipath-tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3712-1
Rating: important
References: #1202616 #1202739 #1204325
Cross-References: CVE-2022-41974
CVSS scores:
CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP 15
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for multipath-tools fixes the following issues:
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd.
(bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3712=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3712=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3712=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3712=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3712=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3712=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1
kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1
kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1
kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1
kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
References:
https://www.suse.com/security/cve/CVE-2022-41974.html
https://bugzilla.suse.com/1202616
https://bugzilla.suse.com/1202739
https://bugzilla.suse.com/1204325
1
0
SUSE-SU-2022:3693-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 22 Oct '22
by opensuse-security@opensuse.org 22 Oct '22
22 Oct '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3693-1
Rating: important
References: #1199564 #1200288 #1201309 #1202677 #1202960
#1203552 #1203769 #1203987 PED-529
Cross-References: CVE-2022-20008 CVE-2022-2503 CVE-2022-32296
CVE-2022-3239 CVE-2022-3303 CVE-2022-41218
CVE-2022-41848
CVSS scores:
CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-32296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 7 vulnerabilities, contains one
feature and has one errata is now available.
Description:
The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-20008: Fixed local information disclosure due to possibility to
read kernel heap memory via mmc_blk_read_single of block.c (bnc#1199564).
- CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin
and load untrusted and unverified kernel modules and firmware
(bnc#1202677).
- CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to
identify clients by observing what source ports are used (bnc#1200288).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that
could lead a local user to able to crash the system or escalate their
privileges (bnc#1203552).
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to
improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in
drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-41848: Fixed a race condition in
drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach
(bnc#1203987).
The following non-security bugs were fixed:
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as
other kernel binary packages there is no need to carry duplicate sources
in dtb packages.
- mkspec: eliminate @NOSOURCE@ macro This should be alsways used with
@SOURCES@, just include the content there.
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add the Linux MANA PF driver (bnc#1201309, jsc#PED-529).
- x86/bugs: Reenable retbleed=off While for older kernels the return
thunks are statically built in and cannot be dynamically patched out,
retbleed=off should still be possible to do so that the mitigation can
still be disabled on Intel who do not use the return thunks but IBRS.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3693=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3693=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3693=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3693=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3693=1
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3693=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3693=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3693=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3693=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3693=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-4.12.14-150100.197.126.1
kernel-vanilla-base-4.12.14-150100.197.126.1
kernel-vanilla-base-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-debugsource-4.12.14-150100.197.126.1
kernel-vanilla-devel-4.12.14-150100.197.126.1
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-livepatch-devel-4.12.14-150100.197.126.1
- openSUSE Leap 15.4 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.126.1
kernel-debug-base-debuginfo-4.12.14-150100.197.126.1
- openSUSE Leap 15.4 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.126.1
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.126.1
- openSUSE Leap 15.4 (s390x):
kernel-default-man-4.12.14-150100.197.126.1
kernel-zfcpdump-man-4.12.14-150100.197.126.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-4.12.14-150100.197.126.1
kernel-vanilla-base-4.12.14-150100.197.126.1
kernel-vanilla-base-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-debugsource-4.12.14-150100.197.126.1
kernel-vanilla-devel-4.12.14-150100.197.126.1
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-livepatch-devel-4.12.14-150100.197.126.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.126.1
kernel-debug-base-debuginfo-4.12.14-150100.197.126.1
- openSUSE Leap 15.3 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.126.1
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.126.1
- openSUSE Leap 15.3 (s390x):
kernel-default-man-4.12.14-150100.197.126.1
kernel-zfcpdump-man-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
reiserfs-kmp-default-4.12.14-150100.197.126.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
reiserfs-kmp-default-4.12.14-150100.197.126.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
kernel-default-man-4.12.14-150100.197.126.1
kernel-zfcpdump-debuginfo-4.12.14-150100.197.126.1
kernel-zfcpdump-debugsource-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
reiserfs-kmp-default-4.12.14-150100.197.126.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-livepatch-4.12.14-150100.197.126.1
kernel-default-livepatch-devel-4.12.14-150100.197.126.1
kernel-livepatch-4_12_14-150100_197_126-default-1-150100.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-150100.197.126.1
cluster-md-kmp-default-debuginfo-4.12.14-150100.197.126.1
dlm-kmp-default-4.12.14-150100.197.126.1
dlm-kmp-default-debuginfo-4.12.14-150100.197.126.1
gfs2-kmp-default-4.12.14-150100.197.126.1
gfs2-kmp-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
ocfs2-kmp-default-4.12.14-150100.197.126.1
ocfs2-kmp-default-debuginfo-4.12.14-150100.197.126.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
reiserfs-kmp-default-4.12.14-150100.197.126.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1
- SUSE Enterprise Storage 6 (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE CaaS Platform 4.0 (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE CaaS Platform 4.0 (x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
reiserfs-kmp-default-4.12.14-150100.197.126.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1
References:
https://www.suse.com/security/cve/CVE-2022-20008.html
https://www.suse.com/security/cve/CVE-2022-2503.html
https://www.suse.com/security/cve/CVE-2022-32296.html
https://www.suse.com/security/cve/CVE-2022-3239.html
https://www.suse.com/security/cve/CVE-2022-3303.html
https://www.suse.com/security/cve/CVE-2022-41218.html
https://www.suse.com/security/cve/CVE-2022-41848.html
https://bugzilla.suse.com/1199564
https://bugzilla.suse.com/1200288
https://bugzilla.suse.com/1201309
https://bugzilla.suse.com/1202677
https://bugzilla.suse.com/1202960
https://bugzilla.suse.com/1203552
https://bugzilla.suse.com/1203769
https://bugzilla.suse.com/1203987
1
0
SUSE-SU-2022:3692-1: important: Security update for libxml2
by opensuse-security@opensuse.org 21 Oct '22
by opensuse-security@opensuse.org 21 Oct '22
21 Oct '22
SUSE Security Update: Security update for libxml2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3692-1
Rating: important
References: #1204366 #1204367
Cross-References: CVE-2022-40303 CVE-2022-40304
CVSS scores:
CVE-2022-40303 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-40304 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for libxml2 fixes the following issues:
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE
(bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference
cycles (bsc#1204367).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3692=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3692=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3692=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libxml2-2-2.9.14-150400.5.10.1
libxml2-2-debuginfo-2.9.14-150400.5.10.1
libxml2-debugsource-2.9.14-150400.5.10.1
libxml2-devel-2.9.14-150400.5.10.1
libxml2-tools-2.9.14-150400.5.10.1
libxml2-tools-debuginfo-2.9.14-150400.5.10.1
python3-libxml2-2.9.14-150400.5.10.1
python3-libxml2-debuginfo-2.9.14-150400.5.10.1
- openSUSE Leap 15.4 (x86_64):
libxml2-2-32bit-2.9.14-150400.5.10.1
libxml2-2-32bit-debuginfo-2.9.14-150400.5.10.1
libxml2-devel-32bit-2.9.14-150400.5.10.1
- openSUSE Leap 15.4 (noarch):
libxml2-doc-2.9.14-150400.5.10.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libxml2-2-2.9.14-150400.5.10.1
libxml2-2-debuginfo-2.9.14-150400.5.10.1
libxml2-debugsource-2.9.14-150400.5.10.1
libxml2-devel-2.9.14-150400.5.10.1
libxml2-tools-2.9.14-150400.5.10.1
libxml2-tools-debuginfo-2.9.14-150400.5.10.1
python3-libxml2-2.9.14-150400.5.10.1
python3-libxml2-debuginfo-2.9.14-150400.5.10.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libxml2-2-32bit-2.9.14-150400.5.10.1
libxml2-2-32bit-debuginfo-2.9.14-150400.5.10.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
libxml2-2-2.9.14-150400.5.10.1
libxml2-2-debuginfo-2.9.14-150400.5.10.1
libxml2-debugsource-2.9.14-150400.5.10.1
libxml2-python-debugsource-2.9.14-150400.5.10.1
libxml2-tools-2.9.14-150400.5.10.1
libxml2-tools-debuginfo-2.9.14-150400.5.10.1
python3-libxml2-2.9.14-150400.5.10.1
python3-libxml2-debuginfo-2.9.14-150400.5.10.1
References:
https://www.suse.com/security/cve/CVE-2022-40303.html
https://www.suse.com/security/cve/CVE-2022-40304.html
https://bugzilla.suse.com/1204366
https://bugzilla.suse.com/1204367
1
0
SUSE-SU-2022:3690-1: important: Security update for tiff
by opensuse-security@opensuse.org 21 Oct '22
by opensuse-security@opensuse.org 21 Oct '22
21 Oct '22
SUSE Security Update: Security update for tiff
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3690-1
Rating: important
References: #1201723 #1201971 #1202026 #1202466 #1202467
#1202468 #1202968 #1202971 #1202973
Cross-References: CVE-2022-0561 CVE-2022-2519 CVE-2022-2520
CVE-2022-2521 CVE-2022-2867 CVE-2022-2868
CVE-2022-2869 CVE-2022-34266 CVE-2022-34526
CVSS scores:
CVE-2022-0561 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0561 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2519 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2519 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-2520 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2520 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2521 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2521 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2867 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2867 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2868 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2022-2868 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2869 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2869 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-34266 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-34266 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-34526 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-34526 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for tiff fixes the following issues:
- CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968).
- CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973).
- CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971).
- CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c
(bsc#1202466).
- CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits()
(bsc#1202467).
- CVE-2022-2869: Fixed out of bounds read and write in
extractContigSamples8bits() (bsc#1202468).
- CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of
Tiffsplit (bsc#1202026).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3690=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3690=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3690=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3690=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3690=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3690=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3690=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3690=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3690=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3690=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3690=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3690=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3690=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3690=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3690=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3690=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3690=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3690=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3690=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3690=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3690=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3690=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3690=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- openSUSE Leap 15.4 (x86_64):
libtiff-devel-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- openSUSE Leap 15.3 (x86_64):
libtiff-devel-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Manager Server 4.1 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Manager Proxy 4.1 (x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64):
tiff-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
tiff-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Enterprise Storage 7 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Enterprise Storage 6 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE CaaS Platform 4.0 (x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
References:
https://www.suse.com/security/cve/CVE-2022-0561.html
https://www.suse.com/security/cve/CVE-2022-2519.html
https://www.suse.com/security/cve/CVE-2022-2520.html
https://www.suse.com/security/cve/CVE-2022-2521.html
https://www.suse.com/security/cve/CVE-2022-2867.html
https://www.suse.com/security/cve/CVE-2022-2868.html
https://www.suse.com/security/cve/CVE-2022-2869.html
https://www.suse.com/security/cve/CVE-2022-34266.html
https://www.suse.com/security/cve/CVE-2022-34526.html
https://bugzilla.suse.com/1201723
https://bugzilla.suse.com/1201971
https://bugzilla.suse.com/1202026
https://bugzilla.suse.com/1202466
https://bugzilla.suse.com/1202467
https://bugzilla.suse.com/1202468
https://bugzilla.suse.com/1202968
https://bugzilla.suse.com/1202971
https://bugzilla.suse.com/1202973
1
0
SUSE-SU-2022:3682-1: important: Security update for bind
by opensuse-security@opensuse.org 21 Oct '22
by opensuse-security@opensuse.org 21 Oct '22
21 Oct '22
SUSE Security Update: Security update for bind
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3682-1
Rating: important
References: #1201247 #1203614 #1203619 #1203620
Cross-References: CVE-2022-2795 CVE-2022-38177 CVE-2022-38178
CVSS scores:
CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for bind fixes the following issues:
- CVE-2022-2795: Fixed potential performance degredation due to missing
database lookup limits when processing large delegations (bsc#1203614).
- CVE-2022-38177: Fixed a memory leak that could be externally triggered
in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
- CVE-2022-38178: Fixed memory leaks that could be externally triggered in
the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).
Bugfixes:
- Changed ownership of /var/lib/named/master from named:named to root:root
(bsc#1201247)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3682=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3682=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3682=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3682=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3682=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
bind-chrootenv-9.16.6-150300.22.21.2
bind-devel-9.16.6-150300.22.21.2
libbind9-1600-9.16.6-150300.22.21.2
libbind9-1600-debuginfo-9.16.6-150300.22.21.2
libdns1605-9.16.6-150300.22.21.2
libdns1605-debuginfo-9.16.6-150300.22.21.2
libirs-devel-9.16.6-150300.22.21.2
libirs1601-9.16.6-150300.22.21.2
libirs1601-debuginfo-9.16.6-150300.22.21.2
libisc1606-9.16.6-150300.22.21.2
libisc1606-debuginfo-9.16.6-150300.22.21.2
libisccc1600-9.16.6-150300.22.21.2
libisccc1600-debuginfo-9.16.6-150300.22.21.2
libisccfg1600-9.16.6-150300.22.21.2
libisccfg1600-debuginfo-9.16.6-150300.22.21.2
libns1604-9.16.6-150300.22.21.2
libns1604-debuginfo-9.16.6-150300.22.21.2
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
bind-9.16.6-150300.22.21.2
bind-chrootenv-9.16.6-150300.22.21.2
bind-debuginfo-9.16.6-150300.22.21.2
bind-debugsource-9.16.6-150300.22.21.2
bind-devel-9.16.6-150300.22.21.2
bind-utils-9.16.6-150300.22.21.2
bind-utils-debuginfo-9.16.6-150300.22.21.2
libbind9-1600-9.16.6-150300.22.21.2
libbind9-1600-debuginfo-9.16.6-150300.22.21.2
libdns1605-9.16.6-150300.22.21.2
libdns1605-debuginfo-9.16.6-150300.22.21.2
libirs-devel-9.16.6-150300.22.21.2
libirs1601-9.16.6-150300.22.21.2
libirs1601-debuginfo-9.16.6-150300.22.21.2
libisc1606-9.16.6-150300.22.21.2
libisc1606-debuginfo-9.16.6-150300.22.21.2
libisccc1600-9.16.6-150300.22.21.2
libisccc1600-debuginfo-9.16.6-150300.22.21.2
libisccfg1600-9.16.6-150300.22.21.2
libisccfg1600-debuginfo-9.16.6-150300.22.21.2
libns1604-9.16.6-150300.22.21.2
libns1604-debuginfo-9.16.6-150300.22.21.2
- openSUSE Leap 15.3 (noarch):
bind-doc-9.16.6-150300.22.21.2
python3-bind-9.16.6-150300.22.21.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
bind-9.16.6-150300.22.21.2
bind-chrootenv-9.16.6-150300.22.21.2
bind-debuginfo-9.16.6-150300.22.21.2
bind-debugsource-9.16.6-150300.22.21.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
bind-doc-9.16.6-150300.22.21.2
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
bind-debuginfo-9.16.6-150300.22.21.2
bind-debugsource-9.16.6-150300.22.21.2
libbind9-1600-9.16.6-150300.22.21.2
libbind9-1600-debuginfo-9.16.6-150300.22.21.2
libdns1605-9.16.6-150300.22.21.2
libdns1605-debuginfo-9.16.6-150300.22.21.2
libirs1601-9.16.6-150300.22.21.2
libirs1601-debuginfo-9.16.6-150300.22.21.2
libisc1606-9.16.6-150300.22.21.2
libisc1606-debuginfo-9.16.6-150300.22.21.2
libisccc1600-9.16.6-150300.22.21.2
libisccc1600-debuginfo-9.16.6-150300.22.21.2
libisccfg1600-9.16.6-150300.22.21.2
libisccfg1600-debuginfo-9.16.6-150300.22.21.2
libns1604-9.16.6-150300.22.21.2
libns1604-debuginfo-9.16.6-150300.22.21.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
bind-debuginfo-9.16.6-150300.22.21.2
bind-debugsource-9.16.6-150300.22.21.2
bind-devel-9.16.6-150300.22.21.2
bind-utils-9.16.6-150300.22.21.2
bind-utils-debuginfo-9.16.6-150300.22.21.2
libbind9-1600-9.16.6-150300.22.21.2
libbind9-1600-debuginfo-9.16.6-150300.22.21.2
libdns1605-9.16.6-150300.22.21.2
libdns1605-debuginfo-9.16.6-150300.22.21.2
libirs-devel-9.16.6-150300.22.21.2
libirs1601-9.16.6-150300.22.21.2
libirs1601-debuginfo-9.16.6-150300.22.21.2
libisc1606-9.16.6-150300.22.21.2
libisc1606-debuginfo-9.16.6-150300.22.21.2
libisccc1600-9.16.6-150300.22.21.2
libisccc1600-debuginfo-9.16.6-150300.22.21.2
libisccfg1600-9.16.6-150300.22.21.2
libisccfg1600-debuginfo-9.16.6-150300.22.21.2
libns1604-9.16.6-150300.22.21.2
libns1604-debuginfo-9.16.6-150300.22.21.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
python3-bind-9.16.6-150300.22.21.2
References:
https://www.suse.com/security/cve/CVE-2022-2795.html
https://www.suse.com/security/cve/CVE-2022-38177.html
https://www.suse.com/security/cve/CVE-2022-38178.html
https://bugzilla.suse.com/1201247
https://bugzilla.suse.com/1203614
https://bugzilla.suse.com/1203619
https://bugzilla.suse.com/1203620
1
0
SUSE-SU-2022:3683-1: critical: Security update for libksba
by opensuse-security@opensuse.org 21 Oct '22
by opensuse-security@opensuse.org 21 Oct '22
21 Oct '22
SUSE Security Update: Security update for libksba
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3683-1
Rating: critical
References: #1204357
Cross-References: CVE-2022-3515
CVSS scores:
CVE-2022-3515 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser
(bsc#1204357).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3683=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3683=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3683=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3683=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3683=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3683=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3683=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3683=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3683=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3683=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3683=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3683=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3683=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3683=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3683=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3683=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3683=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3683=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3683=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3683=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3683=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Manager Proxy 4.1 (x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE CaaS Platform 4.0 (x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
References:
https://www.suse.com/security/cve/CVE-2022-3515.html
https://bugzilla.suse.com/1204357
1
0
openSUSE-SU-2022:10160-1: moderate: Security update for v4l2loopback
by opensuse-security@opensuse.org 20 Oct '22
by opensuse-security@opensuse.org 20 Oct '22
20 Oct '22
openSUSE Security Update: Security update for v4l2loopback
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10160-1
Rating: moderate
References: #1202156
Cross-References: CVE-2022-2652
CVSS scores:
CVE-2022-2652 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CVE-2022-2652 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for v4l2loopback fixes the following issues:
- Fix string format vulnerability (boo#1202156, CVE-2022-2652)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-10160=1
Package List:
- openSUSE Leap 15.3 (aarch64 x86_64):
v4l2loopback-debugsource-0.12.5-lp153.2.5.1
v4l2loopback-kmp-default-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
v4l2loopback-kmp-default-debuginfo-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
v4l2loopback-kmp-preempt-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
v4l2loopback-kmp-preempt-debuginfo-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
- openSUSE Leap 15.3 (aarch64):
v4l2loopback-kmp-64kb-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
v4l2loopback-kmp-64kb-debuginfo-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
- openSUSE Leap 15.3 (noarch):
v4l2loopback-autoload-0.12.5-lp153.2.5.1
v4l2loopback-utils-0.12.5-lp153.2.5.1
References:
https://www.suse.com/security/cve/CVE-2022-2652.html
https://bugzilla.suse.com/1202156
1
0
openSUSE-SU-2022:10159-1: moderate: Security update for v4l2loopback
by opensuse-security@opensuse.org 20 Oct '22
by opensuse-security@opensuse.org 20 Oct '22
20 Oct '22
openSUSE Security Update: Security update for v4l2loopback
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10159-1
Rating: moderate
References: #1202156
Cross-References: CVE-2022-2652
CVSS scores:
CVE-2022-2652 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CVE-2022-2652 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for v4l2loopback fixes the following issues:
- Fix string format vulnerability (boo#1202156, CVE-2022-2652)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-2022-10159=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
v4l2loopback-debugsource-0.12.5-lp154.3.3.1
v4l2loopback-kmp-default-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1
v4l2loopback-kmp-default-debuginfo-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1
- openSUSE Leap 15.4 (aarch64):
v4l2loopback-kmp-64kb-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1
v4l2loopback-kmp-64kb-debuginfo-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1
- openSUSE Leap 15.4 (noarch):
v4l2loopback-autoload-0.12.5-lp154.3.3.1
v4l2loopback-utils-0.12.5-lp154.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-2652.html
https://bugzilla.suse.com/1202156
1
0
SUSE-SU-2022:3673-1: moderate: Security update for jasper
by opensuse-security@opensuse.org 20 Oct '22
by opensuse-security@opensuse.org 20 Oct '22
20 Oct '22
SUSE Security Update: Security update for jasper
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3673-1
Rating: moderate
References: #1202642
Cross-References: CVE-2022-2963
CVSS scores:
CVE-2022-2963 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2963 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for jasper fixes the following issues:
- CVE-2022-2963: Fixed memory leaks in function cmdopts_parse
(bsc#1202642).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3673=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3673=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3673=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3673=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3673=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3673=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
jasper-2.0.14-150000.3.28.1
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper-devel-2.0.14-150000.3.28.1
libjasper4-2.0.14-150000.3.28.1
libjasper4-debuginfo-2.0.14-150000.3.28.1
- openSUSE Leap 15.4 (x86_64):
libjasper4-32bit-2.0.14-150000.3.28.1
libjasper4-32bit-debuginfo-2.0.14-150000.3.28.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
jasper-2.0.14-150000.3.28.1
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper-devel-2.0.14-150000.3.28.1
libjasper4-2.0.14-150000.3.28.1
libjasper4-debuginfo-2.0.14-150000.3.28.1
- openSUSE Leap 15.3 (x86_64):
libjasper4-32bit-2.0.14-150000.3.28.1
libjasper4-32bit-debuginfo-2.0.14-150000.3.28.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper-devel-2.0.14-150000.3.28.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper-devel-2.0.14-150000.3.28.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper4-2.0.14-150000.3.28.1
libjasper4-debuginfo-2.0.14-150000.3.28.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper4-2.0.14-150000.3.28.1
libjasper4-debuginfo-2.0.14-150000.3.28.1
References:
https://www.suse.com/security/cve/CVE-2022-2963.html
https://bugzilla.suse.com/1202642
1
0
SUSE-SU-2022:3667-1: moderate: Security update for clone-master-clean-up
by opensuse-security@opensuse.org 20 Oct '22
by opensuse-security@opensuse.org 20 Oct '22
20 Oct '22
SUSE Security Update: Security update for clone-master-clean-up
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3667-1
Rating: moderate
References: #1181050 #1203651
Cross-References: CVE-2021-32000
CVSS scores:
CVE-2021-32000 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2021-32000 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for clone-master-clean-up fixes the following issues:
- CVE-2021-32000: Fixed some potentially dangerous file system operations
(bsc#1181050).
Bugfixes:
- Fixed clone-master-clean-up failing to remove btrfs snapshots
(bsc#1203651).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3667=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3667=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3667=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3667=1
Package List:
- openSUSE Leap 15.4 (noarch):
clone-master-clean-up-1.8-150100.3.14.1
- openSUSE Leap 15.3 (noarch):
clone-master-clean-up-1.8-150100.3.14.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
clone-master-clean-up-1.8-150100.3.14.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
clone-master-clean-up-1.8-150100.3.14.1
References:
https://www.suse.com/security/cve/CVE-2021-32000.html
https://bugzilla.suse.com/1181050
https://bugzilla.suse.com/1203651
1
0
SUSE-SU-2022:3668-1: important: Security update for go1.18
by opensuse-security@opensuse.org 20 Oct '22
by opensuse-security@opensuse.org 20 Oct '22
20 Oct '22
SUSE Security Update: Security update for go1.18
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3668-1
Rating: important
References: #1193742 #1204023 #1204024 #1204025
Cross-References: CVE-2022-2879 CVE-2022-2880 CVE-2022-41715
CVSS scores:
CVE-2022-2879 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2879 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-2880 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41715 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41715 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for go1.18 fixes the following issues:
Updated to version 1.18.7 (bsc#1193742):
- CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023).
- CVE-2022-2879: Fixed unbounded memory consumption when reading headers
in archive/tar (bsc#1204024).
- CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query
parameters (bsc#1204025).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3668=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3668=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3668=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3668=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
go1.18-1.18.7-150000.1.34.1
go1.18-doc-1.18.7-150000.1.34.1
- openSUSE Leap 15.4 (aarch64 x86_64):
go1.18-race-1.18.7-150000.1.34.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
go1.18-1.18.7-150000.1.34.1
go1.18-doc-1.18.7-150000.1.34.1
- openSUSE Leap 15.3 (aarch64 x86_64):
go1.18-race-1.18.7-150000.1.34.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
go1.18-1.18.7-150000.1.34.1
go1.18-doc-1.18.7-150000.1.34.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64):
go1.18-race-1.18.7-150000.1.34.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
go1.18-1.18.7-150000.1.34.1
go1.18-doc-1.18.7-150000.1.34.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
go1.18-race-1.18.7-150000.1.34.1
References:
https://www.suse.com/security/cve/CVE-2022-2879.html
https://www.suse.com/security/cve/CVE-2022-2880.html
https://www.suse.com/security/cve/CVE-2022-41715.html
https://bugzilla.suse.com/1193742
https://bugzilla.suse.com/1204023
https://bugzilla.suse.com/1204024
https://bugzilla.suse.com/1204025
1
0
SUSE-SU-2022:3669-1: important: Security update for go1.19
by opensuse-security@opensuse.org 20 Oct '22
by opensuse-security@opensuse.org 20 Oct '22
20 Oct '22
SUSE Security Update: Security update for go1.19
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3669-1
Rating: important
References: #1200441 #1204023 #1204024 #1204025
Cross-References: CVE-2022-2879 CVE-2022-2880 CVE-2022-41715
CVSS scores:
CVE-2022-2879 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2879 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-2880 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41715 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41715 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for go1.19 fixes the following issues:
Updated to version 1.19.2 (bsc#1200441):
- CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023).
- CVE-2022-2879: Fixed unbounded memory consumption when reading headers
in archive/tar (bsc#1204024).
- CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query
parameters (bsc#1204025).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3669=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3669=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3669=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3669=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
go1.19-1.19.2-150000.1.12.1
go1.19-doc-1.19.2-150000.1.12.1
- openSUSE Leap 15.4 (aarch64 x86_64):
go1.19-race-1.19.2-150000.1.12.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
go1.19-1.19.2-150000.1.12.1
go1.19-doc-1.19.2-150000.1.12.1
- openSUSE Leap 15.3 (aarch64 x86_64):
go1.19-race-1.19.2-150000.1.12.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
go1.19-1.19.2-150000.1.12.1
go1.19-doc-1.19.2-150000.1.12.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64):
go1.19-race-1.19.2-150000.1.12.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
go1.19-1.19.2-150000.1.12.1
go1.19-doc-1.19.2-150000.1.12.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
go1.19-race-1.19.2-150000.1.12.1
References:
https://www.suse.com/security/cve/CVE-2022-2879.html
https://www.suse.com/security/cve/CVE-2022-2880.html
https://www.suse.com/security/cve/CVE-2022-41715.html
https://bugzilla.suse.com/1200441
https://bugzilla.suse.com/1204023
https://bugzilla.suse.com/1204024
https://bugzilla.suse.com/1204025
1
0
SUSE-SU-2022:3666-1: important: Security update for helm
by opensuse-security@opensuse.org 19 Oct '22
by opensuse-security@opensuse.org 19 Oct '22
19 Oct '22
SUSE Security Update: Security update for helm
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3666-1
Rating: important
References: #1200528 #1203054
Cross-References: CVE-2022-1996 CVE-2022-36055
CVSS scores:
CVE-2022-1996 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-1996 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-36055 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36055 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for helm fixes the following issues:
helm was updated to version 3.9.4:
* CVE-2022-36055: Fixed denial of service through string value parsing
(bsc#1203054).
* Updating the certificates used for testing
* Updating index handling
helm was updated to version 3.9.3:
- CVE-2022-1996: Updated kube-openapi to fix an issue that could result in
a CORS protection bypass (bsc#1200528).
* Fix missing array length check on release
helm was updated to version 3.9.2:
* Update of the circleci image
helm was updated to version 3.9.1:
* Update to support Kubernetes 1.24.2
* Improve logging and safety of statefulSetReady
* Make token caching an opt-in feature
* Bump github.com/lib/pq from 1.10.5 to 1.10.6
* Bump github.com/Masterminds/squirrel from 1.5.2 to 1.5.3
helm was updated to version 3.9.0:
* Added a --quiet flag to helm lint
* Added a --post-renderer-args flag to support arguments being passed to
the post renderer
* Added more checks during the signing process
* Updated to add Kubernetes 1.24 support
helm was updated to version 3.8.2:
* Bump oras.land/oras-go from 1.1.0 to 1.1.1
* Fixing downloader plugin error handling
* Simplify testdata charts
* Simplify testdata charts
* Add tests for multi-level dependencies.
* Fix value precedence
* Bumping Kubernetes package versions
* Updating vcs to latest version
* Dont modify provided transport
* Pass http getter as pointer in tests
* Add docs block
* Add transport option and tests
* Reuse http transport
* Updating Kubernetes libs to 0.23.4 (latest)
* fix: remove deadcode
* fix: helm package tests
* fix: helm package with dependency update for charts with OCI dependencies
* Fix typo Unset the env var before func return in Unit Test
* add legal name check
* maint: fix syntax error in deploy.sh
* linting issue fixed
* only apply overwrite if version is canary
* overwrite flag added to az storage blob upload-batch
* Avoid querying for OCI tags can explicit version provided in chart
dependencies
* Management of bearer tokens for tag listing
* Updating Kubernetes packages to 1.23.3
* refactor: use `os.ReadDir` for lightweight directory reading
* Add IngressClass to manifests to be (un)installed
* feat(comp): Shell completion for OCI
* Fix install memory/goroutine leak
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3666=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3666=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3666=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3666=1
- SUSE Linux Enterprise Module for Containers 15-SP4:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3666=1
- SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3666=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
helm-3.9.4-150000.1.10.3
helm-debuginfo-3.9.4-150000.1.10.3
- openSUSE Leap 15.4 (noarch):
helm-bash-completion-3.9.4-150000.1.10.3
helm-fish-completion-3.9.4-150000.1.10.3
helm-zsh-completion-3.9.4-150000.1.10.3
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
helm-3.9.4-150000.1.10.3
helm-debuginfo-3.9.4-150000.1.10.3
- openSUSE Leap 15.3 (noarch):
helm-bash-completion-3.9.4-150000.1.10.3
helm-zsh-completion-3.9.4-150000.1.10.3
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch):
helm-fish-completion-3.9.4-150000.1.10.3
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
helm-fish-completion-3.9.4-150000.1.10.3
- SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64):
helm-3.9.4-150000.1.10.3
helm-debuginfo-3.9.4-150000.1.10.3
- SUSE Linux Enterprise Module for Containers 15-SP4 (noarch):
helm-bash-completion-3.9.4-150000.1.10.3
helm-zsh-completion-3.9.4-150000.1.10.3
- SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64):
helm-3.9.4-150000.1.10.3
helm-debuginfo-3.9.4-150000.1.10.3
- SUSE Linux Enterprise Module for Containers 15-SP3 (noarch):
helm-bash-completion-3.9.4-150000.1.10.3
helm-zsh-completion-3.9.4-150000.1.10.3
References:
https://www.suse.com/security/cve/CVE-2022-1996.html
https://www.suse.com/security/cve/CVE-2022-36055.html
https://bugzilla.suse.com/1200528
https://bugzilla.suse.com/1203054
1
0
SUSE-SU-2022:3665-1: important: Security update for xen
by opensuse-security@opensuse.org 19 Oct '22
by opensuse-security@opensuse.org 19 Oct '22
19 Oct '22
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3665-1
Rating: important
References: #1027519 #1167608 #1185104 #1197081 #1200762
#1201394 #1201631 #1203806 #1203807
Cross-References: CVE-2021-28689 CVE-2022-26365 CVE-2022-33740
CVE-2022-33741 CVE-2022-33742 CVE-2022-33745
CVE-2022-33746 CVE-2022-33748
CVSS scores:
CVE-2021-28689 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-28689 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33745 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves 8 vulnerabilities and has one errata
is now available.
Description:
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing
(bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
- CVE-2022-26365: Fixed issue where Linux Block and Network PV device
frontends don't zero memory regions before sharing them with the
backend (bsc#1200762).
- CVE-2022-33740: Fixed issue where Linux Block and Network PV device
frontends don't zero memory regions before sharing them with the
backend (bsc#1200762).
- CVE-2022-33741: Fixed issue where data residing in the same 4K page as
data shared with a backend was being accessible by such backend
(bsc#1200762).
- CVE-2022-33742: Fixed issue where data residing in the same 4K page as
data shared with a backend was being accessible by such backend
(bsc#1200762).
- CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in
shadow mode (bsc#1201394).
- CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim)
32-bit PV guests (bsc#1185104).
Bugfixes:
- Fixed logic error in built-in default of max_event_channels
(bsc#1167608, bsc#1201631).
- Fixed issue where dom0 fails to boot with constrained vcpus and nodes
(bsc#1197081).
- Included upstream bugfixes (bsc#1027519).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3665=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3665=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3665=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3665=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3665=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3665=1
Package List:
- openSUSE Leap Micro 5.2 (x86_64):
xen-debugsource-4.14.5_06-150300.3.35.1
xen-libs-4.14.5_06-150300.3.35.1
xen-libs-debuginfo-4.14.5_06-150300.3.35.1
- openSUSE Leap 15.3 (aarch64 x86_64):
xen-4.14.5_06-150300.3.35.1
xen-debugsource-4.14.5_06-150300.3.35.1
xen-devel-4.14.5_06-150300.3.35.1
xen-doc-html-4.14.5_06-150300.3.35.1
xen-libs-4.14.5_06-150300.3.35.1
xen-libs-debuginfo-4.14.5_06-150300.3.35.1
xen-tools-4.14.5_06-150300.3.35.1
xen-tools-debuginfo-4.14.5_06-150300.3.35.1
xen-tools-domU-4.14.5_06-150300.3.35.1
xen-tools-domU-debuginfo-4.14.5_06-150300.3.35.1
- openSUSE Leap 15.3 (x86_64):
xen-libs-32bit-4.14.5_06-150300.3.35.1
xen-libs-32bit-debuginfo-4.14.5_06-150300.3.35.1
- openSUSE Leap 15.3 (noarch):
xen-tools-xendomains-wait-disk-4.14.5_06-150300.3.35.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64):
xen-4.14.5_06-150300.3.35.1
xen-debugsource-4.14.5_06-150300.3.35.1
xen-devel-4.14.5_06-150300.3.35.1
xen-tools-4.14.5_06-150300.3.35.1
xen-tools-debuginfo-4.14.5_06-150300.3.35.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
xen-tools-xendomains-wait-disk-4.14.5_06-150300.3.35.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
xen-debugsource-4.14.5_06-150300.3.35.1
xen-libs-4.14.5_06-150300.3.35.1
xen-libs-debuginfo-4.14.5_06-150300.3.35.1
xen-tools-domU-4.14.5_06-150300.3.35.1
xen-tools-domU-debuginfo-4.14.5_06-150300.3.35.1
- SUSE Linux Enterprise Micro 5.2 (x86_64):
xen-debugsource-4.14.5_06-150300.3.35.1
xen-libs-4.14.5_06-150300.3.35.1
xen-libs-debuginfo-4.14.5_06-150300.3.35.1
- SUSE Linux Enterprise Micro 5.1 (x86_64):
xen-debugsource-4.14.5_06-150300.3.35.1
xen-libs-4.14.5_06-150300.3.35.1
xen-libs-debuginfo-4.14.5_06-150300.3.35.1
References:
https://www.suse.com/security/cve/CVE-2021-28689.html
https://www.suse.com/security/cve/CVE-2022-26365.html
https://www.suse.com/security/cve/CVE-2022-33740.html
https://www.suse.com/security/cve/CVE-2022-33741.html
https://www.suse.com/security/cve/CVE-2022-33742.html
https://www.suse.com/security/cve/CVE-2022-33745.html
https://www.suse.com/security/cve/CVE-2022-33746.html
https://www.suse.com/security/cve/CVE-2022-33748.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1167608
https://bugzilla.suse.com/1185104
https://bugzilla.suse.com/1197081
https://bugzilla.suse.com/1200762
https://bugzilla.suse.com/1201394
https://bugzilla.suse.com/1201631
https://bugzilla.suse.com/1203806
https://bugzilla.suse.com/1203807
1
0
SUSE-SU-2022:3656-1: important: Security update for nodejs16
by opensuse-security@opensuse.org 19 Oct '22
by opensuse-security@opensuse.org 19 Oct '22
19 Oct '22
SUSE Security Update: Security update for nodejs16
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3656-1
Rating: important
References: #1201325 #1201327 #1203831 #1203832
Cross-References: CVE-2022-32213 CVE-2022-32215 CVE-2022-35255
CVE-2022-35256
CVSS scores:
CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
CVE-2022-32215 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2022-35255 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Web Scripting 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for nodejs16 fixes the following issues:
Updated to version 16.17.1:
- CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325).
- CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding
(bsc#1201327).
- CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832).
- CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3656=1
- SUSE Linux Enterprise Module for Web Scripting 15-SP4:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-3656=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
corepack16-16.17.1-150400.3.9.1
nodejs16-16.17.1-150400.3.9.1
nodejs16-debuginfo-16.17.1-150400.3.9.1
nodejs16-debugsource-16.17.1-150400.3.9.1
nodejs16-devel-16.17.1-150400.3.9.1
npm16-16.17.1-150400.3.9.1
- openSUSE Leap 15.4 (noarch):
nodejs16-docs-16.17.1-150400.3.9.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64):
nodejs16-16.17.1-150400.3.9.1
nodejs16-debuginfo-16.17.1-150400.3.9.1
nodejs16-debugsource-16.17.1-150400.3.9.1
nodejs16-devel-16.17.1-150400.3.9.1
npm16-16.17.1-150400.3.9.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch):
nodejs16-docs-16.17.1-150400.3.9.1
References:
https://www.suse.com/security/cve/CVE-2022-32213.html
https://www.suse.com/security/cve/CVE-2022-32215.html
https://www.suse.com/security/cve/CVE-2022-35255.html
https://www.suse.com/security/cve/CVE-2022-35256.html
https://bugzilla.suse.com/1201325
https://bugzilla.suse.com/1201327
https://bugzilla.suse.com/1203831
https://bugzilla.suse.com/1203832
1
0
SUSE-SU-2022:3655-1: important: Security update for buildah
by opensuse-security@opensuse.org 19 Oct '22
by opensuse-security@opensuse.org 19 Oct '22
19 Oct '22
SUSE Security Update: Security update for buildah
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3655-1
Rating: important
References: #1167864 #1181961 #1202812
Cross-References: CVE-2020-10696 CVE-2021-20206 CVE-2022-2990
CVSS scores:
CVE-2020-10696 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-10696 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2990 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2022-2990 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Containers 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for buildah fixes the following issues:
Buildah was updated to version 1.27.1:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to
execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being
overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed a possible information disclosure and modification
(bsc#1202812).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3655=1
- SUSE Linux Enterprise Module for Containers 15-SP4:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3655=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
buildah-1.27.1-150400.3.8.1
- SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64):
buildah-1.27.1-150400.3.8.1
References:
https://www.suse.com/security/cve/CVE-2020-10696.html
https://www.suse.com/security/cve/CVE-2021-20206.html
https://www.suse.com/security/cve/CVE-2022-2990.html
https://bugzilla.suse.com/1167864
https://bugzilla.suse.com/1181961
https://bugzilla.suse.com/1202812
1
0
SUSE-SU-2022:3660-1: moderate: Security update for qemu
by opensuse-security@opensuse.org 19 Oct '22
by opensuse-security@opensuse.org 19 Oct '22
19 Oct '22
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3660-1
Rating: moderate
References: #1192115 #1198038 #1201367
Cross-References: CVE-2022-0216 CVE-2022-35414
CVSS scores:
CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for qemu fixes the following issues:
- CVE-2022-0216: Fixed a use after free issue found in
hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation
that leads to a crash. (bsc#1201367)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3660=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3660=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3660=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3660=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3660=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3660=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
qemu-5.2.0-150300.118.3
qemu-audio-spice-5.2.0-150300.118.3
qemu-audio-spice-debuginfo-5.2.0-150300.118.3
qemu-chardev-spice-5.2.0-150300.118.3
qemu-chardev-spice-debuginfo-5.2.0-150300.118.3
qemu-debuginfo-5.2.0-150300.118.3
qemu-debugsource-5.2.0-150300.118.3
qemu-guest-agent-5.2.0-150300.118.3
qemu-guest-agent-debuginfo-5.2.0-150300.118.3
qemu-hw-display-qxl-5.2.0-150300.118.3
qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3
qemu-hw-display-virtio-gpu-5.2.0-150300.118.3
qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3
qemu-hw-display-virtio-vga-5.2.0-150300.118.3
qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3
qemu-hw-usb-redirect-5.2.0-150300.118.3
qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3
qemu-tools-5.2.0-150300.118.3
qemu-tools-debuginfo-5.2.0-150300.118.3
qemu-ui-opengl-5.2.0-150300.118.3
qemu-ui-opengl-debuginfo-5.2.0-150300.118.3
qemu-ui-spice-core-5.2.0-150300.118.3
qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3
- openSUSE Leap Micro 5.2 (aarch64):
qemu-arm-5.2.0-150300.118.3
qemu-arm-debuginfo-5.2.0-150300.118.3
- openSUSE Leap Micro 5.2 (noarch):
qemu-ipxe-1.0.0+-150300.118.3
qemu-seabios-1.14.0_0_g155821a-150300.118.3
qemu-sgabios-8-150300.118.3
qemu-vgabios-1.14.0_0_g155821a-150300.118.3
- openSUSE Leap Micro 5.2 (x86_64):
qemu-x86-5.2.0-150300.118.3
qemu-x86-debuginfo-5.2.0-150300.118.3
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
qemu-5.2.0-150300.118.3
qemu-arm-5.2.0-150300.118.3
qemu-arm-debuginfo-5.2.0-150300.118.3
qemu-audio-alsa-5.2.0-150300.118.3
qemu-audio-alsa-debuginfo-5.2.0-150300.118.3
qemu-audio-pa-5.2.0-150300.118.3
qemu-audio-pa-debuginfo-5.2.0-150300.118.3
qemu-audio-spice-5.2.0-150300.118.3
qemu-audio-spice-debuginfo-5.2.0-150300.118.3
qemu-block-curl-5.2.0-150300.118.3
qemu-block-curl-debuginfo-5.2.0-150300.118.3
qemu-block-dmg-5.2.0-150300.118.3
qemu-block-dmg-debuginfo-5.2.0-150300.118.3
qemu-block-gluster-5.2.0-150300.118.3
qemu-block-gluster-debuginfo-5.2.0-150300.118.3
qemu-block-iscsi-5.2.0-150300.118.3
qemu-block-iscsi-debuginfo-5.2.0-150300.118.3
qemu-block-nfs-5.2.0-150300.118.3
qemu-block-nfs-debuginfo-5.2.0-150300.118.3
qemu-block-rbd-5.2.0-150300.118.3
qemu-block-rbd-debuginfo-5.2.0-150300.118.3
qemu-block-ssh-5.2.0-150300.118.3
qemu-block-ssh-debuginfo-5.2.0-150300.118.3
qemu-chardev-baum-5.2.0-150300.118.3
qemu-chardev-baum-debuginfo-5.2.0-150300.118.3
qemu-chardev-spice-5.2.0-150300.118.3
qemu-chardev-spice-debuginfo-5.2.0-150300.118.3
qemu-debuginfo-5.2.0-150300.118.3
qemu-debugsource-5.2.0-150300.118.3
qemu-extra-5.2.0-150300.118.3
qemu-extra-debuginfo-5.2.0-150300.118.3
qemu-guest-agent-5.2.0-150300.118.3
qemu-guest-agent-debuginfo-5.2.0-150300.118.3
qemu-hw-display-qxl-5.2.0-150300.118.3
qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3
qemu-hw-display-virtio-gpu-5.2.0-150300.118.3
qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.118.3
qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.118.3
qemu-hw-display-virtio-vga-5.2.0-150300.118.3
qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3
qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.118.3
qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.118.3
qemu-hw-usb-redirect-5.2.0-150300.118.3
qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3
qemu-hw-usb-smartcard-5.2.0-150300.118.3
qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.118.3
qemu-ivshmem-tools-5.2.0-150300.118.3
qemu-ivshmem-tools-debuginfo-5.2.0-150300.118.3
qemu-ksm-5.2.0-150300.118.3
qemu-lang-5.2.0-150300.118.3
qemu-linux-user-5.2.0-150300.118.2
qemu-linux-user-debuginfo-5.2.0-150300.118.2
qemu-linux-user-debugsource-5.2.0-150300.118.2
qemu-ppc-5.2.0-150300.118.3
qemu-ppc-debuginfo-5.2.0-150300.118.3
qemu-s390x-5.2.0-150300.118.3
qemu-s390x-debuginfo-5.2.0-150300.118.3
qemu-testsuite-5.2.0-150300.118.5
qemu-tools-5.2.0-150300.118.3
qemu-tools-debuginfo-5.2.0-150300.118.3
qemu-ui-curses-5.2.0-150300.118.3
qemu-ui-curses-debuginfo-5.2.0-150300.118.3
qemu-ui-gtk-5.2.0-150300.118.3
qemu-ui-gtk-debuginfo-5.2.0-150300.118.3
qemu-ui-opengl-5.2.0-150300.118.3
qemu-ui-opengl-debuginfo-5.2.0-150300.118.3
qemu-ui-spice-app-5.2.0-150300.118.3
qemu-ui-spice-app-debuginfo-5.2.0-150300.118.3
qemu-ui-spice-core-5.2.0-150300.118.3
qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3
qemu-vhost-user-gpu-5.2.0-150300.118.3
qemu-vhost-user-gpu-debuginfo-5.2.0-150300.118.3
qemu-x86-5.2.0-150300.118.3
qemu-x86-debuginfo-5.2.0-150300.118.3
- openSUSE Leap 15.3 (s390x x86_64):
qemu-kvm-5.2.0-150300.118.3
- openSUSE Leap 15.3 (noarch):
qemu-SLOF-5.2.0-150300.118.3
qemu-ipxe-1.0.0+-150300.118.3
qemu-microvm-5.2.0-150300.118.3
qemu-seabios-1.14.0_0_g155821a-150300.118.3
qemu-sgabios-8-150300.118.3
qemu-skiboot-5.2.0-150300.118.3
qemu-vgabios-1.14.0_0_g155821a-150300.118.3
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
qemu-5.2.0-150300.118.3
qemu-block-curl-5.2.0-150300.118.3
qemu-block-curl-debuginfo-5.2.0-150300.118.3
qemu-block-iscsi-5.2.0-150300.118.3
qemu-block-iscsi-debuginfo-5.2.0-150300.118.3
qemu-block-rbd-5.2.0-150300.118.3
qemu-block-rbd-debuginfo-5.2.0-150300.118.3
qemu-block-ssh-5.2.0-150300.118.3
qemu-block-ssh-debuginfo-5.2.0-150300.118.3
qemu-chardev-baum-5.2.0-150300.118.3
qemu-chardev-baum-debuginfo-5.2.0-150300.118.3
qemu-debuginfo-5.2.0-150300.118.3
qemu-debugsource-5.2.0-150300.118.3
qemu-guest-agent-5.2.0-150300.118.3
qemu-guest-agent-debuginfo-5.2.0-150300.118.3
qemu-ksm-5.2.0-150300.118.3
qemu-lang-5.2.0-150300.118.3
qemu-ui-curses-5.2.0-150300.118.3
qemu-ui-curses-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le x86_64):
qemu-audio-spice-5.2.0-150300.118.3
qemu-audio-spice-debuginfo-5.2.0-150300.118.3
qemu-chardev-spice-5.2.0-150300.118.3
qemu-chardev-spice-debuginfo-5.2.0-150300.118.3
qemu-hw-display-qxl-5.2.0-150300.118.3
qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3
qemu-hw-display-virtio-vga-5.2.0-150300.118.3
qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3
qemu-hw-usb-redirect-5.2.0-150300.118.3
qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3
qemu-ui-gtk-5.2.0-150300.118.3
qemu-ui-gtk-debuginfo-5.2.0-150300.118.3
qemu-ui-opengl-5.2.0-150300.118.3
qemu-ui-opengl-debuginfo-5.2.0-150300.118.3
qemu-ui-spice-app-5.2.0-150300.118.3
qemu-ui-spice-app-debuginfo-5.2.0-150300.118.3
qemu-ui-spice-core-5.2.0-150300.118.3
qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x x86_64):
qemu-hw-display-virtio-gpu-5.2.0-150300.118.3
qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.118.3
qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.118.3
qemu-kvm-5.2.0-150300.118.3
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64):
qemu-arm-5.2.0-150300.118.3
qemu-arm-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le):
qemu-ppc-5.2.0-150300.118.3
qemu-ppc-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
qemu-SLOF-5.2.0-150300.118.3
qemu-ipxe-1.0.0+-150300.118.3
qemu-seabios-1.14.0_0_g155821a-150300.118.3
qemu-sgabios-8-150300.118.3
qemu-skiboot-5.2.0-150300.118.3
qemu-vgabios-1.14.0_0_g155821a-150300.118.3
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64):
qemu-audio-alsa-5.2.0-150300.118.3
qemu-audio-alsa-debuginfo-5.2.0-150300.118.3
qemu-audio-pa-5.2.0-150300.118.3
qemu-audio-pa-debuginfo-5.2.0-150300.118.3
qemu-x86-5.2.0-150300.118.3
qemu-x86-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x):
qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.118.3
qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.118.3
qemu-s390x-5.2.0-150300.118.3
qemu-s390x-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
qemu-debuginfo-5.2.0-150300.118.3
qemu-debugsource-5.2.0-150300.118.3
qemu-tools-5.2.0-150300.118.3
qemu-tools-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
qemu-5.2.0-150300.118.3
qemu-audio-spice-5.2.0-150300.118.3
qemu-audio-spice-debuginfo-5.2.0-150300.118.3
qemu-chardev-spice-5.2.0-150300.118.3
qemu-chardev-spice-debuginfo-5.2.0-150300.118.3
qemu-debuginfo-5.2.0-150300.118.3
qemu-debugsource-5.2.0-150300.118.3
qemu-guest-agent-5.2.0-150300.118.3
qemu-guest-agent-debuginfo-5.2.0-150300.118.3
qemu-hw-display-qxl-5.2.0-150300.118.3
qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3
qemu-hw-display-virtio-gpu-5.2.0-150300.118.3
qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3
qemu-hw-display-virtio-vga-5.2.0-150300.118.3
qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3
qemu-hw-usb-redirect-5.2.0-150300.118.3
qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3
qemu-tools-5.2.0-150300.118.3
qemu-tools-debuginfo-5.2.0-150300.118.3
qemu-ui-opengl-5.2.0-150300.118.3
qemu-ui-opengl-debuginfo-5.2.0-150300.118.3
qemu-ui-spice-core-5.2.0-150300.118.3
qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Micro 5.2 (aarch64):
qemu-arm-5.2.0-150300.118.3
qemu-arm-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Micro 5.2 (noarch):
qemu-ipxe-1.0.0+-150300.118.3
qemu-seabios-1.14.0_0_g155821a-150300.118.3
qemu-sgabios-8-150300.118.3
qemu-vgabios-1.14.0_0_g155821a-150300.118.3
- SUSE Linux Enterprise Micro 5.2 (x86_64):
qemu-x86-5.2.0-150300.118.3
qemu-x86-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Micro 5.2 (s390x):
qemu-s390x-5.2.0-150300.118.3
qemu-s390x-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
qemu-5.2.0-150300.118.3
qemu-debuginfo-5.2.0-150300.118.3
qemu-debugsource-5.2.0-150300.118.3
qemu-tools-5.2.0-150300.118.3
qemu-tools-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Micro 5.1 (aarch64):
qemu-arm-5.2.0-150300.118.3
qemu-arm-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Micro 5.1 (x86_64):
qemu-x86-5.2.0-150300.118.3
qemu-x86-debuginfo-5.2.0-150300.118.3
- SUSE Linux Enterprise Micro 5.1 (noarch):
qemu-ipxe-1.0.0+-150300.118.3
qemu-seabios-1.14.0_0_g155821a-150300.118.3
qemu-sgabios-8-150300.118.3
qemu-vgabios-1.14.0_0_g155821a-150300.118.3
- SUSE Linux Enterprise Micro 5.1 (s390x):
qemu-s390x-5.2.0-150300.118.3
qemu-s390x-debuginfo-5.2.0-150300.118.3
References:
https://www.suse.com/security/cve/CVE-2022-0216.html
https://www.suse.com/security/cve/CVE-2022-35414.html
https://bugzilla.suse.com/1192115
https://bugzilla.suse.com/1198038
https://bugzilla.suse.com/1201367
1
0
SUSE-SU-2022:3661-1: important: Security update for php8
by opensuse-security@opensuse.org 19 Oct '22
by opensuse-security@opensuse.org 19 Oct '22
19 Oct '22
SUSE Security Update: Security update for php8
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3661-1
Rating: important
References: #1192050 #1200772 #1203867 #1203870 SLE-23639
SLE-24723
Cross-References: CVE-2021-21703 CVE-2022-31628 CVE-2022-31629
CVSS scores:
CVE-2021-21703 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-21703 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31628 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-31629 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Web Scripting 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves three vulnerabilities, contains two
features and has one errata is now available.
Description:
This update for php8 fixes the following issues:
- php8 was updated to version 8.0.24
- php8 was updated to version 8.0.23 (jsc#SLE-23639).
- CVE-2021-21703: Fixed a local privilege escalation via PHP-FPM.
(bsc#1192050)
- CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor
while decompressing "quines" gzip files. (bsc#1203867)
- CVE-2022-31629: Fixed a bug which could lead an attacker to set an
insecure cookie that will treated as secure in the victim's browser.
(bsc#1203870)
- Fixed missing devel package requires pear and pecl extensions
(jsc#SLE-24723, bsc#1200772).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3661=1
- SUSE Linux Enterprise Module for Web Scripting 15-SP4:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-3661=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
apache2-mod_php8-8.0.24-150400.4.14.1
apache2-mod_php8-debuginfo-8.0.24-150400.4.14.1
apache2-mod_php8-debugsource-8.0.24-150400.4.14.1
php8-8.0.24-150400.4.14.1
php8-bcmath-8.0.24-150400.4.14.1
php8-bcmath-debuginfo-8.0.24-150400.4.14.1
php8-bz2-8.0.24-150400.4.14.1
php8-bz2-debuginfo-8.0.24-150400.4.14.1
php8-calendar-8.0.24-150400.4.14.1
php8-calendar-debuginfo-8.0.24-150400.4.14.1
php8-cli-8.0.24-150400.4.14.1
php8-cli-debuginfo-8.0.24-150400.4.14.1
php8-ctype-8.0.24-150400.4.14.1
php8-ctype-debuginfo-8.0.24-150400.4.14.1
php8-curl-8.0.24-150400.4.14.1
php8-curl-debuginfo-8.0.24-150400.4.14.1
php8-dba-8.0.24-150400.4.14.1
php8-dba-debuginfo-8.0.24-150400.4.14.1
php8-debuginfo-8.0.24-150400.4.14.1
php8-debugsource-8.0.24-150400.4.14.1
php8-devel-8.0.24-150400.4.14.1
php8-dom-8.0.24-150400.4.14.1
php8-dom-debuginfo-8.0.24-150400.4.14.1
php8-embed-8.0.24-150400.4.14.1
php8-embed-debuginfo-8.0.24-150400.4.14.1
php8-embed-debugsource-8.0.24-150400.4.14.1
php8-enchant-8.0.24-150400.4.14.1
php8-enchant-debuginfo-8.0.24-150400.4.14.1
php8-exif-8.0.24-150400.4.14.1
php8-exif-debuginfo-8.0.24-150400.4.14.1
php8-fastcgi-8.0.24-150400.4.14.1
php8-fastcgi-debuginfo-8.0.24-150400.4.14.1
php8-fastcgi-debugsource-8.0.24-150400.4.14.1
php8-fileinfo-8.0.24-150400.4.14.1
php8-fileinfo-debuginfo-8.0.24-150400.4.14.1
php8-fpm-8.0.24-150400.4.14.1
php8-fpm-debuginfo-8.0.24-150400.4.14.1
php8-fpm-debugsource-8.0.24-150400.4.14.1
php8-ftp-8.0.24-150400.4.14.1
php8-ftp-debuginfo-8.0.24-150400.4.14.1
php8-gd-8.0.24-150400.4.14.1
php8-gd-debuginfo-8.0.24-150400.4.14.1
php8-gettext-8.0.24-150400.4.14.1
php8-gettext-debuginfo-8.0.24-150400.4.14.1
php8-gmp-8.0.24-150400.4.14.1
php8-gmp-debuginfo-8.0.24-150400.4.14.1
php8-iconv-8.0.24-150400.4.14.1
php8-iconv-debuginfo-8.0.24-150400.4.14.1
php8-intl-8.0.24-150400.4.14.1
php8-intl-debuginfo-8.0.24-150400.4.14.1
php8-ldap-8.0.24-150400.4.14.1
php8-ldap-debuginfo-8.0.24-150400.4.14.1
php8-mbstring-8.0.24-150400.4.14.1
php8-mbstring-debuginfo-8.0.24-150400.4.14.1
php8-mysql-8.0.24-150400.4.14.1
php8-mysql-debuginfo-8.0.24-150400.4.14.1
php8-odbc-8.0.24-150400.4.14.1
php8-odbc-debuginfo-8.0.24-150400.4.14.1
php8-opcache-8.0.24-150400.4.14.1
php8-opcache-debuginfo-8.0.24-150400.4.14.1
php8-openssl-8.0.24-150400.4.14.1
php8-openssl-debuginfo-8.0.24-150400.4.14.1
php8-pcntl-8.0.24-150400.4.14.1
php8-pcntl-debuginfo-8.0.24-150400.4.14.1
php8-pdo-8.0.24-150400.4.14.1
php8-pdo-debuginfo-8.0.24-150400.4.14.1
php8-pgsql-8.0.24-150400.4.14.1
php8-pgsql-debuginfo-8.0.24-150400.4.14.1
php8-phar-8.0.24-150400.4.14.1
php8-phar-debuginfo-8.0.24-150400.4.14.1
php8-posix-8.0.24-150400.4.14.1
php8-posix-debuginfo-8.0.24-150400.4.14.1
php8-readline-8.0.24-150400.4.14.1
php8-readline-debuginfo-8.0.24-150400.4.14.1
php8-shmop-8.0.24-150400.4.14.1
php8-shmop-debuginfo-8.0.24-150400.4.14.1
php8-snmp-8.0.24-150400.4.14.1
php8-snmp-debuginfo-8.0.24-150400.4.14.1
php8-soap-8.0.24-150400.4.14.1
php8-soap-debuginfo-8.0.24-150400.4.14.1
php8-sockets-8.0.24-150400.4.14.1
php8-sockets-debuginfo-8.0.24-150400.4.14.1
php8-sodium-8.0.24-150400.4.14.1
php8-sodium-debuginfo-8.0.24-150400.4.14.1
php8-sqlite-8.0.24-150400.4.14.1
php8-sqlite-debuginfo-8.0.24-150400.4.14.1
php8-sysvmsg-8.0.24-150400.4.14.1
php8-sysvmsg-debuginfo-8.0.24-150400.4.14.1
php8-sysvsem-8.0.24-150400.4.14.1
php8-sysvsem-debuginfo-8.0.24-150400.4.14.1
php8-sysvshm-8.0.24-150400.4.14.1
php8-sysvshm-debuginfo-8.0.24-150400.4.14.1
php8-test-8.0.24-150400.4.14.1
php8-tidy-8.0.24-150400.4.14.1
php8-tidy-debuginfo-8.0.24-150400.4.14.1
php8-tokenizer-8.0.24-150400.4.14.1
php8-tokenizer-debuginfo-8.0.24-150400.4.14.1
php8-xmlreader-8.0.24-150400.4.14.1
php8-xmlreader-debuginfo-8.0.24-150400.4.14.1
php8-xmlwriter-8.0.24-150400.4.14.1
php8-xmlwriter-debuginfo-8.0.24-150400.4.14.1
php8-xsl-8.0.24-150400.4.14.1
php8-xsl-debuginfo-8.0.24-150400.4.14.1
php8-zip-8.0.24-150400.4.14.1
php8-zip-debuginfo-8.0.24-150400.4.14.1
php8-zlib-8.0.24-150400.4.14.1
php8-zlib-debuginfo-8.0.24-150400.4.14.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64):
apache2-mod_php8-8.0.24-150400.4.14.1
apache2-mod_php8-debuginfo-8.0.24-150400.4.14.1
apache2-mod_php8-debugsource-8.0.24-150400.4.14.1
php8-8.0.24-150400.4.14.1
php8-bcmath-8.0.24-150400.4.14.1
php8-bcmath-debuginfo-8.0.24-150400.4.14.1
php8-bz2-8.0.24-150400.4.14.1
php8-bz2-debuginfo-8.0.24-150400.4.14.1
php8-calendar-8.0.24-150400.4.14.1
php8-calendar-debuginfo-8.0.24-150400.4.14.1
php8-cli-8.0.24-150400.4.14.1
php8-cli-debuginfo-8.0.24-150400.4.14.1
php8-ctype-8.0.24-150400.4.14.1
php8-ctype-debuginfo-8.0.24-150400.4.14.1
php8-curl-8.0.24-150400.4.14.1
php8-curl-debuginfo-8.0.24-150400.4.14.1
php8-dba-8.0.24-150400.4.14.1
php8-dba-debuginfo-8.0.24-150400.4.14.1
php8-debuginfo-8.0.24-150400.4.14.1
php8-debugsource-8.0.24-150400.4.14.1
php8-devel-8.0.24-150400.4.14.1
php8-dom-8.0.24-150400.4.14.1
php8-dom-debuginfo-8.0.24-150400.4.14.1
php8-embed-8.0.24-150400.4.14.1
php8-embed-debuginfo-8.0.24-150400.4.14.1
php8-embed-debugsource-8.0.24-150400.4.14.1
php8-enchant-8.0.24-150400.4.14.1
php8-enchant-debuginfo-8.0.24-150400.4.14.1
php8-exif-8.0.24-150400.4.14.1
php8-exif-debuginfo-8.0.24-150400.4.14.1
php8-fastcgi-8.0.24-150400.4.14.1
php8-fastcgi-debuginfo-8.0.24-150400.4.14.1
php8-fastcgi-debugsource-8.0.24-150400.4.14.1
php8-fileinfo-8.0.24-150400.4.14.1
php8-fileinfo-debuginfo-8.0.24-150400.4.14.1
php8-fpm-8.0.24-150400.4.14.1
php8-fpm-debuginfo-8.0.24-150400.4.14.1
php8-fpm-debugsource-8.0.24-150400.4.14.1
php8-ftp-8.0.24-150400.4.14.1
php8-ftp-debuginfo-8.0.24-150400.4.14.1
php8-gd-8.0.24-150400.4.14.1
php8-gd-debuginfo-8.0.24-150400.4.14.1
php8-gettext-8.0.24-150400.4.14.1
php8-gettext-debuginfo-8.0.24-150400.4.14.1
php8-gmp-8.0.24-150400.4.14.1
php8-gmp-debuginfo-8.0.24-150400.4.14.1
php8-iconv-8.0.24-150400.4.14.1
php8-iconv-debuginfo-8.0.24-150400.4.14.1
php8-intl-8.0.24-150400.4.14.1
php8-intl-debuginfo-8.0.24-150400.4.14.1
php8-ldap-8.0.24-150400.4.14.1
php8-ldap-debuginfo-8.0.24-150400.4.14.1
php8-mbstring-8.0.24-150400.4.14.1
php8-mbstring-debuginfo-8.0.24-150400.4.14.1
php8-mysql-8.0.24-150400.4.14.1
php8-mysql-debuginfo-8.0.24-150400.4.14.1
php8-odbc-8.0.24-150400.4.14.1
php8-odbc-debuginfo-8.0.24-150400.4.14.1
php8-opcache-8.0.24-150400.4.14.1
php8-opcache-debuginfo-8.0.24-150400.4.14.1
php8-openssl-8.0.24-150400.4.14.1
php8-openssl-debuginfo-8.0.24-150400.4.14.1
php8-pcntl-8.0.24-150400.4.14.1
php8-pcntl-debuginfo-8.0.24-150400.4.14.1
php8-pdo-8.0.24-150400.4.14.1
php8-pdo-debuginfo-8.0.24-150400.4.14.1
php8-pgsql-8.0.24-150400.4.14.1
php8-pgsql-debuginfo-8.0.24-150400.4.14.1
php8-phar-8.0.24-150400.4.14.1
php8-phar-debuginfo-8.0.24-150400.4.14.1
php8-posix-8.0.24-150400.4.14.1
php8-posix-debuginfo-8.0.24-150400.4.14.1
php8-readline-8.0.24-150400.4.14.1
php8-readline-debuginfo-8.0.24-150400.4.14.1
php8-shmop-8.0.24-150400.4.14.1
php8-shmop-debuginfo-8.0.24-150400.4.14.1
php8-snmp-8.0.24-150400.4.14.1
php8-snmp-debuginfo-8.0.24-150400.4.14.1
php8-soap-8.0.24-150400.4.14.1
php8-soap-debuginfo-8.0.24-150400.4.14.1
php8-sockets-8.0.24-150400.4.14.1
php8-sockets-debuginfo-8.0.24-150400.4.14.1
php8-sodium-8.0.24-150400.4.14.1
php8-sodium-debuginfo-8.0.24-150400.4.14.1
php8-sqlite-8.0.24-150400.4.14.1
php8-sqlite-debuginfo-8.0.24-150400.4.14.1
php8-sysvmsg-8.0.24-150400.4.14.1
php8-sysvmsg-debuginfo-8.0.24-150400.4.14.1
php8-sysvsem-8.0.24-150400.4.14.1
php8-sysvsem-debuginfo-8.0.24-150400.4.14.1
php8-sysvshm-8.0.24-150400.4.14.1
php8-sysvshm-debuginfo-8.0.24-150400.4.14.1
php8-test-8.0.24-150400.4.14.1
php8-tidy-8.0.24-150400.4.14.1
php8-tidy-debuginfo-8.0.24-150400.4.14.1
php8-tokenizer-8.0.24-150400.4.14.1
php8-tokenizer-debuginfo-8.0.24-150400.4.14.1
php8-xmlreader-8.0.24-150400.4.14.1
php8-xmlreader-debuginfo-8.0.24-150400.4.14.1
php8-xmlwriter-8.0.24-150400.4.14.1
php8-xmlwriter-debuginfo-8.0.24-150400.4.14.1
php8-xsl-8.0.24-150400.4.14.1
php8-xsl-debuginfo-8.0.24-150400.4.14.1
php8-zip-8.0.24-150400.4.14.1
php8-zip-debuginfo-8.0.24-150400.4.14.1
php8-zlib-8.0.24-150400.4.14.1
php8-zlib-debuginfo-8.0.24-150400.4.14.1
References:
https://www.suse.com/security/cve/CVE-2021-21703.html
https://www.suse.com/security/cve/CVE-2022-31628.html
https://www.suse.com/security/cve/CVE-2022-31629.html
https://bugzilla.suse.com/1192050
https://bugzilla.suse.com/1200772
https://bugzilla.suse.com/1203867
https://bugzilla.suse.com/1203870
1
0
openSUSE-SU-2022:10154-1: moderate: Security update for pngcheck
by opensuse-security@opensuse.org 19 Oct '22
by opensuse-security@opensuse.org 19 Oct '22
19 Oct '22
openSUSE Security Update: Security update for pngcheck
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10154-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for pngcheck fixes the following issues:
pngcheck was updated to 3.0.3:
Version 3.0.1:
* fixed a crash bug (and probable vulnerability) in large (MNG) LOOP
chunks
Version 3.0.2:
* fixed a divide-by-zero crash bug (and probable vulnerability) in
interlaced images with extra compressed data beyond the nominal end of
the image data (found by "chiba of topsec alpha lab")
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10154=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
pngcheck-3.0.3-bp154.2.3.1
References:
1
0
openSUSE-SU-2022:10153-1: important: Security update for enlightenment
by opensuse-security@opensuse.org 19 Oct '22
by opensuse-security@opensuse.org 19 Oct '22
19 Oct '22
openSUSE Security Update: Security update for enlightenment
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10153-1
Rating: important
References: #1203631
Cross-References: CVE-2022-37706
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for enlightenment fixes the following issues:
Update to 0.25.4 Bugfix release
* Fix shape handling in various cases that affected apps with shaped input
* Fix procstats popup and dangling icon for fullscreen windows
* Fix a vianishing pointer in some cases
* Workaround Qt issue where it does not remove WM_STATE on withdraw
* Fix fullscreen focus toggle flicker
* Fix pointer sticking case
* Fix tap-to-click props
* Fix gadgcon disabled items
* Fix config fallback handling that means no fallback happened
* Fix gtk frame prop handling
* Fix first map handling that affected energyxt
* Fix CVE-2022-37706 (boo#1203631)
* Harden enlightenment_sys when mis-packaged without sysactions.conf
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10153=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):
enlightenment-0.25.4-bp154.4.3.1
enlightenment-branding-upstream-0.25.4-bp154.4.3.1
enlightenment-devel-0.25.4-bp154.4.3.1
References:
https://www.suse.com/security/cve/CVE-2022-37706.html
https://bugzilla.suse.com/1203631
1
0
SUSE-SU-2022:3650-1: important: Security update for libreoffice
by opensuse-security@opensuse.org 19 Oct '22
by opensuse-security@opensuse.org 19 Oct '22
19 Oct '22
SUSE Security Update: Security update for libreoffice
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3650-1
Rating: important
References: #1201868 #1201872 #1203209 SLE-23447
Cross-References: CVE-2022-26305 CVE-2022-26307 CVE-2022-3140
CVSS scores:
CVE-2022-26305 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26305 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26307 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26307 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-3140 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities, contains one
feature is now available.
Description:
This update for libreoffice fixes the following issues:
Updated to version 7.3.6.2 (jsc#SLE-23447):
- CVE-2022-3140: Fixed macro URL arbitrary script execution
(bsc#1203209).
- CVE-2022-26305: Fixed execution of untrusted Macros due to improper
certificate validation (bsc#1201868).
- CVE-2022-26307: Fixed weak Master Keys in password storage
(bsc#1201872).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3650=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3650=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3650=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3650=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3650=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3650=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le x86_64):
libreoffice-7.3.6.2-150300.14.22.24.2
libreoffice-base-7.3.6.2-150300.14.22.24.2
libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-7.3.6.2-150300.14.22.24.2
libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2
libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-debugsource-7.3.6.2-150300.14.22.24.2
libreoffice-draw-7.3.6.2-150300.14.22.24.2
libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-impress-7.3.6.2-150300.14.22.24.2
libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-librelogo-7.3.6.2-150300.14.22.24.2
libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2
libreoffice-math-7.3.6.2-150300.14.22.24.2
libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-qt5-7.3.6.2-150300.14.22.24.2
libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2
libreoffice-writer-7.3.6.2-150300.14.22.24.2
libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2
libreofficekit-7.3.6.2-150300.14.22.24.2
libreofficekit-devel-7.3.6.2-150300.14.22.24.2
- openSUSE Leap 15.4 (noarch):
libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2
libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2
libreoffice-glade-7.3.6.2-150300.14.22.24.2
libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2
- openSUSE Leap 15.3 (aarch64 ppc64le x86_64):
libreoffice-7.3.6.2-150300.14.22.24.2
libreoffice-base-7.3.6.2-150300.14.22.24.2
libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-7.3.6.2-150300.14.22.24.2
libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2
libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-debugsource-7.3.6.2-150300.14.22.24.2
libreoffice-draw-7.3.6.2-150300.14.22.24.2
libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-impress-7.3.6.2-150300.14.22.24.2
libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-librelogo-7.3.6.2-150300.14.22.24.2
libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2
libreoffice-math-7.3.6.2-150300.14.22.24.2
libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-qt5-7.3.6.2-150300.14.22.24.2
libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2
libreoffice-writer-7.3.6.2-150300.14.22.24.2
libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2
libreofficekit-7.3.6.2-150300.14.22.24.2
libreofficekit-devel-7.3.6.2-150300.14.22.24.2
- openSUSE Leap 15.3 (noarch):
libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2
libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2
libreoffice-glade-7.3.6.2-150300.14.22.24.2
libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2
- SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch):
libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2
libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
libreoffice-7.3.6.2-150300.14.22.24.2
libreoffice-base-7.3.6.2-150300.14.22.24.2
libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-7.3.6.2-150300.14.22.24.2
libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2
libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-debugsource-7.3.6.2-150300.14.22.24.2
libreoffice-draw-7.3.6.2-150300.14.22.24.2
libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-impress-7.3.6.2-150300.14.22.24.2
libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2
libreoffice-math-7.3.6.2-150300.14.22.24.2
libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-writer-7.3.6.2-150300.14.22.24.2
libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2
libreofficekit-7.3.6.2-150300.14.22.24.2
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
libreoffice-7.3.6.2-150300.14.22.24.2
libreoffice-base-7.3.6.2-150300.14.22.24.2
libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-7.3.6.2-150300.14.22.24.2
libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2
libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-debugsource-7.3.6.2-150300.14.22.24.2
libreoffice-draw-7.3.6.2-150300.14.22.24.2
libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-impress-7.3.6.2-150300.14.22.24.2
libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2
libreoffice-math-7.3.6.2-150300.14.22.24.2
libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-writer-7.3.6.2-150300.14.22.24.2
libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2
libreofficekit-7.3.6.2-150300.14.22.24.2
- SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch):
libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2
libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le):
libreoffice-7.3.6.2-150300.14.22.24.2
libreoffice-base-7.3.6.2-150300.14.22.24.2
libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-7.3.6.2-150300.14.22.24.2
libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2
libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-debugsource-7.3.6.2-150300.14.22.24.2
libreoffice-draw-7.3.6.2-150300.14.22.24.2
libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-impress-7.3.6.2-150300.14.22.24.2
libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-librelogo-7.3.6.2-150300.14.22.24.2
libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2
libreoffice-math-7.3.6.2-150300.14.22.24.2
libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-qt5-7.3.6.2-150300.14.22.24.2
libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2
libreoffice-writer-7.3.6.2-150300.14.22.24.2
libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2
libreofficekit-7.3.6.2-150300.14.22.24.2
libreofficekit-devel-7.3.6.2-150300.14.22.24.2
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch):
libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2
libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2
libreoffice-glade-7.3.6.2-150300.14.22.24.2
libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le):
libreoffice-7.3.6.2-150300.14.22.24.2
libreoffice-base-7.3.6.2-150300.14.22.24.2
libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2
libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-7.3.6.2-150300.14.22.24.2
libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2
libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-debugsource-7.3.6.2-150300.14.22.24.2
libreoffice-draw-7.3.6.2-150300.14.22.24.2
libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-7.3.6.2-150300.14.22.24.2
libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-7.3.6.2-150300.14.22.24.2
libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-impress-7.3.6.2-150300.14.22.24.2
libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-librelogo-7.3.6.2-150300.14.22.24.2
libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2
libreoffice-math-7.3.6.2-150300.14.22.24.2
libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-7.3.6.2-150300.14.22.24.2
libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-7.3.6.2-150300.14.22.24.2
libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-qt5-7.3.6.2-150300.14.22.24.2
libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2
libreoffice-writer-7.3.6.2-150300.14.22.24.2
libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2
libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2
libreofficekit-7.3.6.2-150300.14.22.24.2
libreofficekit-devel-7.3.6.2-150300.14.22.24.2
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2
libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2
libreoffice-glade-7.3.6.2-150300.14.22.24.2
libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2
libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2
References:
https://www.suse.com/security/cve/CVE-2022-26305.html
https://www.suse.com/security/cve/CVE-2022-26307.html
https://www.suse.com/security/cve/CVE-2022-3140.html
https://bugzilla.suse.com/1201868
https://bugzilla.suse.com/1201872
https://bugzilla.suse.com/1203209
1
0
SUSE-SU-2022:3616-1: moderate: Security update for nodejs12
by opensuse-security@opensuse.org 18 Oct '22
by opensuse-security@opensuse.org 18 Oct '22
18 Oct '22
SUSE Security Update: Security update for nodejs12
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3616-1
Rating: moderate
References: #1201325 #1203832
Cross-References: CVE-2022-32213 CVE-2022-35256
CVSS scores:
CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Web Scripting 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for nodejs12 fixes the following issues:
- CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832).
- CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3616=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3616=1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3616=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
nodejs12-12.22.12-150200.4.38.1
nodejs12-debuginfo-12.22.12-150200.4.38.1
nodejs12-debugsource-12.22.12-150200.4.38.1
nodejs12-devel-12.22.12-150200.4.38.1
npm12-12.22.12-150200.4.38.1
- openSUSE Leap 15.4 (noarch):
nodejs12-docs-12.22.12-150200.4.38.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nodejs12-12.22.12-150200.4.38.1
nodejs12-debuginfo-12.22.12-150200.4.38.1
nodejs12-debugsource-12.22.12-150200.4.38.1
nodejs12-devel-12.22.12-150200.4.38.1
npm12-12.22.12-150200.4.38.1
- openSUSE Leap 15.3 (noarch):
nodejs12-docs-12.22.12-150200.4.38.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64):
nodejs12-12.22.12-150200.4.38.1
nodejs12-debuginfo-12.22.12-150200.4.38.1
nodejs12-debugsource-12.22.12-150200.4.38.1
nodejs12-devel-12.22.12-150200.4.38.1
npm12-12.22.12-150200.4.38.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch):
nodejs12-docs-12.22.12-150200.4.38.1
References:
https://www.suse.com/security/cve/CVE-2022-32213.html
https://www.suse.com/security/cve/CVE-2022-35256.html
https://bugzilla.suse.com/1201325
https://bugzilla.suse.com/1203832
1
0
SUSE-SU-2022:3621-1: moderate: Security update for rubygem-activesupport-5_1
by opensuse-security@opensuse.org 18 Oct '22
by opensuse-security@opensuse.org 18 Oct '22
18 Oct '22
SUSE Security Update: Security update for rubygem-activesupport-5_1
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3621-1
Rating: moderate
References: #1199060
Cross-References: CVE-2022-27777
CVSS scores:
CVE-2022-27777 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-27777 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Availability 15-SP2
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 6
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rubygem-activesupport-5_1 fixes the following issues:
- CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View
tag helper (bsc#1199060).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3621=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3621=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3621=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3621=1
- SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3621=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3621=1
- SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2022-3621=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1
ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.9.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1
ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1
- SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1
References:
https://www.suse.com/security/cve/CVE-2022-27777.html
https://bugzilla.suse.com/1199060
1
0
SUSE-SU-2022:3615-1: important: Security update for nodejs16
by opensuse-security@opensuse.org 18 Oct '22
by opensuse-security@opensuse.org 18 Oct '22
18 Oct '22
SUSE Security Update: Security update for nodejs16
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3615-1
Rating: important
References: #1201325 #1201327 #1203831 #1203832
Cross-References: CVE-2022-32213 CVE-2022-32215 CVE-2022-35255
CVE-2022-35256
CVSS scores:
CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
CVE-2022-32215 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2022-35255 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Web Scripting 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for nodejs16 fixes the following issues:
Updated to version 16.17.1:
- CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325).
- CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding
(bsc#1201327).
- CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832).
- CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3615=1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3615=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nodejs16-16.17.1-150300.7.12.1
nodejs16-debuginfo-16.17.1-150300.7.12.1
nodejs16-debugsource-16.17.1-150300.7.12.1
nodejs16-devel-16.17.1-150300.7.12.1
npm16-16.17.1-150300.7.12.1
- openSUSE Leap 15.3 (noarch):
nodejs16-docs-16.17.1-150300.7.12.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64):
nodejs16-16.17.1-150300.7.12.1
nodejs16-debuginfo-16.17.1-150300.7.12.1
nodejs16-debugsource-16.17.1-150300.7.12.1
nodejs16-devel-16.17.1-150300.7.12.1
npm16-16.17.1-150300.7.12.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch):
nodejs16-docs-16.17.1-150300.7.12.1
References:
https://www.suse.com/security/cve/CVE-2022-32213.html
https://www.suse.com/security/cve/CVE-2022-32215.html
https://www.suse.com/security/cve/CVE-2022-35255.html
https://www.suse.com/security/cve/CVE-2022-35256.html
https://bugzilla.suse.com/1201325
https://bugzilla.suse.com/1201327
https://bugzilla.suse.com/1203831
https://bugzilla.suse.com/1203832
1
0
SUSE-SU-2022:3613-1: important: Security update for postgresql-jdbc
by opensuse-security@opensuse.org 18 Oct '22
by opensuse-security@opensuse.org 18 Oct '22
18 Oct '22
SUSE Security Update: Security update for postgresql-jdbc
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3613-1
Rating: important
References: #1202170
Cross-References: CVE-2022-31197
CVSS scores:
CVE-2022-31197 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31197 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for postgresql-jdbc fixes the following issues:
- CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3613=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3613=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3613=1
Package List:
- openSUSE Leap 15.3 (noarch):
postgresql-jdbc-42.2.25-150300.3.8.1
postgresql-jdbc-javadoc-42.2.25-150300.3.8.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
postgresql-jdbc-42.2.25-150300.3.8.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
postgresql-jdbc-42.2.25-150300.3.8.1
References:
https://www.suse.com/security/cve/CVE-2022-31197.html
https://bugzilla.suse.com/1202170
1
0
SUSE-SU-2022:3614-1: moderate: Security update for nodejs14
by opensuse-security@opensuse.org 18 Oct '22
by opensuse-security@opensuse.org 18 Oct '22
18 Oct '22
SUSE Security Update: Security update for nodejs14
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3614-1
Rating: moderate
References: #1201325 #1203832
Cross-References: CVE-2022-32213 CVE-2022-35256
CVSS scores:
CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Web Scripting 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for nodejs14 fixes the following issues:
Updated to version 14.20.1:
- CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325).
- CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3614=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3614=1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3614=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
corepack14-14.20.1-150200.15.37.1
nodejs14-14.20.1-150200.15.37.1
nodejs14-debuginfo-14.20.1-150200.15.37.1
nodejs14-debugsource-14.20.1-150200.15.37.1
nodejs14-devel-14.20.1-150200.15.37.1
npm14-14.20.1-150200.15.37.1
- openSUSE Leap 15.4 (noarch):
nodejs14-docs-14.20.1-150200.15.37.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nodejs14-14.20.1-150200.15.37.1
nodejs14-debuginfo-14.20.1-150200.15.37.1
nodejs14-debugsource-14.20.1-150200.15.37.1
nodejs14-devel-14.20.1-150200.15.37.1
npm14-14.20.1-150200.15.37.1
- openSUSE Leap 15.3 (noarch):
nodejs14-docs-14.20.1-150200.15.37.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64):
nodejs14-14.20.1-150200.15.37.1
nodejs14-debuginfo-14.20.1-150200.15.37.1
nodejs14-debugsource-14.20.1-150200.15.37.1
nodejs14-devel-14.20.1-150200.15.37.1
npm14-14.20.1-150200.15.37.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch):
nodejs14-docs-14.20.1-150200.15.37.1
References:
https://www.suse.com/security/cve/CVE-2022-32213.html
https://www.suse.com/security/cve/CVE-2022-35256.html
https://bugzilla.suse.com/1201325
https://bugzilla.suse.com/1203832
1
0
SUSE-SU-2022:3609-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 18 Oct '22
by opensuse-security@opensuse.org 18 Oct '22
18 Oct '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3609-1
Rating: important
References: #1023051 #1065729 #1156395 #1177471 #1179722
#1179723 #1181862 #1185032 #1191662 #1191667
#1191881 #1192594 #1194023 #1194272 #1194535
#1196444 #1196616 #1196867 #1197158 #1197659
#1197755 #1197756 #1197757 #1197760 #1197763
#1197920 #1198971 #1199255 #1199291 #1200084
#1200313 #1200431 #1200622 #1200845 #1200868
#1200869 #1200870 #1200871 #1200872 #1200873
#1201019 #1201309 #1201310 #1201420 #1201442
#1201489 #1201610 #1201645 #1201705 #1201726
#1201865 #1201948 #1201990 #1202095 #1202096
#1202097 #1202154 #1202341 #1202346 #1202347
#1202385 #1202393 #1202396 #1202447 #1202577
#1202636 #1202672 #1202677 #1202701 #1202708
#1202709 #1202710 #1202711 #1202712 #1202713
#1202714 #1202715 #1202716 #1202717 #1202718
#1202720 #1202722 #1202745 #1202756 #1202810
#1202811 #1202860 #1202895 #1202898 #1202960
#1202984 #1203063 #1203098 #1203107 #1203116
#1203117 #1203135 #1203136 #1203137 #1203159
#1203313 #1203389 #1203410 #1203424 #1203552
#1203622 #1203737 #1203769 #1203906 #1203909
#1203933 #1203935 #1203939 #1203987 #1203992
PED-529 SLE-24635
Cross-References: CVE-2016-3695 CVE-2020-16119 CVE-2020-27784
CVE-2020-36516 CVE-2021-4155 CVE-2021-4203
CVE-2022-20368 CVE-2022-20369 CVE-2022-2503
CVE-2022-2586 CVE-2022-2588 CVE-2022-26373
CVE-2022-2639 CVE-2022-2663 CVE-2022-2905
CVE-2022-2977 CVE-2022-3028 CVE-2022-3239
CVE-2022-3303 CVE-2022-36879 CVE-2022-39188
CVE-2022-39190 CVE-2022-41218 CVE-2022-41222
CVE-2022-41848 CVE-2022-41849
CVSS scores:
CVE-2016-3695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2016-3695 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-27784 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-27784 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2021-4155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-2905 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2905 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39190 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39190 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 26 vulnerabilities, contains two
features and has 89 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in
net/netfilter/nf_tables_api.c and could cause a denial of service upon
binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke
descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
the message handling could be confused and incorrectly matches the
message (bnc#1202097).
- CVE-2022-2639: Fixed an integer coercion error that was found in the
openvswitch kernel module (bnc#1202154).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way
XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
an attacker was able to inject data into or terminate a victim's TCP
session (bnc#1196616).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl()
printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in
drivers/acpi/apei/einj.c that allowed users to simulate hardware errors
and consequently cause a denial of service (bnc#1023051).
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to
improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in
drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that
could lead a local user to able to crash the system or escalate their
privileges (bnc#1203552).
- CVE-2022-41848: Fixed a race condition and resultant use-after-free if a
physically proximate attacker removes a PCMCIA device while calling
ioctl (bnc#1203987).
- CVE-2022-41849: Fixed a race condition and resultant use-after-free if a
physically proximate attacker removes a USB device while calling open
(bnc#1203992).
- CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft
table is deleted (bnc#1202095).
- CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap
lock is not held during a PUD move (bnc#1203622).
- CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads
allowed users with root privileges to switch out the target with an
equivalent dm-linear target and bypass verification till reboot. This
allowed root to bypass LoadPin and can be used to load untrusted and
unverified kernel modules and firmware, which implies arbitrary kernel
execution and persistence for peripherals that do not verify firmware
updates (bnc#1202677).
- CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a
local attacker due to reuse of a DCCP socket. (bnc#1177471)
The following non-security bugs were fixed:
- ACPI: APEI: Better fix to avoid spamming the console with old error logs
(git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
(git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
(git-fixes).
- ACPI: video: Force backlight native for some TongFang devices
(git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name
only (git-fixes).
- ALSA: aloop: Fix random zeros in capture data when using jiffies timer
(git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: emu10k1: Fix out of bounds access in
snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
(git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
(git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
(git-fixes).
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine
(git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP
machines (git-fixes).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in
__snd_usb_parse_audio_interface() (git-fixes).
- ALSA: usb-audio: fix spelling mistakes (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly
(git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
(git-fixes).
- ALSA: usb-audio: Register card again for iface over delayed_register
option (git-fixes).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
(git-fixes).
- ARM: 9077/1: PLT: Move struct plt_entries definition to header
(git-fixes).
- ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
(git-fixes).
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without
DYNAMIC_FTRACE (git-fixes).
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
(git-fixes)
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to
(bsc#1202341)
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id
(git-fixes)
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
(git-fixes)
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- arm64: kexec_file: use more system keyrings to verify kernel image
signature (bsc#1196444).
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- arm64: mm: fix p?d_leaf() (git-fixes)
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds
(git-fixes)
- arm64: mm: Validate hotplug range before creating linear mapping
(git-fixes)
- arm64: signal: nofpsimd: Do not allocate fp/simd context when not
available (git-fixes).
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
(git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
(git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
(git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- blk-iocost: clamp inuse and skip noops in __propagate_weights()
(bsc#1202722).
- blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).
- blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).
- blk-iocost: rename propagate_active_weights() to propagate_weights()
(bsc#1202722).
- blktrace: fix blk_rq_merge documentation (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
(git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- bpf: Compile out btf_parse_module() if module BTF is not enabled
(git-fixes).
- bus: hisi_lpc: fix missing platform_device_put() in
hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames
(git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
(git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
(git-fixes).
- can: m_can: process interrupt only when not runtime suspended
(git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it
(git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).
- ceph: do not truncate file in atomic_open (bsc#1202811).
- cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
(bsc#1203906).
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- cgroup: Use separate src/dst nodes when preloading css_sets for
migration (bsc#1201610).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
(git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
(git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
(git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from the PHY
(git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral
(git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it
(git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled
(git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains (git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
- drm/amdgpu: remove useless condition in
amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent()
failed (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations()
error (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
- drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
(git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
(git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
(git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
(git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform
(git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/radeon: add a force flush to delay work when radeon (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in
ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state()
(git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes
(git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable
iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes
(git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges
(git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
(git-fixes).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).
- ext4: fix overhead calculation to account for the reserved gdt blocks
(bsc#1200869).
- ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no
sense (bsc#1200870).
- ext4: recover csum seed of tmp_inode after migrating to extents
(bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
(git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area
(git-fixes).
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
(git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped
pages (bsc#1200873).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace
is dead (git-fixes).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
(git-fixes).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
(git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
(git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
(git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info
(bsc#1202701).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: Fix a potential use after free (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- ice: report supported and advertised autoneg using PHY capabilities
(git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large
(git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is configured
(bsc#1203737).
- Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(git-fixes).
- Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement
(git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
(git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly
(git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference
(git-fixes).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
(git-fixes).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal
aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in
jbd2_journal_commit_transaction() (bsc#1202715).
- jfs: fix GPF in diFree (bsc#1203389).
- JFS: fix memleak in jfs_mount (git-fixes).
- JFS: more checks for invalid superblock (git-fixes).
- jfs: prevent NULL deref in diFree (bsc#1203389).
- kABI: cgroup: Restore KABI of css_set (bsc#1201610).
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- kabi/severities: add stmmac driver local sumbols
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: do not verify the signature without the lockdown or mandatory
signature (bsc#1203737).
- kexec: drop weak attribute from arch_kexec_apply_relocations[_add]
(bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec: KEYS, s390: Make use of built-in and secondary keyring for
signature verification (bsc#1196444).
- kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2
(bsc#1201442)
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
(git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
(git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
(git-fixes).
- KVM: PPC: Book3S HV: Context tracking exit guest context before enabling
irqs (bsc#1065729).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
(bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
(bsc#1156395).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant
(bsc#1156395).
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled
(git-fixes).
- KVM: x86: accept userspace interrupt only if no event is injected
(git-fixes).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
(git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical
#GP (git-fixes).
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc()
(git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- list: add "list_del_init_careful()" to go with "list_empty_careful()"
(bsc#1202745).
- locking/lockdep: Avoid potential access of invalid memory in lock_class
(git-fixes).
- loop: Fix missing discard support when using LOOP_CONFIGURE
(bsc#1202718).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md-raid10: fix KASAN warning (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: rc: increase rc-mm tolerance and add debug message (git-fixes).
- media: rtl28xxu: add missing sleep before probing slave demod
(git-fixes).
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle
(git-fixes).
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- media: smipcie: fix interrupt handling and IR timeout (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device()
(git-fixes).
- media: v4l2-mem2mem: always consider OUTPUT queue during poll
(git-fixes).
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
(git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: fix page reference leak in soft_offline_page() (git fixes
(mm/memory-failure)).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
bsc#1203159).
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock
(bsc#1201990).
- mm: rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- mm: smaps*: extend smap_gather_stats to support specified beginning
(bsc#1201990).
- mmap locking API: add mmap_lock_is_contended() (bsc#1201990).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe()
(git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
(git-fixes).
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
(git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
(git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle
(git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
(git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
(git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params (git-fixes).
- net: davinci_emac: Fix incorrect masking of tx and rx error channel
(git-fixes).
- net: dsa: b53: fix an off by one in checking "vlan->vid" (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- net: enetc: Use pci_release_region() to release some resources
(git-fixes).
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- net: ethernet: ezchip: fix error handling (git-fixes).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- net: ethernet: ezchip: remove redundant check (git-fixes).
- net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
(git-fixes).
- net: fec_ptp: add clock rate zero check (git-fixes).
- net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).
- net: hns: Fix kernel-doc (git-fixes).
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- net: lapbether: Prevent racing when checking whether the netif is
running (git-fixes).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in
ethtool (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in
SIOCSHWTSTAMP (git-fixes).
- net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).
- net: netcp: Fix an error message (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer (git-fixes).
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).
- net: stmmac: dwmac1000: Fix extended MAC address registers definition
(git-fixes).
- net: stmmac: Modify configuration method of EEE timers (git-fixes).
- net: stmmac: Use resolved link config in mac_link_up() (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in
vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in
vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c
(bsc#1200431).
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
(git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent methods
(git-fixes).
- net/mlx5e: Check for needed capability for cvlan matching (git-fixes).
- net/sonic: Fix a resource leak in an error handling path in
'jazz_sonic_probe()' (git-fixes).
- NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- NFS: Fix races in the legacy idmapper upcall (git-fixes).
- NFS: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
- NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error
(git-fixes).
- NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFS: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
(git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: fix use-after-free due to delegation race (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvme: fix RCU hole that allowed for endless looping in multipath round
robin (bsc#1202636).
- nvmet: Expose max queues to configfs (bsc#1201865).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- ocfs2: drop acl cache for directories too (bsc#1191667).
- ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
- of/device: Fix up of_dma_configure_id() stub (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
(git-fixes).
- PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists
(git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU
(git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization
(git-fixes).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces
(bsc#1200845).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
(bsc#1200845).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
(git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI/portdrv: Do not disable AER reporting in
get_port_device_capability() (git-fixes).
- perf bench: Share some global variables to fix build with gcc 10
(git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
(git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap
fixes (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- PM: runtime: Remove link state checks in rpm_get/put_supplier()
(git-fixes).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for
PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot
(bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
(bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- profiling: fix shift too large makes kernel panic (git-fixes).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- psi: Fix uaf issue when psi trigger is destroyed while being polled
(bsc#1203909).
- qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness()
(git-fixes).
- random: remove useless header comment (git fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- regulator: core: Clean up on enable failure (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
(git-fixes).
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
(bsc#1202714).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config
(git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space
(git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied
(git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE
(git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594
LTC#197522).
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode (bsc#1202984
LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984
LTC#199607).
- s390/qeth: set static link info during initialization (bsc#1202984
LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984
LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607).
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- sched/fair: Revise comment about lb decision matrix (git fixes
(sched/fair)).
- sched/membarrier: fix missing local execution of ipi_sync_rq_state()
(git fixes (sched/membarrier)).
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
(git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID
cases (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling
(bsc#1203939).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE
(bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload
(bsc#1203939).
- scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same
NPort ID (bsc#1203939).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for
GFT_ID (bsc#1203063).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT
discovery (bsc#1203063).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed
phba (bsc#1185032 bsc#1203939).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
(bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE
(bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential padding
(bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency
(bsc#1203939).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Update congestion mode logging for Emulex SAN Manager
application (bsc#1203939).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status
(bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()
(bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational
(bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading
stale packets" (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: sg: Allow waiting for commands to complete on removed device
(git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in
dw8250_tx_wait_empty() (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for tegra20 and
tegra30 (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
(git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
(git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct
IO compeletion") (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).
- SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: fix expiry of auth creds (git-fixes).
- SUNRPC: Fix misplaced barrier in call_decode (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before reuse
(git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions
(git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
(git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h
(git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes
(kernel/time)).
- tools/thermal: Fix possible path truncations (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
- tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit
engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- USB: core: Fix RST error in hub.c (git-fixes).
- USB: core: Prevent nested device-reset calls (git-fixes).
- USB: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- USB: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- USB: dwc3: disable USB core PHY management (git-fixes).
- USB: dwc3: ep0: Fix delay status handling (git-fixes).
- USB: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).
- USB: dwc3: gadget: Fix IN endpoint max packet size allocation
(git-fixes).
- USB: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- USB: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).
- USB: dwc3: gadget: Remove unnecessary checks (git-fixes).
- USB: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback
(git-fixes).
- USB: dwc3: gadget: Store resource index of start cmd (git-fixes).
- USB: dwc3: qcom: fix missing optional irq warnings.
- USB: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).
- USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now useless
comments (git-fixes).
- USB: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
(git-fixes).
- USB: gadget: u_audio: fix race condition on endpoint stop (git-fixes).
- USB: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- USB: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- USB: gadget: uvc: call uvc uvcg_warn on completed status instead of
uvcg_info (git-fixes).
- USB: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- USB: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- USB: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- USB: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- USB: otg-fsm: Fix hrtimer list corruption (git-fixes).
- USB: renesas: Fix refcount leak bug (git-fixes).
- USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- USB: serial: ch341: fix lost character on LCR updates (git-fixes).
- USB: serial: ch341: name prescaler, divisor registers (git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
(git-fixes).
- USB: serial: option: add support for OPPO R11 diag port (git-fixes).
- USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).
- USB: storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- USB: struct usb_device: hide new member (git-fixes).
- USB: typec: altmodes/displayport: correct pin assignment for UFP
receptacles (git-fixes).
- USB: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion
(git-fixes).
- USB: xhci: tegra: Fix error check (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
(git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io()
(git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines
(bsc#1199291, jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC
(bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device()
(bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291,
jsc#SLE-24635).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support
(bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in
vsock_connect_timeout() (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in
armada_37xx_wdt_probe() (git-fixes).
- watchdog: wdat_wdt: Set the min and max timeout values properly
(bsc#1194023).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
(git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
(git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is
disconnected (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
(git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
(git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()` (git-fixes).
- x86/bugs: Reenable retbleed=off While for older kernels the return
thunks are statically built in and cannot be dynamically patched out,
retbleed=off should still work so that it can be disabled.
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- x86/olpc: fix 'logical not is only applied to the left hand side'
(git-fixes).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: mark a data structure sick if there are cross-referencing errors
(git-fixes).
- xfs: only reset incore inode health state flags when reclaiming an inode
(git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3609=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3609=1
Package List:
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-150300.38.80.1
kernel-source-azure-5.3.18-150300.38.80.1
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.80.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.80.1
dlm-kmp-azure-5.3.18-150300.38.80.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.80.1
gfs2-kmp-azure-5.3.18-150300.38.80.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.80.1
kernel-azure-5.3.18-150300.38.80.1
kernel-azure-debuginfo-5.3.18-150300.38.80.1
kernel-azure-debugsource-5.3.18-150300.38.80.1
kernel-azure-devel-5.3.18-150300.38.80.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.80.1
kernel-azure-extra-5.3.18-150300.38.80.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.80.1
kernel-azure-livepatch-devel-5.3.18-150300.38.80.1
kernel-azure-optional-5.3.18-150300.38.80.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.80.1
kernel-syms-azure-5.3.18-150300.38.80.1
kselftests-kmp-azure-5.3.18-150300.38.80.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.80.1
ocfs2-kmp-azure-5.3.18-150300.38.80.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.80.1
reiserfs-kmp-azure-5.3.18-150300.38.80.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.80.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
kernel-devel-azure-5.3.18-150300.38.80.1
kernel-source-azure-5.3.18-150300.38.80.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
kernel-azure-5.3.18-150300.38.80.1
kernel-azure-debuginfo-5.3.18-150300.38.80.1
kernel-azure-debugsource-5.3.18-150300.38.80.1
kernel-azure-devel-5.3.18-150300.38.80.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.80.1
kernel-syms-azure-5.3.18-150300.38.80.1
References:
https://www.suse.com/security/cve/CVE-2016-3695.html
https://www.suse.com/security/cve/CVE-2020-16119.html
https://www.suse.com/security/cve/CVE-2020-27784.html
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2021-4155.html
https://www.suse.com/security/cve/CVE-2021-4203.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-2503.html
https://www.suse.com/security/cve/CVE-2022-2586.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2639.html
https://www.suse.com/security/cve/CVE-2022-2663.html
https://www.suse.com/security/cve/CVE-2022-2905.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-3239.html
https://www.suse.com/security/cve/CVE-2022-3303.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://www.suse.com/security/cve/CVE-2022-39190.html
https://www.suse.com/security/cve/CVE-2022-41218.html
https://www.suse.com/security/cve/CVE-2022-41222.html
https://www.suse.com/security/cve/CVE-2022-41848.html
https://www.suse.com/security/cve/CVE-2022-41849.html
https://bugzilla.suse.com/1023051
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1177471
https://bugzilla.suse.com/1179722
https://bugzilla.suse.com/1179723
https://bugzilla.suse.com/1181862
https://bugzilla.suse.com/1185032
https://bugzilla.suse.com/1191662
https://bugzilla.suse.com/1191667
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1192594
https://bugzilla.suse.com/1194023
https://bugzilla.suse.com/1194272
https://bugzilla.suse.com/1194535
https://bugzilla.suse.com/1196444
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1196867
https://bugzilla.suse.com/1197158
https://bugzilla.suse.com/1197659
https://bugzilla.suse.com/1197755
https://bugzilla.suse.com/1197756
https://bugzilla.suse.com/1197757
https://bugzilla.suse.com/1197760
https://bugzilla.suse.com/1197763
https://bugzilla.suse.com/1197920
https://bugzilla.suse.com/1198971
https://bugzilla.suse.com/1199255
https://bugzilla.suse.com/1199291
https://bugzilla.suse.com/1200084
https://bugzilla.suse.com/1200313
https://bugzilla.suse.com/1200431
https://bugzilla.suse.com/1200622
https://bugzilla.suse.com/1200845
https://bugzilla.suse.com/1200868
https://bugzilla.suse.com/1200869
https://bugzilla.suse.com/1200870
https://bugzilla.suse.com/1200871
https://bugzilla.suse.com/1200872
https://bugzilla.suse.com/1200873
https://bugzilla.suse.com/1201019
https://bugzilla.suse.com/1201309
https://bugzilla.suse.com/1201310
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201442
https://bugzilla.suse.com/1201489
https://bugzilla.suse.com/1201610
https://bugzilla.suse.com/1201645
https://bugzilla.suse.com/1201705
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201865
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1201990
https://bugzilla.suse.com/1202095
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202097
https://bugzilla.suse.com/1202154
https://bugzilla.suse.com/1202341
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202385
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202396
https://bugzilla.suse.com/1202447
https://bugzilla.suse.com/1202577
https://bugzilla.suse.com/1202636
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202677
https://bugzilla.suse.com/1202701
https://bugzilla.suse.com/1202708
https://bugzilla.suse.com/1202709
https://bugzilla.suse.com/1202710
https://bugzilla.suse.com/1202711
https://bugzilla.suse.com/1202712
https://bugzilla.suse.com/1202713
https://bugzilla.suse.com/1202714
https://bugzilla.suse.com/1202715
https://bugzilla.suse.com/1202716
https://bugzilla.suse.com/1202717
https://bugzilla.suse.com/1202718
https://bugzilla.suse.com/1202720
https://bugzilla.suse.com/1202722
https://bugzilla.suse.com/1202745
https://bugzilla.suse.com/1202756
https://bugzilla.suse.com/1202810
https://bugzilla.suse.com/1202811
https://bugzilla.suse.com/1202860
https://bugzilla.suse.com/1202895
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1202960
https://bugzilla.suse.com/1202984
https://bugzilla.suse.com/1203063
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203107
https://bugzilla.suse.com/1203116
https://bugzilla.suse.com/1203117
https://bugzilla.suse.com/1203135
https://bugzilla.suse.com/1203136
https://bugzilla.suse.com/1203137
https://bugzilla.suse.com/1203159
https://bugzilla.suse.com/1203313
https://bugzilla.suse.com/1203389
https://bugzilla.suse.com/1203410
https://bugzilla.suse.com/1203424
https://bugzilla.suse.com/1203552
https://bugzilla.suse.com/1203622
https://bugzilla.suse.com/1203737
https://bugzilla.suse.com/1203769
https://bugzilla.suse.com/1203906
https://bugzilla.suse.com/1203909
https://bugzilla.suse.com/1203933
https://bugzilla.suse.com/1203935
https://bugzilla.suse.com/1203939
https://bugzilla.suse.com/1203987
https://bugzilla.suse.com/1203992
1
0
openSUSE-SU-2022:10152-1: important: Security update for virtualbox
by opensuse-security@opensuse.org 17 Oct '22
by opensuse-security@opensuse.org 17 Oct '22
17 Oct '22
openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10152-1
Rating: important
References: #1201720 #1203086 #1203306 #1203370 #1203735
#1204019
Cross-References: CVE-2022-21554 CVE-2022-21571
CVSS scores:
CVE-2022-21554 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21554 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21571 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-21571 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves two vulnerabilities and has four
fixes is now available.
Description:
This update for virtualbox fixes the following issues:
- Version bump to 6.1.38r86 released by Oracle September 02 2022
This is a maintenance release. The following items were fixed and/or added:
- GUI: Improvements in Native Language Support area
- Main: OVF Export: Added support for exporting VMs containing Virtio-SCSI
controllers
- Recording settings: Fixed a regression which could cause not starting
the COM server (VBoxSVC) under certain circumstances (bug #21034)
- Recording: More deterministic naming for recorded files (will now
overwrite old .webm files if present)
- Linux Host and Guest Additions installer: Improved check for systemd
presence in the system (bug #19033)
- Linux Guest Additions: Introduced initial support for kernel 6.0
- Linux Guest Additions: Additional fixes for kernel RHEL 9.1 (bug #21065)
- Windows Guest Additions: Improvements in Drag and Drop area
Fixes permission problem with /dev/vboxuser (boo#1203370) Fixes missing
firewall opening (boo#1203086)
- Fixes boo#1201720 CVE items for CVE-2022-21571, CVE-2022-21554
- Add a "Provides: virtualbox-guest-x11" to virtualbox-guest-tools.
(boo#1203735)
- Fixed VBoxClient: VbglR3InitUser failed: VERR_ACCESS_DENIED (boo#1204019)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-2022-10152=1
Package List:
- openSUSE Leap 15.4 (x86_64):
python3-virtualbox-6.1.38-lp154.2.15.1
python3-virtualbox-debuginfo-6.1.38-lp154.2.15.1
virtualbox-6.1.38-lp154.2.15.1
virtualbox-debuginfo-6.1.38-lp154.2.15.1
virtualbox-debugsource-6.1.38-lp154.2.15.1
virtualbox-devel-6.1.38-lp154.2.15.1
virtualbox-guest-tools-6.1.38-lp154.2.15.1
virtualbox-guest-tools-debuginfo-6.1.38-lp154.2.15.1
virtualbox-kmp-debugsource-6.1.38-lp154.2.15.1
virtualbox-kmp-default-6.1.38_k5.14.21_150400.24.21-lp154.2.15.1
virtualbox-kmp-default-debuginfo-6.1.38_k5.14.21_150400.24.21-lp154.2.15.1
virtualbox-qt-6.1.38-lp154.2.15.1
virtualbox-qt-debuginfo-6.1.38-lp154.2.15.1
virtualbox-vnc-6.1.38-lp154.2.15.1
virtualbox-websrv-6.1.38-lp154.2.15.1
virtualbox-websrv-debuginfo-6.1.38-lp154.2.15.1
- openSUSE Leap 15.4 (noarch):
virtualbox-guest-desktop-icons-6.1.38-lp154.2.15.1
virtualbox-guest-source-6.1.38-lp154.2.15.1
virtualbox-host-source-6.1.38-lp154.2.15.1
References:
https://www.suse.com/security/cve/CVE-2022-21554.html
https://www.suse.com/security/cve/CVE-2022-21571.html
https://bugzilla.suse.com/1201720
https://bugzilla.suse.com/1203086
https://bugzilla.suse.com/1203306
https://bugzilla.suse.com/1203370
https://bugzilla.suse.com/1203735
https://bugzilla.suse.com/1204019
1
0
SUSE-SU-2022:3598-1: important: Security update for exiv2
by opensuse-security@opensuse.org 17 Oct '22
by opensuse-security@opensuse.org 17 Oct '22
17 Oct '22
SUSE Security Update: Security update for exiv2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3598-1
Rating: important
References: #1076579 #1086798 #1086810 #1092096 #1114690
#1185447 #1186192 #1188733 #1188756 #1189330
#1189331 #1189332 #1189333 #1189636 #1189780
Cross-References: CVE-2018-10772 CVE-2018-18915 CVE-2018-5772
CVE-2018-8976 CVE-2018-8977 CVE-2020-18898
CVE-2020-18899 CVE-2021-29470 CVE-2021-31291
CVE-2021-31292 CVE-2021-32617 CVE-2021-37618
CVE-2021-37619 CVE-2021-37620 CVE-2021-37621
CVSS scores:
CVE-2018-10772 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-10772 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-18915 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-18915 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-5772 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-5772 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-8976 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-8976 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-8977 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-8977 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2020-18898 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-18898 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-18899 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-18899 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-29470 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-29470 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-31291 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-31292 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-31292 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-32617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-32617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-37618 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-37618 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-37619 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-37619 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-37620 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-37620 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-37621 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-37621 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 15 vulnerabilities is now available.
Description:
This update for exiv2 fixes the following issues:
- CVE-2021-37621: Fixed denial of service due to infinite loop in
Image:printIFDStructure (bsc#1189333).
- CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read()
(bsc#1189332).
- CVE-2021-37619: Fixed out-of-bounds read in
Exiv2:Jp2Image:encodeJp2Header (bsc#1189331).
- CVE-2021-37618: Fixed out-of-bounds read in
Exiv2:Jp2Image:printStructure (bsc#1189330).
- CVE-2021-32617: Fixed denial of service inside inefficient algorithm
(quadratic complexity) (bsc#1186192).
- CVE-2021-31292: Fixed integer overflow in CrwMap:encode0x1810
(bsc#1188756).
- CVE-2021-31291: Fixed heap-based buffer overflow vulnerability in
jp2image.cpp may lead to a denial of service (bsc#1188733).
- CVE-2021-29470: Fixed out-of-bounds read in
Exiv2:Jp2Image:encodeJp2Header (bsc#1185447).
- CVE-2020-18899: Fixed uncontrolled memory allocation (bsc#1189636).
- CVE-2020-18898: Fixed remote denial of service in printIFDStructure
function (bsc#1189780).
- CVE-2018-8977: Fixed remote denial of service in
Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp
(bsc#1086798).
- CVE-2018-8976: Fixed remote denial of service in image.cpp
Exiv2::Internal::stringFormat via out-of-bounds read (bsc#1086810).
- CVE-2018-5772: Fixed segmentation fault caused by uncontrolled recursion
inthe Exiv2::Image::printIFDStructure (bsc#1076579).
- CVE-2018-18915: Fixed an infinite loop in the
Exiv2:Image:printIFDStructure function (bsc#1114690).
- CVE-2018-10772: Fixed segmentation fault when the function
Exiv2::tEXtToDataBuf() is finished (bsc#1092096).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3598=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3598=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3598=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3598=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3598=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3598=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3598=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3598=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3598=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3598=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3598=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3598=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3598=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3598=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3598=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3598=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3598=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3598=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3598=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3598=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3598=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3598=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3598=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
exiv2-0.26-150000.6.16.1
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
libexiv2-doc-0.26-150000.6.16.1
- openSUSE Leap 15.4 (x86_64):
libexiv2-26-32bit-0.26-150000.6.16.1
libexiv2-26-32bit-debuginfo-0.26-150000.6.16.1
- openSUSE Leap 15.4 (noarch):
exiv2-lang-0.26-150000.6.16.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
exiv2-0.26-150000.6.16.1
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
libexiv2-doc-0.26-150000.6.16.1
- openSUSE Leap 15.3 (noarch):
exiv2-lang-0.26-150000.6.16.1
- openSUSE Leap 15.3 (x86_64):
libexiv2-26-32bit-0.26-150000.6.16.1
libexiv2-26-32bit-debuginfo-0.26-150000.6.16.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Manager Proxy 4.1 (x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
- SUSE CaaS Platform 4.0 (x86_64):
exiv2-debuginfo-0.26-150000.6.16.1
exiv2-debugsource-0.26-150000.6.16.1
libexiv2-26-0.26-150000.6.16.1
libexiv2-26-debuginfo-0.26-150000.6.16.1
libexiv2-devel-0.26-150000.6.16.1
References:
https://www.suse.com/security/cve/CVE-2018-10772.html
https://www.suse.com/security/cve/CVE-2018-18915.html
https://www.suse.com/security/cve/CVE-2018-5772.html
https://www.suse.com/security/cve/CVE-2018-8976.html
https://www.suse.com/security/cve/CVE-2018-8977.html
https://www.suse.com/security/cve/CVE-2020-18898.html
https://www.suse.com/security/cve/CVE-2020-18899.html
https://www.suse.com/security/cve/CVE-2021-29470.html
https://www.suse.com/security/cve/CVE-2021-31291.html
https://www.suse.com/security/cve/CVE-2021-31292.html
https://www.suse.com/security/cve/CVE-2021-32617.html
https://www.suse.com/security/cve/CVE-2021-37618.html
https://www.suse.com/security/cve/CVE-2021-37619.html
https://www.suse.com/security/cve/CVE-2021-37620.html
https://www.suse.com/security/cve/CVE-2021-37621.html
https://bugzilla.suse.com/1076579
https://bugzilla.suse.com/1086798
https://bugzilla.suse.com/1086810
https://bugzilla.suse.com/1092096
https://bugzilla.suse.com/1114690
https://bugzilla.suse.com/1185447
https://bugzilla.suse.com/1186192
https://bugzilla.suse.com/1188733
https://bugzilla.suse.com/1188756
https://bugzilla.suse.com/1189330
https://bugzilla.suse.com/1189331
https://bugzilla.suse.com/1189332
https://bugzilla.suse.com/1189333
https://bugzilla.suse.com/1189636
https://bugzilla.suse.com/1189780
1
0
SUSE-SU-2022:3596-1: important: Security update for squid
by opensuse-security@opensuse.org 17 Oct '22
by opensuse-security@opensuse.org 17 Oct '22
17 Oct '22
SUSE Security Update: Security update for squid
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3596-1
Rating: important
References: #1203677 #1203680
Cross-References: CVE-2022-41317 CVE-2022-41318
CVSS scores:
CVE-2022-41317 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-41318 (SUSE): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for squid fixes the following issues:
- CVE-2022-41317: Fixed exposure of sensitive information in cache
manager (bsc#1203677).
- CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication
(bsc#1203680).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3596=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3596=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3596=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3596=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3596=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3596=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3596=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3596=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3596=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3596=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3596=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3596=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3596=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3596=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3596=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3596=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3596=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3596=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3596=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3596=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3596=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Manager Proxy 4.1 (x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
- SUSE CaaS Platform 4.0 (x86_64):
squid-4.17-150000.5.35.1
squid-debuginfo-4.17-150000.5.35.1
squid-debugsource-4.17-150000.5.35.1
References:
https://www.suse.com/security/cve/CVE-2022-41317.html
https://www.suse.com/security/cve/CVE-2022-41318.html
https://bugzilla.suse.com/1203677
https://bugzilla.suse.com/1203680
1
0
SUSE-SU-2022:3597-1: important: Security update for expat
by opensuse-security@opensuse.org 17 Oct '22
by opensuse-security@opensuse.org 17 Oct '22
17 Oct '22
SUSE Security Update: Security update for expat
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3597-1
Rating: important
References: #1203438
Cross-References: CVE-2022-40674
CVSS scores:
CVE-2022-40674 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-40674 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in
xmlparse.c (bsc#1203438).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3597=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3597=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3597=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3597=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3597=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3597=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3597=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3597=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3597=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3597=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3597=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3597=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3597=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3597=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3597=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3597=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3597=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3597=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3597=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3597=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3597=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3597=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3597=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3597=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- openSUSE Leap 15.3 (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat-devel-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Manager Server 4.1 (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
expat-2.2.5-150000.3.22.1
expat-32bit-debuginfo-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Manager Proxy 4.1 (x86_64):
expat-2.2.5-150000.3.22.1
expat-32bit-debuginfo-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server for SAP 15 (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
expat-2.2.5-150000.3.22.1
expat-32bit-debuginfo-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
expat-2.2.5-150000.3.22.1
expat-32bit-debuginfo-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Enterprise Storage 7 (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
expat-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
- SUSE Enterprise Storage 6 (x86_64):
expat-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
- SUSE CaaS Platform 4.0 (x86_64):
expat-2.2.5-150000.3.22.1
expat-32bit-debuginfo-2.2.5-150000.3.22.1
expat-debuginfo-2.2.5-150000.3.22.1
expat-debugsource-2.2.5-150000.3.22.1
libexpat-devel-2.2.5-150000.3.22.1
libexpat1-2.2.5-150000.3.22.1
libexpat1-32bit-2.2.5-150000.3.22.1
libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1
libexpat1-debuginfo-2.2.5-150000.3.22.1
References:
https://www.suse.com/security/cve/CVE-2022-40674.html
https://bugzilla.suse.com/1203438
1
0
openSUSE-SU-2022:10151-1: important: Security update for chromium
by opensuse-security@opensuse.org 17 Oct '22
by opensuse-security@opensuse.org 17 Oct '22
17 Oct '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10151-1
Rating: important
References: #1204223
Cross-References: CVE-2022-3445 CVE-2022-3446 CVE-2022-3447
CVE-2022-3448 CVE-2022-3449 CVE-2022-3450
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 106.0.5249.119 (boo#1204223):
* CVE-2022-3445: Use after free in Skia
* CVE-2022-3446: Heap buffer overflow in WebSQL
* CVE-2022-3447: Inappropriate implementation in Custom Tabs
* CVE-2022-3448: Use after free in Permissions API
* CVE-2022-3449: Use after free in Safe Browsing
* CVE-2022-3450: Use after free in Peer Connection
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10151=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-106.0.5249.119-bp153.2.128.1
chromium-106.0.5249.119-bp153.2.128.1
References:
https://www.suse.com/security/cve/CVE-2022-3445.html
https://www.suse.com/security/cve/CVE-2022-3446.html
https://www.suse.com/security/cve/CVE-2022-3447.html
https://www.suse.com/security/cve/CVE-2022-3448.html
https://www.suse.com/security/cve/CVE-2022-3449.html
https://www.suse.com/security/cve/CVE-2022-3450.html
https://bugzilla.suse.com/1204223
1
0
SUSE-SU-2022:3594-1: important: Security update for qemu
by opensuse-security@opensuse.org 17 Oct '22
by opensuse-security@opensuse.org 17 Oct '22
17 Oct '22
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3594-1
Rating: important
References: #1175144 #1182282 #1192115 #1198035 #1198037
#1198038
Cross-References: CVE-2021-3409 CVE-2021-4206 CVE-2021-4207
CVE-2022-0216 CVE-2022-35414
CVSS scores:
CVE-2021-3409 (NVD) : 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3409 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 5 vulnerabilities and has one errata
is now available.
Description:
This update for qemu fixes the following issues:
- CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and
CVE-2020-25085 in sdhi controller. (bsc#1182282)
- CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead
to heap buffer overflow. (bsc#1198035)
- CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap
buffer overflow. (bsc#1198037)
- CVE-2022-0216: Fixed a use after free issue found in
hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation
that leads to a crash. (bsc#1201367)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3594=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3594=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3594=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3594=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3594=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3594=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3594=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3594=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3594=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3594=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3594=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
qemu-s390-4.2.1-150200.69.1
qemu-s390-debuginfo-4.2.1-150200.69.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
qemu-s390-4.2.1-150200.69.1
qemu-s390-debuginfo-4.2.1-150200.69.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Manager Server 4.1 (s390x x86_64):
qemu-kvm-4.2.1-150200.69.1
- SUSE Manager Server 4.1 (ppc64le):
qemu-ppc-4.2.1-150200.69.1
qemu-ppc-debuginfo-4.2.1-150200.69.1
- SUSE Manager Server 4.1 (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Manager Server 4.1 (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Manager Server 4.1 (s390x):
qemu-s390-4.2.1-150200.69.1
qemu-s390-debuginfo-4.2.1-150200.69.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
qemu-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Manager Proxy 4.1 (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Manager Proxy 4.1 (x86_64):
qemu-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le):
qemu-ppc-4.2.1-150200.69.1
qemu-ppc-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (s390x x86_64):
qemu-kvm-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le):
qemu-ppc-4.2.1-150200.69.1
qemu-ppc-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64):
qemu-arm-4.2.1-150200.69.1
qemu-arm-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (s390x):
qemu-s390-4.2.1-150200.69.1
qemu-s390-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
qemu-4.2.1-150200.69.1
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64):
qemu-arm-4.2.1-150200.69.1
qemu-arm-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64):
qemu-arm-4.2.1-150200.69.1
qemu-arm-debuginfo-4.2.1-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
qemu-4.2.1-150200.69.1
qemu-block-curl-4.2.1-150200.69.1
qemu-block-curl-debuginfo-4.2.1-150200.69.1
qemu-block-iscsi-4.2.1-150200.69.1
qemu-block-iscsi-debuginfo-4.2.1-150200.69.1
qemu-block-rbd-4.2.1-150200.69.1
qemu-block-rbd-debuginfo-4.2.1-150200.69.1
qemu-block-ssh-4.2.1-150200.69.1
qemu-block-ssh-debuginfo-4.2.1-150200.69.1
qemu-debuginfo-4.2.1-150200.69.1
qemu-debugsource-4.2.1-150200.69.1
qemu-guest-agent-4.2.1-150200.69.1
qemu-guest-agent-debuginfo-4.2.1-150200.69.1
qemu-lang-4.2.1-150200.69.1
qemu-tools-4.2.1-150200.69.1
qemu-tools-debuginfo-4.2.1-150200.69.1
qemu-ui-spice-app-4.2.1-150200.69.1
qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1
- SUSE Enterprise Storage 7 (aarch64):
qemu-arm-4.2.1-150200.69.1
qemu-arm-debuginfo-4.2.1-150200.69.1
- SUSE Enterprise Storage 7 (x86_64):
qemu-audio-alsa-4.2.1-150200.69.1
qemu-audio-alsa-debuginfo-4.2.1-150200.69.1
qemu-audio-pa-4.2.1-150200.69.1
qemu-audio-pa-debuginfo-4.2.1-150200.69.1
qemu-kvm-4.2.1-150200.69.1
qemu-ui-curses-4.2.1-150200.69.1
qemu-ui-curses-debuginfo-4.2.1-150200.69.1
qemu-ui-gtk-4.2.1-150200.69.1
qemu-ui-gtk-debuginfo-4.2.1-150200.69.1
qemu-x86-4.2.1-150200.69.1
qemu-x86-debuginfo-4.2.1-150200.69.1
- SUSE Enterprise Storage 7 (noarch):
qemu-ipxe-1.0.0+-150200.69.1
qemu-microvm-4.2.1-150200.69.1
qemu-seabios-1.12.1+-150200.69.1
qemu-sgabios-8-150200.69.1
qemu-vgabios-1.12.1+-150200.69.1
References:
https://www.suse.com/security/cve/CVE-2021-3409.html
https://www.suse.com/security/cve/CVE-2021-4206.html
https://www.suse.com/security/cve/CVE-2021-4207.html
https://www.suse.com/security/cve/CVE-2022-0216.html
https://www.suse.com/security/cve/CVE-2022-35414.html
https://bugzilla.suse.com/1175144
https://bugzilla.suse.com/1182282
https://bugzilla.suse.com/1192115
https://bugzilla.suse.com/1198035
https://bugzilla.suse.com/1198037
https://bugzilla.suse.com/1198038
1
0
openSUSE-SU-2022:10148-1: important: Security update for roundcubemail
by opensuse-security@opensuse.org 16 Oct '22
by opensuse-security@opensuse.org 16 Oct '22
16 Oct '22
openSUSE Security Update: Security update for roundcubemail
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10148-1
Rating: important
References: #1180132 #1180399
Cross-References: CVE-2019-10740 CVE-2020-12641 CVE-2020-16145
CVE-2020-35730
CVSS scores:
CVE-2019-10740 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2020-12641 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-16145 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2020-35730 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
openSUSE Backports SLE-15-SP3
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for roundcubemail fixes the following issues:
roundcubemail was updated to 1.5.3
* Enigma: Fix initial synchronization of private keys
* Enigma: Fix double quoted-printable encoding of pgp-signed messages with
no attachments (#8413)
* Fix various PHP8 warnings (#8392)
* Fix mail headers injection via the subject field on mail compose (#8404)
* Fix bug where small message/rfc822 parts could not be decoded (#8408)
* Fix setting HTML mode on reply/forward of a signed message (#8405)
* Fix handling of RFC2231-encoded attachment names inside of a
message/rfc822 part (#8418)
* Fix bug where some mail parts (images) could have not be listed as
attachments (#8425)
* Fix bug where attachment icons were stuck at the top of the messages
list in Safari (#8433)
* Fix handling of message/rfc822 parts that are small and are multipart
structures with a single part (#8458)
* Fix bug where session could time out if DB and PHP timezone were
different (#8303)
* Fix bug where DSN flag state wasn't stored with a draft (#8371)
* Fix broken encoding of HTML content encapsulated in a RTF attachment
(#8444)
* Fix problem with aria-hidden=true on toolbar menus in the Elastic skin
(#8517)
* Fix bug where title tag content was displayed in the body if it
contained HTML tags (#8540)
* Fix support for DSN specification without host e.g. pgsql:///dbname
(#8558)
update to 1.5.2
* OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214)
* OAuth: fix expiration of short-lived oauth tokens (#8147)
* OAuth: fix relative path to assets if /index.php/foo/bar url is used
(#8144)
* OAuth: no auto-redirect on imap login failures (#8370)
* OAuth: refresh access token in 'refresh' plugin hook (#8224)
* Fix so folder search parameters are honored by subscriptions_option
plugin (#8312)
* Fix password change with Directadmin driver (#8322, #8329)
* Fix so css files in plugins/jqueryui/themes will be minified too (#8337)
* Fix handling of unicode/special characters in custom From input (#8357)
* Fix some PHP8 compatibility issues (#8363)
* Fix chpass-wrapper.py helper compatibility with Python 3 (#8324)
* Fix scrolling and missing Close button in the Select image dialog in
Elastic/mobile (#8367)
* Security: fix cross-site scripting (XSS) via HTML messages with
malicious CSS content
- added Suggests: php-sqlite
- use the virtual provides from each PHP module, to allow the installation
of roundcubemail with various PHP versions. The only problem, we are
currently facing is the automatic enablement of the PHP apache module
during post-installation: Trying to evaluate the correct PHP module now
during post as well, which should eleminate the pre-definition of the
required PHP-Version during build completely. See
https://build.opensuse.org/request/show/940859 for the initial
discussion.
update to 1.5.1
* Fix importing contacts with no email address (#8227)
* Fix so session's search scope is not used if search is not active (#8199)
* Fix some PHP8 warnings (#8239)
* Fix so dark mode state is retained after closing the browser (#8237)
* Fix bug where new messages were not added to the list on refresh if
skip_deleted=true (#8234)
* Fix colors on "Show source" page in dark mode (#8246)
* Fix handling of dark_mode_support:false setting in skins meta.json -
also when devel_mode=false (#8249)
* Fix database initialization if db_prefix is a schema prefix (#8221)
* Fix undefined constant error in Installer on Windows (#8258)
* Fix installation/upgrade on MySQL 5.5 - Index column size too large
(#8231)
* Fix regression in setting of contact listing name (#8260)
* Fix bug in Larry skin where headers toggle state was reset on full page
preview (#8203)
* Fix bug where \u200b characters were added into the recipient input
preventing mail delivery (#8269)
* Fix charset conversion errors on PHP < 8 for charsets not supported by
mbstring (#8252)
* Fix bug where adding a contact to trusted senders via "Always allow
from..." button didn't work (#8264, #8268)
* Fix bug with show_images setting where option 1 and 3 were swapped
(#8268)
* Fix PHP fatal error on an undefined constant in contacts import action
(#8277)
* Fix fetching headers of multiple message parts at once in
rcube_imap_generic::fetchMIMEHeaders() (#8282)
* Fix bug where attachment download could sometimes fail with a CSRF check
error (#8283)
* Fix an infinite loop when parsing environment variables with
float/integer values (#8293)
* Fix so 'small-dark' logo has more priority than the 'small' logo (#8298)
update to 1.5.0
+ full PHP8 support
+ Dark mode for Elastic skin
+ OAuth2/XOauth support (with plugin hooks)
+ Collected recipients and trusted senders
+ Moving recipients between inputs with drag & drop
+ Full unicode support with MySQL database
+ Support of IMAP LITERAL- extension RFC 7888
<https://datatracker.ietf.org/doc/html/rfc7888>
+ Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231>
encoded names
+ Cache refactoring More at
https://github.com/roundcube/roundcubemail/releases/tag/1.5.0
+ added SECURITY.md to documentation
+ mark the whole documentation directory as documentation instead of
listing some files and others not (avoid duplicate entries in RPM-DB)
+ adjust requirements: php-intl is now required
update to 1.4.11 with security fix:
- Fix cross-site scripting (XSS) via HTML messages with malicious CSS
content
- add PHP version to Requires: and Recommends: to make sure the same
version is installed as used during packaging
- drop Requires: http_daemon (fixes boo#1180132) and Suggests: apache2
(which is already required though mod_php_any)
update to 1.4.10:
* Stored cross-site scripting (XSS) via HTML or plain text messages with
malicious content ( CVE-2020-35730 boo#1180399 )
* Fix extra angle brackets in In-Reply-To header derived from mailto:
params (#7655)
* Fix folder list issue when special folder is a subfolder (#7647)
* Fix Elastic's folder subscription toggle in search result (#7653)
* Fix state of subscription toggle on folders list after changing folder
state from the search result (#7653)
* Security: Fix cross-site scripting (XSS) via HTML or plain text messages
with malicious content
update to 1.4.9:
* Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11
(#7615)
* Add missing localization for some label/legend elements in userinfo
plugin (#7478)
* Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD)
* Fix restoring Cc/Bcc fields from local storage (#7554)
* Fix jstz.min.js installation, bump version to 1.0.7
* Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564)
* Fix link to closure compiler in bin/jsshrink.sh script (#7567)
* Fix bug where some parts of a message could have been missing in a
reply/forward body (#7568)
* Fix empty space on mail printouts in Chrome (#7604)
* Fix empty output from HTML5 parser when content contains XML tag (#7624)
* Fix scroll jump on key press in plain text mode of the HTML editor
(#7622)
* Fix so autocompletion list does not hide on scroll inside it (#7592)
update to 1.4.8 with security fixes:
* Fix cross-site scripting (XSS) via HTML messages with malicious svg
content (CVE-2020-16145)
* Fix cross-site scripting (XSS) via HTML messages with malicious math
content
update to 1.4.7 with security fix:
* Fix bug where subfolders of special folders could have been duplicated
on folder list
* Increase maximum size of contact jobtitle and department fields to 128
characters
* Fix missing newline after the logged line when writing to stdout (#7418)
* Elastic: Fix context menu (paste) on the recipient input (#7431)
* Fix problem with forwarding inline images attached to messages with no
HTML part (#7414)
* Fix problem with handling attached images with same name when using
database_attachments/redundant_attachments (#7455)
- add http.inc file
* include one file for php5/php7 admin flags/values
update to 1.4.5
Security fixes
* Fix XSS issue in template object 'username' (#7406)
* Fix cross-site scripting (XSS) via malicious XML attachment
* Fix a couple of XSS issues in Installer (#7406)
* Better fix for CVE-2020-12641
Other changes
* Fix bug in extracting required plugins from composer.json that led to
spurious error in log (#7364)
* Fix so the database setup description is compatible with MySQL 8 (#7340)
* Markasjunk: Fix regression in jsevent driver (#7361)
* Fix missing flag indication on collapsed thread in Larry and Elastic
(#7366)
* Fix default keyservers (use keys.openpgp.org), add note about CORS
(#7373, #7367)
* Password: Fix issue with Modoboa driver (#7372)
* Mailvelope: Use sender's address to find pubkeys to check signatures
(#7348)
* Mailvelope: Fix Encrypt button hidden in Elastic (#7353)
* Fix PHP warning: count(): Parameter must be an array or an object... in
ID command handler (#7392)
* Fix error when user-configured skin does not exist anymore (#7271)
* Elastic: Fix aspect ratio of a contact photo in mail preview (#7339)
* Fix bug where PDF attachments marked as inline could have not been
attached on mail forward (#7382)
* Security: Fix a couple of XSS issues in Installer (#7406)
* Security: Better fix for CVE-2020-12641
update to 1.4.4
* Fix bug where attachments with Content-Id were attached to the message
on reply (#7122)
* Fix identity selection on reply when both sender and recipient addresses
are included in identities (#7211)
* Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in
plain text editor when using Chrome (#7230)
* Elastic: Fix recipient input bug when using click to select a contact
from autocomplete list (#7231)
* Elastic: Fix color of a folder with recent messages (#7281)
* Elastic: Restrict logo size in print view (#7275)
* Fix invalid Content-Type for messages with only html part and inline
images * Mail_Mime-1.10.7 (#7261)
* Fix missing contact display name in QR Code data (#7257)
* Fix so button label in Select image/media dialogs is "Close" not
"Cancel" (#7246)
* Fix regression in testing database schema on MSSQL (#7227)
* Fix cursor position after inserting a group to a recipient input using
autocompletion (#7267)
* Fix string literals handling in IMAP STATUS (and various other)
responses (#7290)
* Fix bug where multiple images in a message were replaced by the first
one on forward/reply/edit (#7293)
* Fix handling keyservers configured with protocol prefix (#7295)
* Markasjunk: Fix marking as spam/ham on moving messages with Move menu
(#7189)
* Markasjunk: Fix bug where moving to Junk was failing on messages
selected with Select > All (#7206)
* Fix so imap error message is displayed to the user on folder
create/update (#7245)
* Fix bug where a special folder couldn't be created if a special-use flag
is not supported (#7147)
* Mailvelope: Fix bug where recipients with name were not handled properly
in mail compose (#7312)
* Fix characters encoding in group rename input after group
creation/rename (#7330)
* Fix bug where some message/rfc822 parts could not be attached on forward
(#7323)
* Make install-jsdeps.sh script working without the 'file' program
installed (#7325)
* Fix performance issue of parsing big HTML messages by disabling HTML5
parser for these (#7331)
* Fix so Print button for PDF attachments works on Firefox >= 75 (#5125)
update to 1.4.3
* Enigma: Fix so key list selection is reset when opening key creation
form (#7154)
* Enigma: Fix so using list checkbox selection does not load the key
preview frame
* Enigma: Fix generation of key pairs for identities with IDN domains
(#7181)
* Enigma: Display IDN domains of key users and identities in UTF8
* Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic
skin (#7205)
* Managesieve: Fix bug where it wasn't possible to save flag actions
(#7188)
* Markasjunk: Fix bug where marking as spam/ham didn't work on moving
messages with drag-and-drop (#7137)
* Password: Make chpass-wrapper.py Python 3 compatible (#7135)
* Elastic: Fix disappearing sidebar in mail compose after clicking Mail
button
* Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button
in mail compose
* Elastic: Fix bug where it was possible to switch editor mode when
'htmleditor' was in 'dont_override' (#7143)
* Elastic: Fix text selection in recipient inputs (#7129)
* Elastic: Fix missing Close button in "more recipients" dialog
* Elastic: Fix non-working folder subscription checkbox for newly added
folders (#7174)
* Fix regression where "Open in new window" action didn't work (#7155)
* Fix PHP Warning: array_filter() expects parameter 1 to be array, null
given in subscriptions_option plugin (#7165)
* Fix unexpected error message when mail refresh involves folder
auto-unsubscribe (#6923)
* Fix recipient duplicates in print-view when the recipient list has been
expanded (#7169)
* Fix bug where files in skins/ directory were listed on skins list (#7180)
* Fix bug where message parts with no Content-Disposition header and no
name were not listed on attachments list (#7117)
* Fix display issues with mail subject that contains line-breaks (#7191)
* Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime
fix (#7170)
* Fix regression where using an absolute path to SQLite database file on
Windows didn't work (#7196)
* Fix using unix:///path/to/socket.file in memcached driver (#7210)
- prefer brotli over gzip if brotli is available:
+ enable mod_brotli in roundcubemail-httpd.conf (after deflate)
+ enable brotli via a2enmod for new installations
update to 1.4.2:
* Plugin API: Make actionbefore, before, actionafter and after events
working with plugin actions (#7106)
* Managesieve: Replace "Filter disabled" with "Filter enabled" (#7028)
* Managesieve: Fix so modifier type select wasn't hidden after hiding
modifier select on header change
* Managesieve: Fix filter selection after removing a first filter (#7079)
* Markasjunk: Fix marking more than one message as spam/ham with
email_learn driver (#7121)
* Password: Fix kpasswd and smb drivers' double-escaping bug (#7092)
* Enigma: Add script to import keys from filesystem to the db storage (for
multihost)
* Installer: Fix DB Write test on SQLite database ("database is locked"
error) (#7064)
* Installer: Fix so SQLite DSN with a relative path to the database file
works in Installer
* Elastic: Fix contrast of warning toasts (#7058)
* Elastic: Simple search in pretty selects (#7072)
* Elastic: Fix hidden list widget on mobile/tablet when selecting folder
while search menu is open (#7120)
* Fix so type attribute on script tags is not used on HTML5 pages (#6975)
* Fix unread count after purge on a folder that is not currently selected
(#7051)
* Fix bug where Enter key didn't work on messages list in "List" layout
(#7052)
* Fix bug where deleting a saved search in addressbook caused display
issue on sources/groups list (#7061)
* Fix bug where a new saved search added after removing all searches
wasn't added to the list (#7061)
* Fix bug where a new contact group added after removing all groups from
addressbook wasn't added to the list
* Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035)
* Fix so use of Ctrl+A does not scroll the list (#7020)
* Fix/remove useless keyup event handler on username input in logon form
(#6970)
* Fix bug where cancelling switching from HTML to plain text didn't set
the flag properly (#7077)
* Fix bug where HTML reply could add an empty line with extra indentation
above the original message (#7088)
* Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist'
(#7107)
* Fix so displayed maximum attachment size depends also on
'max_message_size' (#7105)
* Fix bug where 'skins_allowed' option didn't enforce user skin preference
(#7080)
* Fix so contact's organization field accepts up to 128 characters (it was
50)
* Fix bug where listing tables in PostgreSQL database with db_prefix
didn't work (#7093)
* Fix bug where 'text' attribute on body tag was ignored when displaying
HTML message (#7109)
* Fix bug where next message wasn't displayed after delete in List mode
(#7096)
* Fix so number of contacts in a group is not limited to 200 when
redirecting to mail composer from Contacts (#6972)
* Fix malformed characters in HTML message with charset meta tag not in
head (#7116)
- php documentor is not needed on a productive system -> remove
- also fix /usr/bin/env calls for two vendor scripts
- skins now have some configurable files in their directories: move those
files over to /etc/roundcubemail/skins/
- move other text files (incl. vendor ones) out of the root directory (and
handle the LICENSE file a bit different)
- enable mod_filter and add AddOutputFilterByType for common media types
like html, javascript or xml
- enable php7 on newer openSUSE versions
- enable deflate, expires, filter, headers and setenvif on a new
installation - do not enable any module in case of an update
- recommend php-imagick for additional features
- fixed most of the shell scripts to contain /usr/bin/php
Upgrade to version 1.4.1:
* new defaults for smtp_* config options
* changed default password_charset to UTF-8
* login page returning 401 Unauthorized status
Upgrade to version 1.4.0:
* Update to jQuery 3.4.1
* Update to TinyMCE 4.8.2
* Update to jQuery-MiniColors 2.3.4
* Clarified 'address_book_type' option behavior (#6680)
* Added cookie mismatch detection, display an error message informing the
user to clear cookies
* Renamed 'log_session' option to 'session_debug'
* Removed 'delete_always' option (#6782)
* Don't log full session identifiers in userlogins log (#6625)
* Support $HasAttachment/$HasNoAttachment keywords (#6201)
* Support PECL memcached extension as a session and cache storage driver
(experimental)
* Switch to IDNA2008 variant (#6806)
* installto.sh: Add possibility to run the update even on the up-to-date
installation (#6533)
* Plugin API: Add 'render_folder_selector' hook
* Added 'keyservers' option to define list of HKP servers for
Enigma/Mailvelope (#6326)
* Added flag to disable server certificate validation via Mysql DSN
argument (#6848)
* Select all records on the current list page with CTRL + A (#6813)
* Use Left/Right Arrow keys to faster move over threaded messages list
(#6399)
* Changes in display_next setting (#6795):
* * Move it to Preferences > User Interface > Main Options
* * Make it apply to Contacts interface too
* * Make it apply only if deleting/moving a previewed message/contact
* Redis: Support connection to unix socket
* Put charset meta specification before a title tag, add page title
automatically (#6811)
* Elastic: Various internal refactorings
* Elastic: Add Prev/Next buttons on message page toolbar (#6648)
* Elastic: Close search options on Enter key press in quick-search input
(#6660)
* Elastic: Changed some icons (#6852)
* Elastic: Changed read/unread icons (#6636)
* Elastic: Changed "Move to..." icon (#6637)
* Elastic: Add hide/show for advanced preferences (#6632)
* Elastic: Add default icon on Settings/Preferences lists for external
plugins (#6814)
* Elastic: Add indicator for popover menu items that open a submenu (#6868)
* Elastic: Move compose attachments/options to the right side (#6839)
* Elastic: Add border/background to attachments list widget (#6842)
* Elastic: Add "Show unread messages" button to the search bar (#6587)
* Elastic: Fix bug where toolbar disappears on attachment menu use in
Chrome (#6677)
* Elastic: Fix folders list scrolling on touch devices (#6706)
* Elastic: Fix non-working pretty selects in Chrome browser (#6705)
* Elastic: Fix issue with absolute positioned mail content (#6739)
* Elastic: Fix bug where some menu actions could cause a browser popup
warning
* Elastic: Fix handling mailto: URL parameters in contact menu (#6751)
* Elastic: Fix keyboard navigation in some menus, e.g. the contact menu
* Elastic: Fix visual issue with long buttons in .boxwarning (#6797)
* Elastic: Fix handling new-line in text pasted to a recipient input
* Elastic: Fix so search is not reset when returning from the message
preview page (#6847)
* Larry: Fix regression where menu actions didn't work with keyboard
(#6740)
* ACL: Display user/group names (from ldap) instead of acl identifier
* Password: Added ldap_exop driver (#4992)
* Password: Added support for SSHA512 password algorithm (#6805)
* Managesieve: Fix bug where global includes were requested for vacation
(#6716)
* Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686)
* Managesieve: Fix so "Create filter" option does not show up when Filters
menu is disabled (#6723)
* Enigma: For verified signatures, display the user id associated with the
sender address (#5958)
* Enigma: Fix bug where revoked users/keys were not greyed out in key info
* Enigma: Fix error message when trying to encrypt with a revoked key
(#6607)
* Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
* Enigma: Fix bug where signature verification could have been skipped for
some message structures (#6838)
* Fix language selection for spellchecker in html mode (#6915)
* Fix css styles leak from replied/forwarded message to the rest of the
composed text (#6831)
* Fix invalid path to "add contact" icon when using assets_path setting
* Fix invalid path to blocked.gif when using assets_path setting (#6752)
* Fix so advanced search dialog is not automatically displayed on
searchonly addressbooks (#6679)
* Fix so an error is logged when more than one attachment plugin has been
enabled, initialize the first one (#6735)
* Fix bug where flag change could have been passed to a preview frame when
not expected
* Fix bug in HTML parser that could cause missing text fragments when
there was no head/body tag (#6713)
* Fix bug where HTML messages with a xml:namespace tag were not rendered
(#6697)
* Fix TinyMCE download location (#6694)
* Fix so "Open in new window" consistently displays "external window"
interface (#6659)
* Fix bug where next row wasn't selected after deleting a collapsed thread
(#6655)
* Fix bug where external content (e.g. mail body) was passed to templates
parsing code (#6640)
* Fix bug where attachment preview didn't work with x_frame_options=deny
(#6688)
* Fix so bin/install-jsdeps.sh returns error code on error (#6704)
* Fix bug where bmp images couldn't be displayed on some systems (#6728)
* Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp
(#6744)
* Fix bug where bold/strong text was converted to upper-case on
html-to-text conversion (6758)
* Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only
tld (#6746)
* Fix bug where Next/Prev button in mail view didn't work with
multi-folder search result (#6793)
* Fix bug where selection of columns on messages list wasn't working
* Fix bug in converting multi-page Tiff images to Jpeg (#6824)
* Fix bug where handling multiple messages from multi-folder search result
could not work (#6845)
* Fix bug where unread count wasn't updated after moving multi-folder
result (#6846)
* Fix wrong messages order after returning to a multi-folder search result
(#6836)
* Fix some PHP 7.4 compat. issues (#6884, #6866)
* Fix bug where it was possible to bypass the position:fixed CSS check in
received messages (#6898)
* Fix bug where some strict remote URIs in url() style were
unintentionally blocked (#6899)
* Fix bug where it was possible to bypass the CSS jail in HTML messages
using :root pseudo-class (#6897)
* Fix bug where it was possible to bypass href URI check with
data:application/xhtml+xml URIs (#6896)
* Changed 'password_charset' default to 'UTF-8' (#6522)
* Add skins_allowed option (#6483)
* SMTP GSSAPI support via krb_authentication plugin (#6417)
* Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385)
* Removed 'referer_check' option (#6440)
* Use constant prefix for temp file names, don't remove temp files from
other apps (#6511)
* Ignore 'Sender' header on Reply-All action (#6506)
* deluser.sh: Add option to delete users who have not logged in for more
than X days (#6340)
* HTML5 Upload Progress - as a replacement for the old server-side
solution (#6177)
* Prevent from using deprecated timezone names from jsTimezoneDetect
* Force session.gc_probability=1 when using custom session handlers (#6560)
* Support simple field labels (e.g. LetterHub examples) in csv imports
(#6541)
* Add cache busters also to images used by templates (#6610)
* Plugin API: Added 'raise_error' hook (#6199)
* Plugin API: Added 'common_headers' hook (#6385)
* Plugin API: Added 'ldap_connected' hook
* Enigma: Update to OpenPGPjs 4.2.1 - fixes user name encoding issues in
key generation (#6524)
* Enigma: Fixed multi-host synchronization of private and deleted keys and
pubring.kbx file
* Managesieve: Added support for 'editheader' extension - RFC5293 (#5954)
* Managesieve: Fix bug where custom header or variable could be lost on
form submission (#6594)
* Markasjunk: Integrate markasjunk2 features into markasjunk - marking as
non-junk + learning engine (#6504)
* Password: Added 'modoboa' driver (#6361)
* Password: Fix bug where password_dovecotpw_with_method setting could be
ignored (#6436)
* Password: Fix bug where new users could skip forced password change
(#6434)
* Password: Allow drivers to override default password comparisons (eg new
is not same as current) (#6473)
* Password: Allow drivers to override default strength checks (eg allow
for 'not the same as last x passwords') (#246)
* Passowrd: Allow drivers to define password strength rules displayed to
the user
* Password: Allow separate password saving and strength drivers for use of
strength checking services (#5040)
* Password: Add zxcvbn driver for checking password strength (#6479)
* Password: Disallow control characters in passwords
* Password: Add support for Plesk >= 17.8 (#6526)
* Elastic: Improved datepicker displayed always in parent window
* Elastic: On touch devices display attachment icons on messages list
(#6296)
* Elastic: Make menu button inactive if all subactions are inactive (#6444)
* Elastic: On mobile/tablet jump to the list on folder selection (#6415)
* Elastic: Various improvements on mail compose screen (#6413)
* Elastic: Support new-line char as a separator for pasted recipients
(#6460)
* Elastic: Improved UX of search dialogs (#6416)
* Elastic: Fix unwanted thread expanding when selecting a collapsed thread
in non-mobile mode (#6445)
* Elastic: Fix too small height of mailvelope mail preview frame (#6600)
* Elastic: Add "status bar" for mobile in mail composer
* Elastic: Add selection options on contacts list (#6595)
* Elastic: Fix unintentional layout preference overwrite (#6613)
* Elastic: Fix bug where Enigma options in mail compose could sometimes be
ignored (#6515)
* Log errors caused by low pcre.backtrack_limit when sending a mail
message (#6433)
* Fix regression where drafts were not deleted after sending the message
(#6756)
* Fix so max_message_size limit is checked also when forwarding messages
as attachments (#6580)
* Fix so performance stats are logged to the main console log also when
per_user_logging=true
* Fix malformed message saved into Sent folder when using big attachments
and low memory limit (#6498)
* Fix incorrect IMAP SASL GSSAPI negotiation (#6308)
* Fix so unicode in local part of the email address is also supported in
recipient inputs (#6490)
* Fix bug where autocomplete list could be displayed out of screen (#6469)
* Fix style/navigation on error page depending on authentication state
(#6362)
* Fix so invalid smtp_helo_host is never used, fallback to localhost
(#6408)
* Fix custom logo size in Elastic (#6424)
* Fix listing the same attachment multiple times on forwarded messages
* Fix bug where a message/rfc822 part without a filename wasn't listed on
the attachments list (#6494)
* Fix inconsistent offset for various time zones - always display Standard
Time offset (#6531)
* Fix dummy Message-Id when resuming a draft without Message-Id header
(#6548)
* Fix handling of empty entries in vCard import (#6564)
* Fix bug in parsing some IMAP command responses that include unsolicited
replies (#6577)
* Fix PHP 7.2 compatibility in debug_logger plugin (#6586)
* Fix so ANY record is not used for email domain validation, use A, MX,
CNAME, AAAA instead (#6581)
* Fix so mime_content_type check in Installer uses files that should
always be available (i.e. from program/resources) (#6599)
* Fix missing CSRF token on a link to download too-big message part (#6621)
* Fix bug when aborting dragging with ESC key didn't stop the move action
(#6623)
* Improved Mailvelope integration
* * Added private key listing and generating to identity settings
* * Enable encrypt & sign option if Mailvelope supports it
* Allow contacts without an email address (#5079)
* Support SMTPUTF8 and relax email address validation to support unicode
in local part (#5120)
* Support for IMAP folders that cannot contain both folders and messages
(#5057)
* Remove sample PHP configuration from .htaccess and .user.ini files
(#5850)
* Extend skin_logo setting to allow per skin logos (#6272)
* Use Masterminds/HTML5 parser for better HTML5 support (#5761)
* Add More actions button in Contacts toolbar with Copy/Move actions
(#6081)
* Display an error when clicking disabled link to register protocol
handler (#6079)
* Add option trusted_host_patterns (#6009, #5752)
* Support additional connect parameters in PostgreSQL database wrapper
* Use UI dialogs instead of confirm() and alert() where possible
* Display value of the SMTP message size limit in the error message (#6032)
* Show message flagged status in message view (#5080)
* Skip redundant INSERT query on successful logon when using PHP7
* Replace display_version with display_product_version (#5904)
* Extend disabled_actions config so it accepts also button names (#5903)
* Handle remote stylesheets the same as remote images, ask the user to
allow them (#5994)
* Add Message-ID to the sendmail log (#5871)
* Add option to hide folders in share/other-user namespace or outside of
the personal namespace root (#5073)
* Archive: Fix archiving by sender address on cyrus-imap
* Archive: Style Archive folder also on folder selector and folder manager
lists
* Archive: Add Thunderbird compatible Month option (#5623)
* Archive: Create archive folder automatically if it's configured, but
does not exist (#6076)
* Enigma: Add button to send mail unencrypted if no key was found (#5913)
* Enigma: Add options to set PGP cipher/digest algorithms (#5645)
* Enigma: Multi-host support
* Managesieve: Add ability to disable filter sets and other actions
(#5496, #5898)
* Managesieve: Add option managesieve_forward to enable settings dialog
for simple forwarding (#6021)
* Managesieve: Support filter action with custom IMAP flags (#6011)
* Managesieve: Support 'mime' extension tests - RFC5703 (#5832)
* Managesieve: Support GSSAPI authentication with krb_authentication
plugin (#5779)
* Managesieve: Support enabling the plugin for specified hosts only (#6292)
* Password: Support host variables in password_db_dsn option (#5955)
* Password: Automatic virtualmin domain setting, removed
password_virtualmin_format option (#5759)
* Password: Added password_username_format option (#5766)
* subscriptions_option: show \Noselect folders greyed out (#5621)
* zipdownload: Added option to define size limit for multiple messages
download (#5696)
* vcard_attachments: Add possibility to send contact vCard from Contacts
toolbar (#6080)
* Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587)
* Composer: Fix certificate validation errors by using packagist only
(#5148)
* Add --get and --extract arguments and CACHEDIR env-variable support to
install-jsdeps.sh (#5882)
* Support _filter and _scope as GET arguments for opening mail UI (#5825)
* Various improvements for templating engine and skin behaviours
* * Support conditional include
* * Support for 'link' objects
* * Support including files with path relative to templates directory
* * Use instead of for submit button on logon screen
* Support skin localization (#5853)
* Reset onerror on images if placeholder does not exist to prevent from
requests storm
* Unified and simplified code for loading content frame for responses and
identities
* Display contact import and advanced search in popup dialogs
* Display a dialog for mail import with supported format description and
upload size hint
* Make possible to set (some) config options from a skin
* Added optional checkbox selection for the list widget
* Make 'compose' command always enabled
* Add .log suffix to all log file names, add option log_file_ext to
control this (#313)
* Return "401 Unauthorized" status when login fails (#5663)
* Support both comma and semicolon as recipient separator, drop
recipients_separator option (#5092)
* Plugin API: Added 'show_bytes' hook (#5001)
* Add option to not indent quoted text on top-posting reply (#5105)
* Removed global $CONFIG variable
* Removed debug_level setting
* Support AUTHENTICATE LOGIN for IMAP connections (#5563)
* Support LDAP GSSAPI authentication (#5703)
* Localized timezone selector (#4983)
* Use 7bit encoding for ISO-2022-* charsets in sent mail (#5640)
* Handle inline images also inside multipart/mixed messages (#5905)
* Allow style tags in HTML editor on composed/reply messages (#5751)
* Use Github API as a fallback to fetch js dependencies to workaround
throttling issues (#6248)
* Show confirm dialog when moving folders using drag and drop (#6119)
* Fix bug where new_user_dialog email check could have been circumvented
by deleting / abandoning session (#5929)
* Fix skin extending for assets (#5115)
* Fix handling of forwarded messages inside of a TNEF message (#5632)
* Fix bug where attachment size wasn't visible when the filename was too
long (#6033)
* Fix checking table columns when there's more schemas/databases in
postgres/mysql (#6047)
* Fix css conflicts in user interface and e-mail content (#5891)
* Fix duplicated signature when using Back button in Chrome (#5809)
* Fix touch event issue on messages list in IE/Edge (#5781)
* Fix so links over images are not removed in plain text signatures
converted from HTML (#4473)
* Fix various issues when downloading files with names containing
non-ascii chars, use RFC 2231 (#5772)
Upgrade to version 1.3.10:
* Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
Upgrade to version 1.3.9:
* Fix TinyMCE download location(s) (#6694)
* Fix so mime_content_type check in Installer uses files that should
always be available (i.e. from program/resources) (#6599)
Upgrade to version 1.3.8:
* Fix support for "allow-from " in x_frame_options config option (#6449)
- add files with .log entry to logrotate config
enhance apache configuration by:
+ disable mbstring function overload (http://bugs.php.net/bug.php?id=30766)
+ do not allow to see README*, INSTALL, LICENSE or CHANGELOG files
+ set additional headers:
+ Content-Security-Policy: ask browsers to not set the referrer
+ Cache-Control: ask not to cache the content
+ Strict-Transport-Security: set HSTS rules for SSL traffic
+ X-XSS-Protection: configure built in reflective XSS protection
adjust README.openSUSE:
+ db.inc.php is not used any longer
+ flush privileges after creating/changing users in mysql
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10148=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10148=1
Package List:
- openSUSE Backports SLE-15-SP4 (noarch):
roundcubemail-1.5.3-bp154.2.3.1
- openSUSE Backports SLE-15-SP3 (noarch):
roundcubemail-1.5.3-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2019-10740.html
https://www.suse.com/security/cve/CVE-2020-12641.html
https://www.suse.com/security/cve/CVE-2020-16145.html
https://www.suse.com/security/cve/CVE-2020-35730.html
https://bugzilla.suse.com/1180132
https://bugzilla.suse.com/1180399
1
0
openSUSE-SU-2022:10150-1: important: Security update for seamonkey
by opensuse-security@opensuse.org 16 Oct '22
by opensuse-security@opensuse.org 16 Oct '22
16 Oct '22
openSUSE Security Update: Security update for seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10150-1
Rating: important
References: #1203916
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for seamonkey fixes the following issues:
Update to SeaMonkey 2.53.14
* Updates to the following DOM HTML element interfaces: Embed, Object,
Anchor, Area, Button, Frame, Canvas, IFrame, Link, Image, MenuItem,
TextArea, Source, Select, Option, Script and Html. Please test add-ons.
* Continue the switch from Python 2 to Python 3 in the build system.
* Add ESR 102 links to debugQA bug 1779028.
* Remove about plugins from help menu bug 1779031.
* Dead links in cs_nav_prefs_advanced.xhtml [en-US] bug 1783558.
* Dead links in cs_nav_prefs_advanced.xhtml bug 1786030.
* Remove obsolete chat services from SeaMonkey address book bug 1779034.
* Address Book: "Get Map" button is not shown for home addresses bug
1779319.
* Added compatibility for rust 1.63
* SeaMonkey 2.53.14 uses the same backend as Firefox and contains the
relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.14 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 91.11 and
Thunderbird 91.11 ESR plus many enhancements have been backported. We
will continue to enhance SeaMonkey security in subsequent 2.53.x beta
and release versions as fast as we are able to.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-10150=1
Package List:
- openSUSE Leap 15.3 (aarch64 i586 x86_64):
seamonkey-2.53.14-lp153.17.14.1
seamonkey-debuginfo-2.53.14-lp153.17.14.1
seamonkey-debugsource-2.53.14-lp153.17.14.1
seamonkey-dom-inspector-2.53.14-lp153.17.14.1
seamonkey-irc-2.53.14-lp153.17.14.1
References:
https://bugzilla.suse.com/1203916
1
0
openSUSE-SU-2022:10149-1: important: Security update for seamonkey
by opensuse-security@opensuse.org 16 Oct '22
by opensuse-security@opensuse.org 16 Oct '22
16 Oct '22
openSUSE Security Update: Security update for seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10149-1
Rating: important
References: #1203916
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update fixes the following issues:
Update to SeaMonkey 2.53.14
* Updates to the following DOM HTML element interfaces: Embed, Object,
Anchor, Area, Button, Frame, Canvas, IFrame, Link, Image, MenuItem,
TextArea, Source, Select, Option, Script and Html. Please test add-ons.
* Continue the switch from Python 2 to Python 3 in the build system.
* Add ESR 102 links to debugQA bug 1779028.
* Remove about plugins from help menu bug 1779031.
* Dead links in cs_nav_prefs_advanced.xhtml [en-US] bug 1783558.
* Dead links in cs_nav_prefs_advanced.xhtml bug 1786030.
* Remove obsolete chat services from SeaMonkey address book bug 1779034.
* Address Book: "Get Map" button is not shown for home addresses bug
1779319.
* Added compatibility for rust 1.63
* SeaMonkey 2.53.14 uses the same backend as Firefox and contains the
relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.14 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 91.11 and
Thunderbird 91.11 ESR plus many enhancements have been backported. We
will continue to enhance SeaMonkey security in subsequent 2.53.x beta
and release versions as fast as we are able to.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-2022-10149=1
Package List:
- openSUSE Leap 15.4 (aarch64 i586 x86_64):
seamonkey-2.53.14-lp154.2.3.1
seamonkey-debuginfo-2.53.14-lp154.2.3.1
seamonkey-debugsource-2.53.14-lp154.2.3.1
seamonkey-dom-inspector-2.53.14-lp154.2.3.1
seamonkey-irc-2.53.14-lp154.2.3.1
References:
https://bugzilla.suse.com/1203916
1
0
SUSE-SU-2022:3585-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 14 Oct '22
by opensuse-security@opensuse.org 14 Oct '22
14 Oct '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3585-1
Rating: important
References: #1152472 #1152489 #1185032 #1190497 #1194023
#1194869 #1195917 #1196444 #1196869 #1197659
#1198189 #1200622 #1201309 #1201310 #1201987
#1202095 #1202960 #1203039 #1203066 #1203101
#1203197 #1203263 #1203338 #1203360 #1203361
#1203389 #1203410 #1203505 #1203552 #1203664
#1203693 #1203699 #1203701 #1203767 #1203769
#1203794 #1203798 #1203893 #1203902 #1203906
#1203908 #1203933 #1203935 #1203939 #1203969
#1203987 #1203992 PED-387 PED-529 PED-652
PED-664 PED-682 PED-688 PED-720 PED-729 PED-755
PED-763 SLE-19924 SLE-24814
Cross-References: CVE-2022-1263 CVE-2022-2586 CVE-2022-3202
CVE-2022-3239 CVE-2022-3303 CVE-2022-39189
CVE-2022-41218 CVE-2022-41848 CVE-2022-41849
CVSS scores:
CVE-2022-1263 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1263 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3202 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-3202 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Public Cloud 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 9 vulnerabilities, contains 12
features and has 38 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated.
The following security bugs were fixed:
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to
improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in
drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that
could lead a local user to able to crash the system or escalate their
privileges (bnc#1203552).
- CVE-2022-41848: Fixed a race condition and resultant use-after-free if a
physically proximate attacker removes a PCMCIA device while calling
ioctl (bnc#1203987).
- CVE-2022-41849: Fixed a race condition and resultant use-after-free if a
physically proximate attacker removes a USB device while calling open
(bnc#1203992).
- CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft
table is deleted (bnc#1202095).
- CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM
when releasing a vCPU with dirty ring support enabled. This flaw allowed
an unprivileged local attacker on the host to issue specific ioctl
calls, causing a kernel oops condition that results in a denial of
service (bnc#1198189).
- CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File
System. This could allow a local attacker to crash the system or leak
kernel internal information (bnc#1203389).
- CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows
unprivileged guest users to compromise the guest kernel because TLB
flush operations are mishandled (bnc#1203066).
The following non-security bugs were fixed:
- ACPI / scan: Create platform device for CS35L41 (bsc#1203699).
- ACPI: processor idle: Practically limit "Dummy wait" workaround to old
Intel systems (bsc#1203767).
- ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes).
- ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699).
- ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699).
- ALSA: aloop: Fix random zeros in capture data when using jiffies timer
(git-fixes).
- ALSA: core: Fix double-free at snd_card_new() (git-fixes).
- ALSA: cs35l41: Check hw_config before using it (bsc#1203699).
- ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699).
- ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699).
- ALSA: cs35l41: Unify hardware configuration (bsc#1203699).
- ALSA: emu10k1: Fix out of bounds access in
snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- ALSA: hda: cs35l41: Add Amp Name based on channel and index
(bsc#1203699).
- ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699).
- ALSA: hda: cs35l41: Add calls to newly added test key function
(bsc#1203699).
- ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence
(bsc#1203699).
- ALSA: hda: cs35l41: Add initial DSP support and firmware loading
(bsc#1203699).
- ALSA: hda: cs35l41: Add missing default cases (bsc#1203699).
- ALSA: hda: cs35l41: Add module parameter to control firmware load
(bsc#1203699).
- ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699).
- ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699).
- ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations
(bsc#1203699).
- ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699).
- ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699).
- ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties
(bsc#1203699).
- ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41
(bsc#1203699).
- ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699).
- ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699).
- ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops
(bsc#1203699).
- ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference
(bsc#1203699).
- ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699).
- ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name
(bsc#1203699).
- ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699).
- ALSA: hda: cs35l41: Handle all external boost setups the same way
(bsc#1203699).
- ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699).
- ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699).
- ALSA: hda: cs35l41: Make use of the helper function dev_err_probe()
(bsc#1203699).
- ALSA: hda: cs35l41: Move boost config to initialization code
(bsc#1203699).
- ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace
(bsc#1203699).
- ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use
(bsc#1203699).
- ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699).
- ALSA: hda: cs35l41: Put the device into safe mode for external boost
(bsc#1203699).
- ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables
(bsc#1203699).
- ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699).
- ALSA: hda: cs35l41: Remove Set Channel Map api from binding
(bsc#1203699).
- ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699).
- ALSA: hda: cs35l41: Save codec object inside component struct
(bsc#1203699).
- ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver
(bsc#1203699).
- ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop
(bsc#1203699).
- ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699).
- ALSA: hda: cs35l41: Support Firmware switching and reloading
(bsc#1203699).
- ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699).
- ALSA: hda: cs35l41: Support multiple load paths for firmware
(bsc#1203699).
- ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699).
- ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699).
- ALSA: hda: cs35l41: Tidyup code (bsc#1203699).
- ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699).
- ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699).
- ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699).
- ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount
saturation (git-fixes).
- ALSA: hda: Fix Nvidia dp infoframe (git-fixes).
- ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly
(bsc#1203699).
- ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699).
- ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls
(bsc#1203699).
- ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720).
- ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699).
- ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699).
- ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699).
- ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static
(bsc#1203699).
- ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699).
- ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants
(bsc#1203699).
- ALSA: hda/cs8409: Fix Warlock to use mono mic configuration
(bsc#1203699).
- ALSA: hda/cs8409: Re-order quirk table into ascending order
(bsc#1203699).
- ALSA: hda/cs8409: Support manual mode detection for CS42L42
(bsc#1203699).
- ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699).
- ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699).
- ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699).
- ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver
(bsc#1203699).
- ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED
(git-fixes).
- ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops
(bsc#1203699).
- ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9
(bsc#1203699).
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model
(bsc#1203699).
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699).
- ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41
(bsc#1203699).
- ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699).
- ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop
(git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop
(git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on
EliteBook 845/865 G9 (bsc#1203699).
- ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops
(bsc#1203699).
- ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops
(bsc#1203699).
- ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699).
- ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec
(bsc#1203699).
- ALSA: hda/realtek: More robust component matching for CS35L41
(bsc#1203699).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: hda/sigmatel: Fix unused variable warning for beep power change
(git-fixes).
- ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes).
- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- ALSA: hda/tegra: set depop delay for tegra (git-fixes).
- ALSA: hda/tegra: Update scratch reg. communication (git-fixes).
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in
__snd_usb_parse_audio_interface() (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly
(git-fixes).
- ALSA: usb-audio: Register card again for iface over delayed_register
option (git-fixes).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
(git-fixes).
- ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes).
- ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes).
- ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes).
- arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes).
- arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes).
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes).
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
(git-fixes).
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes).
- arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes)
Enable this errata fix configuration option to arm64/default.
- arm64: kexec_file: use more system keyrings to verify kernel image
signature (bsc#1196444).
- arm64: lib: Import latest version of Arm Optimized Routines' strcmp
(git-fixes)
- arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes)
- arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes).
- ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699).
- ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699).
- ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699).
- ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699).
- ASoC: cs35l41: Add endianness flag in snd_soc_component_driver
(bsc#1203699).
- ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
- ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
- ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699).
- ASoC: cs35l41: Add support for hibernate memory retention mode
(bsc#1203699).
- ASoC: cs35l41: Binding fixes (bsc#1203699).
- ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699).
- ASoC: cs35l41: Combine adjacent register writes (bsc#1203699).
- ASoC: cs35l41: Convert tables to shared source code (bsc#1203699).
- ASoC: cs35l41: Correct DSP power down (bsc#1203699).
- ASoC: cs35l41: Correct handling of some registers in the cache
(bsc#1203699).
- ASoC: cs35l41: Correct some control names (bsc#1203699).
- ASoC: cs35l41: Create shared function for boost configuration
(bsc#1203699).
- ASoC: cs35l41: Create shared function for errata patches (bsc#1203699).
- ASoC: cs35l41: Create shared function for setting channels (bsc#1203699).
- ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699).
- ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699).
- ASoC: cs35l41: Do not print error when waking from hibernation
(bsc#1203699).
- ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699).
- ASoC: cs35l41: DSP Support (bsc#1203699).
- ASoC: cs35l41: Fix a bunch of trivial code formating/style issues
(bsc#1203699).
- ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN
(bsc#1203699).
- ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t
(bsc#1203699).
- ASoC: cs35l41: Fix DSP mbox start command and global enable order
(bsc#1203699).
- ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699).
- ASoC: cs35l41: Fix link problem (bsc#1203699).
- ASoC: cs35l41: Fix max number of TX channels (bsc#1203699).
- ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699).
- ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699).
- ASoC: cs35l41: Fixup the error messages (bsc#1203699).
- ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699).
- ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699).
- ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code
(bsc#1203699).
- ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699).
- ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699).
- ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code
(bsc#1203699).
- ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699).
- ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware
(bsc#1203699).
- ASoC: cs35l41: Remove incorrect comment (bsc#1203699).
- ASoC: cs35l41: Remove unnecessary param (bsc#1203699).
- ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699).
- ASoC: cs35l41: Support external boost (bsc#1203699).
- ASoC: cs35l41: Update handling of test key registers (bsc#1203699).
- ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot
(bsc#1203699).
- ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699).
- ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START
(bsc#1203699).
- ASoC: cs42l42: Allow time for HP/ADC to power-up after enable
(bsc#1203699).
- ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts
(bsc#1203699).
- ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling
(bsc#1203699).
- ASoC: cs42l42: Do not claim to support 192k (bsc#1203699).
- ASoC: cs42l42: Do not reconfigure the PLL while it is running
(bsc#1203699).
- ASoC: cs42l42: Fix WARN in remove() if running without an interrupt
(bsc#1203699).
- ASoC: cs42l42: free_irq() before powering-down on probe() fail
(bsc#1203699).
- ASoC: cs42l42: Handle system suspend (bsc#1203699).
- ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699).
- ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699).
- ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script
(bsc#1203699).
- ASoC: cs42l42: Move CS42L42 register descriptions to general include
(bsc#1203699).
- ASoC: cs42l42: Only report button state if there was a button interrupt
(git-fixes).
- ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler
(bsc#1203699).
- ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699).
- ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699).
- ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks
(bsc#1203699).
- ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks
(bsc#1203699).
- ASoC: cs42l42: Report full jack status when plug is detected
(bsc#1203699).
- ASoC: cs42l42: Report initial jack state (bsc#1203699).
- ASoC: cs42l42: Reset and power-down on remove() and failed probe()
(bsc#1203699).
- ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699).
- ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699).
- ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699).
- ASoC: cs42l42: Use two thresholds and increased wait time for manual
type detection (bsc#1203699).
- ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699).
- ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes).
- ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes).
- ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes).
- ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes).
- ASoC: qcom: sm8250: add missing module owner (git-fixes).
- ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720).
- ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720).
- ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652).
- ASoC: tas2770: Reinit regcache on reset (git-fixes).
- ASoC: wm_adsp: Add support for "toggle" preloaders (bsc#1203699).
- ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699).
- ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699).
- ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed
(bsc#1203699).
- ASoC: wm_adsp: Correct control read size when parsing compressed buffer
(bsc#1203699).
- ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699).
- ASoC: wm_adsp: Fix event for preloader (bsc#1203699).
- ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699).
- ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699).
- ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699).
- ASoC: wm_adsp: Move check for control existence (bsc#1203699).
- ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699).
- ASoC: wm_adsp: move firmware loading to client (bsc#1203699).
- ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699).
- ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core
(bsc#1203699).
- ASoC: wm_adsp: remove a repeated including (bsc#1203699).
- ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699).
- ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699).
- ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699).
- ASoC: wm_adsp: Rename generic DSP support (bsc#1203699).
- ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699).
- ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699).
- ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops
(bsc#1203699).
- ASoC: wm_adsp: Split DSP power operations into helper functions
(bsc#1203699).
- ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699).
- ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers
(bsc#1203699).
- ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret'
(bsc#1203699).
- batman-adv: Fix hang up with small MTU hard-interface (git-fixes).
- Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend
(git-fixes).
- Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure
(git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly
(git-fixes).
- bnx2x: fix built-in kernel driver load failure (git-fixes).
- bnx2x: fix driver load from initrd (git-fixes).
- btrfs: fix relocation crash due to premature return from
btrfs_commit_transaction() (bsc#1203360).
- btrfs: fix space cache corruption and potential double allocations
(bsc#1203361).
- build mlx in x86_64/azure as modules again (bsc#1203701) There is little
gain by having the drivers built into the kernel. Having them as modules
allows easy replacement by third party drivers.
- can: gs_usb: gs_can_open(): fix race dev->can.state condition
(git-fixes).
- can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes).
- cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
(bsc#1196869).
- cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
(bsc#1203906).
- cgroup: Fix race condition at rebind_subsystems() (bsc#1203902).
- cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
(bsc#1196869).
- clk: bcm: rpi: Prevent out-of-bounds access (git-fixes).
- clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc()
(git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks
(git-fixes).
- clk: ingenic-tcu: Properly enable registers before accessing timers
(git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).
- constraints: increase disk space for all architectures References:
bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show
that it is very close to the limit.
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- cs-dsp and serial-multi-instantiate enablement (bsc#1203699)
- dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682).
- dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755).
- dmaengine: idxd: change MSIX allocation based on per wq activation
(jsc#PED-664).
- dmaengine: idxd: create locked version of idxd_quiesce() call
(jsc#PED-682).
- dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664).
- dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664).
- dmaengine: idxd: fix retry value to be constant for duration of function
call (git-fixes).
- dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682).
- dmaengine: idxd: handle invalid interrupt handle descriptors
(jsc#PED-682).
- dmaengine: idxd: int handle management refactoring (jsc#PED-682).
- dmaengine: idxd: match type for retries var in idxd_enqcmds()
(git-fixes).
- dmaengine: idxd: move interrupt handle assignment (jsc#PED-682).
- dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682).
- dmaengine: idxd: set defaults for wq configs (jsc#PED-688).
- dmaengine: idxd: update IAA definitions for user header (jsc#PED-763).
- dmaengine: ti: k3-udma-private: Fix refcount leak bug in
of_xudma_dev_get() (git-fixes).
- docs: i2c: i2c-topology: fix incorrect heading (git-fixes).
- dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes).
- drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes).
- drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes).
- drm/amd/display: Limit user regamma to a valid value (git-fixes).
- drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack
usage (git-fixes).
- drm/amd/display: Reduce number of arguments of dml31's
CalculateFlipSchedule() (git-fixes).
- drm/amd/display: Reduce number of arguments of dml31's
CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes).
- drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid
cards (git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
- drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).
- drm/amdgpu: make sure to init common IP before gmc (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
- drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega
(git-fixes).
- drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega
(git-fixes).
- drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device
to psp_hw_fini (git-fixes).
- drm/amdgpu: Separate vf2pf work item init from virt data exchange
(git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- drm/bridge: display-connector: implement bus fmts callbacks (git-fixes).
- drm/bridge: lt8912b: add vsync hsync (git-fixes).
- drm/bridge: lt8912b: fix corrupted image output (git-fixes).
- drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- drm/gma500: Fix BUG: sleeping function called from invalid context
errors (git-fixes).
- drm/i915: Implement WaEdpLinkRateDataReload (git-fixes).
- drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
- drm/i915/gt: Restrict forced preemption to the active context
(git-fixes).
- drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks
(git-fixes).
- drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
(git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes).
- drm/panfrost: devfreq: set opp to the recommended one to configure
regulator (git-fixes).
- drm/radeon: add a force flush to delay work when radeon (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).
- drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes).
- dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to be optional
(git-fixes).
- EDAC/dmc520: Do not print an error for each unconfigured interrupt line
(bsc#1190497).
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
- efi: libstub: Disable struct randomization (git-fixes).
- eth: alx: take rtnl_lock on resume (git-fixes).
- eth: sun: cassini: remove dead code (git-fixes).
- explicit set MODULE_SIG_HASH in azure config (bsc#1203933) Setting this
option became mandatory in Feb 2022. While the lack of this option did
not cause issues with automated builds, a manual osc build started to
fail due to incorrect macro expansion.
- fbcon: Add option to enable legacy hardware acceleration (bsc#1152472)
Backporting changes: * context fixes in other patch * update config
- fbcon: Fix accelerated fbdev scrolling while logo is still shown
(bsc#1152472)
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
(git-fixes).
- firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes).
- firmware: arm_scmi: Harden accesses to the reset domains (git-fixes).
- firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic
DSPs (bsc#1203699).
- firmware: cs_dsp: Add lockdep asserts to interface functions
(bsc#1203699).
- firmware: cs_dsp: Add memory chunk helpers (bsc#1203699).
- firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699).
- firmware: cs_dsp: Add pre_run callback (bsc#1203699).
- firmware: cs_dsp: Add pre_stop callback (bsc#1203699).
- firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699).
- firmware: cs_dsp: Add version checks on coefficient loading
(bsc#1203699).
- firmware: cs_dsp: Allow creation of event controls (bsc#1203699).
- firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699).
- firmware: cs_dsp: Clear core reset for cache (bsc#1203699).
- firmware: cs_dsp: Fix overrun of unterminated control name string
(bsc#1203699).
- firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer
(bsc#1203699).
- firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl
(bsc#1203699).
- firmware: cs_dsp: Print messages from bin files (bsc#1203699).
- firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace
is dead (git-fixes).
- fuse: Remove the control interface for virtio-fs (bsc#1203798).
- gpio: mockup: fix NULL pointer dereference when removing debugfs
(git-fixes).
- gpio: mockup: remove gpio debugfs when remove device (git-fixes).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
(git-fixes).
- gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes).
- gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
(git-fixes).
- gve: Fix GFP flags when allocing pages (git-fixes).
- HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
(git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
- hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes).
- hwmon: (mr75203) enable polling for all VM channels (git-fixes).
- hwmon: (mr75203) fix multi-channel voltage reading (git-fixes).
- hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not
defined (git-fixes).
- hwmon: (mr75203) fix voltage equation for negative source input
(git-fixes).
- hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888
controller (git-fixes).
- hwmon: (tps23861) fix byte order in resistance register (git-fixes).
- i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699).
- i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible
(git-fixes).
- i2c: mlxbf: Fix frequency calculation (git-fixes).
- i2c: mlxbf: incorrect base address passed during io write (git-fixes).
- i2c: mlxbf: prevent stack overflow in
mlxbf_i2c_smbus_start_transaction() (git-fixes).
- i2c: mlxbf: support lock mechanism (git-fixes).
- ice: Allow operation with reduced device MSI-X (bsc#1201987).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes).
- ice: fix crash when writing timestamp on RX rings (git-fixes).
- ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes).
- ice: fix possible under reporting of ethtool Tx and Rx statistics
(git-fixes).
- ice: Fix race during aux device (un)plugging (git-fixes).
- ice: Match on all profiles in slow-path (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- igb: skip phy status check where unavailable (git-fixes).
- Input: goodix - add compatible string for GT1158 (git-fixes).
- Input: goodix - add support for GT1158 (git-fixes).
- Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
- Input: iqs62x-keys - drop unused device node references (git-fixes).
- Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
- kABI workaround for spi changes (bsc#1203699).
- kABI: Add back removed struct paca member (bsc#1203664 ltc#199236).
- kABI: fix adding another field to scsi_device (bsc#1203039).
- kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814).
- kbuild: disable header exports for UML in a straightforward way
(git-fixes).
- kexec_file: drop weak attribute from functions (bsc#1196444).
- kexec, KEYS, s390: Make use of built-in and secondary keyring for
signature verification (bsc#1196444).
- kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- KVM: SVM: Create a separate mapping for the GHCB save area
(jsc#SLE-19924, jsc#SLE-24814).
- KVM: SVM: Create a separate mapping for the SEV-ES save area
(jsc#SLE-19924, jsc#SLE-24814).
- KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924,
jsc#SLE-24814).
- KVM: SVM: fix tsc scaling cache logic (bsc#1203263).
- KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924,
jsc#SLE-24814).
- KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes).
- KVM: X86: Fix when shadow_root_level=5 && guest root_level<4
(git-fixes).
- KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi()
(git-fixes).
- KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall
(git-fixes).
- KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924,
jsc#SLE-24814).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
(git-fixes).
- lockd: detect and reject lock arguments that overflow (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
- media: aspeed: Fix an error handling path in aspeed_video_probe()
(git-fixes).
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- media: coda: Fix reported H264 profile (git-fixes).
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- media: exynos4-is: Change clk_disable to clk_disable_unprepare
(git-fixes).
- media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe
(git-fixes).
- media: flexcop-usb: fix endpoint type check (git-fixes).
- media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes).
- media: imx-jpeg: Correct some definition according specification
(git-fixes).
- media: imx-jpeg: Disable slot interrupt when frame done (git-fixes).
- media: imx-jpeg: Fix potential array out of bounds in queue_setup
(git-fixes).
- media: imx-jpeg: Leave a blank space before the configuration data
(git-fixes).
- media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes).
- media: mceusb: Use new usb_control_msg_*() routines (git-fixes).
- media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment.
- media: rkvdec: Disable H.264 error detection (git-fixes).
- media: st-delta: Fix PM disable depth imbalance in delta_probe
(git-fixes).
- media: vsp1: Fix offset calculation for plane cropping.
- misc: cs35l41: Remove unused pdn variable (bsc#1203699).
- mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).
- mlxsw: i2c: Fix initialization error flow (git-fixes).
- mm: Fix PASID use-after-free issue (bsc#1203908).
- mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch
failure (git-fixes).
- mmc: hsq: Fix data stomping during mmc recovery (git-fixes).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).
- mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv
(git-fixes).
- net: axienet: fix RX ring refill allocation failure handling (git-fixes).
- net: axienet: reset core on initialization prior to MDIO access
(git-fixes).
- net: bcmgenet: hide status block before TX timestamping (git-fixes).
- net: bcmgenet: Revert "Use stronger register read/writes to assure
ordering" (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator
(git-fixes).
- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes).
- net: dsa: felix: fix tagging protocol changes with multiple CPU ports
(git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: introduce helpers for iterating through ports using dp
(git-fixes).
- net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes).
- net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes).
- net: dsa: microchip: fix bridging with more than two member ports
(git-fixes).
- net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes).
- net: dsa: mt7530: add missing of_node_put() in mt7530_setup()
(git-fixes).
- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr
(git-fixes).
- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
(git-fixes).
- net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes).
- net: emaclite: Add error handling for of_address_to_resource()
(git-fixes).
- net: enetc: Use pci_release_region() to release some resources
(git-fixes).
- net: ethernet: mediatek: ppe: fix wrong size passed to memset()
(git-fixes).
- net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address()
(git-fixes).
- net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
(git-fixes).
- net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes).
- net: fec: add missing of_node_put() in fec_enet_init_stop_mode()
(git-fixes).
- net: ftgmac100: access hardware register after clock ready (git-fixes).
- net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes).
- net: hns3: fix the concurrency between functions reading debugfs
(git-fixes).
- net: ipa: get rid of a duplicate initialization (git-fixes).
- net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes).
- net: ipa: record proper RX transaction count (git-fixes).
- net: macb: Fix PTP one step sync support (git-fixes).
- net: macb: Increment rx bd head after allocating skb and buffer
(git-fixes).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller
(git-fixes).
- net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP
filters (git-fixes).
- net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP
over IP (git-fixes).
- net: mscc: ocelot: fix broken IP multicast flooding (git-fixes).
- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware
when deleted (git-fixes).
- net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set()
(git-fixes).
- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups
(git-fixes).
- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0
(git-fixes).
- net: phy: aquantia: wait for the suspend/resume operations to finish
(git-fixes).
- net: phy: at803x: move page selection fix to config_init (git-fixes).
- net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume()
(git-fixes).
- net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes).
- net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes).
- net: stmmac: dwmac-qcom-ethqos: add platform level clocks management
(git-fixes).
- net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume
(git-fixes).
- net: stmmac: dwmac-sun8i: add missing of_node_put() in
sun8i_dwmac_register_mdio_mux() (git-fixes).
- net: stmmac: enhance XDP ZC driver level switching performance
(git-fixes).
- net: stmmac: fix out-of-bounds access in a selftest (git-fixes).
- net: stmmac: Fix unset max_speed difference between DT and non-DT
platforms (git-fixes).
- net: stmmac: only enable DMA interrupts when ready (git-fixes).
- net: stmmac: perserve TX and RX coalesce value during XDP setup
(git-fixes).
- net: stmmac: remove unused get_addr() callback (git-fixes).
- net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes).
- net: systemport: Fix an error handling path in bcm_sysport_probe()
(git-fixes).
- net: thunderbolt: Enable DMA paths only after rings are enabled
(git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- net: wwan: iosm: Call mutex_init before locking it (git-fixes).
- net: wwan: iosm: remove pointless null check (git-fixes).
- net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes).
- net/mlx5: Drain fw_reset when removing device (git-fixes).
- net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes).
- net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes).
- net/mlx5e: Properly block LRO when XDP is enabled (git-fixes).
- net/mlx5e: Remove HW-GRO from reported features (git-fixes).
- net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes).
- net/qla3xxx: Fix a test in ql_reset_work() (git-fixes).
- net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change()
(git-fixes).
- NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).
- NFS: fix problems with __nfs42_ssc_open (git-fixes).
- NFS: Fix races in the legacy idmapper upcall (git-fixes).
- NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes).
- NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0
(git-fixes).
- NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes).
- NFSD: Clean up the show_nf_flags() macro (git-fixes).
- NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes).
- of: device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
- parisc/sticon: fix reverse colors (bsc#1152489)
- parisc/stifb: Fix fb_is_primary_device() only available with
(bsc#1152489)
- parisc/stifb: Implement fb_is_primary_device() (bsc#1152489)
- parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489)
- PCI: Correct misspelled words (git-fixes).
- PCI: Disable MSI for Tegra234 Root Ports (git-fixes).
- PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes).
- PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387).
- pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes).
- pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes).
- pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go
2 (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap
fixes (git-fixes).
- platform/x86: i2c-multi-instantiate: Rename it for a generic serial
driver name (bsc#1203699).
- platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop
(bsc#1203699).
- platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699).
- platform/x86: serial-multi-instantiate: Reorganize I2C functions
(bsc#1203699).
- pNFS/flexfiles: Report RDMA connection errors to the server (git-fixes).
- powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL
(bsc#1194869).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- regulator: core: Clean up on enable failure (git-fixes).
- regulator: pfuze100: Fix the global-out-of-bounds access in
pfuze100_regulator_probe() (git-fixes).
- regulator: qcom_rpm: Fix circular deferral regression (git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197
LTC#199895).
- s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
- scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039).
- scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID
cases (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling
(bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload
(bsc#1203939).
- scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same
NPort ID (bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed
phba (bsc#1185032 bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
(bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE
(bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential padding
(bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency
(bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN Manager
application (bsc#1203939).
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status
(bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()
(bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Define static symbols (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Enhance driver tracing with separate tunable and more
(bsc#1203935).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Fix spelling mistake "definiton" -> "definition"
(bsc#1203935).
- scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational
(bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading
stale packets" (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes).
- scsi: smartpqi: Add module param to disable managed ints (bsc#1203893).
- scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
- selftests: Fix the if conditions of in test_extra_filter() (git-fixes).
- selftests: forwarding: add shebang for sch_red.sh (git-fixes).
- selftests: forwarding: Fix failing tests with old libnet (git-fixes).
- serial: atmel: remove redundant assignment in rs485_config (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- serial: fsl_lpuart: Reset prior to registration (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting
(git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting
(git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).
- spi: Add API to count spi acpi resources (bsc#1203699).
- spi: Create helper API to lookup ACPI info for spi device (bsc#1203699).
- spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes).
- spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).
- spi: propagate error code to the caller of acpi_spi_device_alloc()
(bsc#1203699).
- spi: qup: add missing clk_disable_unprepare on error in
spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
(git-fixes).
- spi: Return deferred probe error when controller isn't yet available
(bsc#1203699).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- spi: Support selection of the index of the ACPI Spi Resource before
alloc (bsc#1203699).
- spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
(git-fixes).
- struct ehci_hcd: hide new element going into a hole (git-fixes).
- struct xhci_hcd: restore member now dynamically allocated (git-fixes).
- SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).
- SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: fix expiry of auth creds (git-fixes).
- SUNRPC: Fix xdr_encode_bool() (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before reuse
(git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).
- thunderbolt: Add support for Intel Maple Ridge single port controller
(git-fixes).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
- tty: serial: atmel: Preserve previous USART mode if RS485 disabled
(git-fixes).
- USB: add quirks for Lenovo OneLink+ Dock (git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- USB: core: Fix RST error in hub.c (git-fixes).
- USB: core: Prevent nested device-reset calls (git-fixes).
- USB: Drop commas after SoC match table sentinels (git-fixes).
- USB: dwc3: core: leave default DMA if the controller does not support
64-bit DMA (git-fixes).
- USB: dwc3: disable USB core PHY management (git-fixes).
- USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
(git-fixes).
- USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes).
- USB: dwc3: gadget: Refactor pullup() (git-fixes).
- USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes).
- USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes).
- USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes).
- USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes).
- USB: hub: avoid warm port reset during USB3 disconnect (git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
(git-fixes).
- USB: serial: option: add support for OPPO R11 diag port (git-fixes).
- USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).
- USB: storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- USB: struct usb_device: hide new member (git-fixes).
- USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device
(git-fixes).
- USB: typec: tipd: Add an additional overflow check (git-fixes).
- USB: typec: tipd: Do not read/write more bytes than required (git-fixes).
- USB: typec: ucsi: Remove incorrect warning (git-fixes).
- USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes).
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- vfio/type1: Unpin zero pages (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
(git-fixes).
- virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement
(jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Add support to get extended report (jsc#SLE-19924,
jsc#SLE-24814).
- virt: sevguest: Fix bool function returning negative value
(jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Fix return value check in alloc_shared_pages()
(jsc#SLE-19924, jsc#SLE-24814).
- vrf: fix packet sniffing for traffic originating from ip tunnels
(git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- watchdog: wdat_wdt: Set the min and max timeout values properly
(bsc#1194023).
- wifi: ath10k: add peer map clean up for peer delete in
ath10k_sta_state() (git-fixes).
- wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- wifi: mac80211_hwsim: check length for virtio packets (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh
(git-fixes).
- wifi: mac80211: fix regression with non-QoS drivers (git-fixes).
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- wifi: mt76: fix reading current per-tid starting sequence number for
aggregation (git-fixes).
- wifi: mt76: mt7615: add mt7615_mutex_acquire/release in
mt7615_sta_set_decap_offload (git-fixes).
- wifi: mt76: mt7915: do not check state before configuring implicit
beamform (git-fixes).
- wifi: mt76: sdio: fix transmitting packet hangs (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask
(git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
(git-fixes).
- wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes).
- wifi: rtw88: add missing destroy_workqueue() on error path in
rtw_core_init() (git-fixes).
- workqueue: do not skip lockdep work dependency in cancel_work_sync()
(git-fixes).
- x86/boot: Add a pointer to Confidential Computing blob in bootparams
(jsc#SLE-19924, jsc#SLE-24814).
- x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924,
jsc#SLE-24814).
- x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924,
jsc#SLE-24814).
- x86/boot: Put globals that are accessed early into the .data section
(jsc#SLE-19924, jsc#SLE-24814).
- x86/boot: Use MSR read/write helpers instead of inline assembly
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed: Add helper for validating pages in the decompression
stage (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924,
jsc#SLE-24814).
- x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924,
jsc#SLE-24814).
- x86/compressed: Register GHCB memory when SEV-SNP is active
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/64: Add identity mapping for Confidential Computing blob
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/64: Detect/setup SEV/SME features earlier during boot
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI config table lookup to helper
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924,
jsc#SLE-24814).
- x86/compressed/acpi: Move EFI kexec handling into common code
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI system table lookup to helper
(jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI vendor table lookup to helper
(jsc#SLE-19924, jsc#SLE-24814).
- x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814).
- x86/ibt,ftrace: Make function-graph play nice (bsc#1203969).
- x86/kernel: Mark the .bss..decrypted section as shared in the RMP table
(jsc#SLE-19924, jsc#SLE-24814).
- x86/kernel: Validate ROM memory before accessing when SEV-SNP is active
(jsc#SLE-19924, jsc#SLE-24814).
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924,
jsc#SLE-24814).
- x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Add helper for validating pages in early enc attribute changes
(jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Add missing __init annotations to SEV init routines
(jsc#SLE-19924 jsc#SLE-24814).
- x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924,
jsc#SLE-24814).
- x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924,
jsc#SLE-24814).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xen-blkback: Advertise feature-persistent as user requested (git-fixes).
- xen-blkback: Apply 'feature_persistent' parameter when connect
(git-fixes).
- xen-blkback: fix persistent grants negotiation (git-fixes).
- xen-blkfront: Advertise feature-persistent as user requested (git-fixes).
- xen-blkfront: Apply 'feature_persistent' parameter when connect
(git-fixes).
- xen-blkfront: Cache feature_persistent value before advertisement
(git-fixes).
- xen-blkfront: Handle NULL gendisk (git-fixes).
- xen-netback: only remove 'hotplug-status' when the vif is actually
destroyed (git-fixes).
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
- xen/grants: prevent integer overflow in gnttab_dma_alloc_pages()
(git-fixes).
- xen/usb: do not use arbitrary_virt_to_machine() (git-fixes).
- xhci: Allocate separate command structures for each LPM command
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3585=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3585=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-azure-5.14.21-150400.14.16.1
cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.16.1
dlm-kmp-azure-5.14.21-150400.14.16.1
dlm-kmp-azure-debuginfo-5.14.21-150400.14.16.1
gfs2-kmp-azure-5.14.21-150400.14.16.1
gfs2-kmp-azure-debuginfo-5.14.21-150400.14.16.1
kernel-azure-5.14.21-150400.14.16.1
kernel-azure-debuginfo-5.14.21-150400.14.16.1
kernel-azure-debugsource-5.14.21-150400.14.16.1
kernel-azure-devel-5.14.21-150400.14.16.1
kernel-azure-devel-debuginfo-5.14.21-150400.14.16.1
kernel-azure-extra-5.14.21-150400.14.16.1
kernel-azure-extra-debuginfo-5.14.21-150400.14.16.1
kernel-azure-livepatch-devel-5.14.21-150400.14.16.1
kernel-azure-optional-5.14.21-150400.14.16.1
kernel-azure-optional-debuginfo-5.14.21-150400.14.16.1
kernel-syms-azure-5.14.21-150400.14.16.1
kselftests-kmp-azure-5.14.21-150400.14.16.1
kselftests-kmp-azure-debuginfo-5.14.21-150400.14.16.1
ocfs2-kmp-azure-5.14.21-150400.14.16.1
ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.16.1
reiserfs-kmp-azure-5.14.21-150400.14.16.1
reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.16.1
- openSUSE Leap 15.4 (noarch):
kernel-devel-azure-5.14.21-150400.14.16.1
kernel-source-azure-5.14.21-150400.14.16.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64):
kernel-azure-5.14.21-150400.14.16.1
kernel-azure-debuginfo-5.14.21-150400.14.16.1
kernel-azure-debugsource-5.14.21-150400.14.16.1
kernel-azure-devel-5.14.21-150400.14.16.1
kernel-azure-devel-debuginfo-5.14.21-150400.14.16.1
kernel-syms-azure-5.14.21-150400.14.16.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch):
kernel-devel-azure-5.14.21-150400.14.16.1
kernel-source-azure-5.14.21-150400.14.16.1
References:
https://www.suse.com/security/cve/CVE-2022-1263.html
https://www.suse.com/security/cve/CVE-2022-2586.html
https://www.suse.com/security/cve/CVE-2022-3202.html
https://www.suse.com/security/cve/CVE-2022-3239.html
https://www.suse.com/security/cve/CVE-2022-3303.html
https://www.suse.com/security/cve/CVE-2022-39189.html
https://www.suse.com/security/cve/CVE-2022-41218.html
https://www.suse.com/security/cve/CVE-2022-41848.html
https://www.suse.com/security/cve/CVE-2022-41849.html
https://bugzilla.suse.com/1152472
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1185032
https://bugzilla.suse.com/1190497
https://bugzilla.suse.com/1194023
https://bugzilla.suse.com/1194869
https://bugzilla.suse.com/1195917
https://bugzilla.suse.com/1196444
https://bugzilla.suse.com/1196869
https://bugzilla.suse.com/1197659
https://bugzilla.suse.com/1198189
https://bugzilla.suse.com/1200622
https://bugzilla.suse.com/1201309
https://bugzilla.suse.com/1201310
https://bugzilla.suse.com/1201987
https://bugzilla.suse.com/1202095
https://bugzilla.suse.com/1202960
https://bugzilla.suse.com/1203039
https://bugzilla.suse.com/1203066
https://bugzilla.suse.com/1203101
https://bugzilla.suse.com/1203197
https://bugzilla.suse.com/1203263
https://bugzilla.suse.com/1203338
https://bugzilla.suse.com/1203360
https://bugzilla.suse.com/1203361
https://bugzilla.suse.com/1203389
https://bugzilla.suse.com/1203410
https://bugzilla.suse.com/1203505
https://bugzilla.suse.com/1203552
https://bugzilla.suse.com/1203664
https://bugzilla.suse.com/1203693
https://bugzilla.suse.com/1203699
https://bugzilla.suse.com/1203701
https://bugzilla.suse.com/1203767
https://bugzilla.suse.com/1203769
https://bugzilla.suse.com/1203794
https://bugzilla.suse.com/1203798
https://bugzilla.suse.com/1203893
https://bugzilla.suse.com/1203902
https://bugzilla.suse.com/1203906
https://bugzilla.suse.com/1203908
https://bugzilla.suse.com/1203933
https://bugzilla.suse.com/1203935
https://bugzilla.suse.com/1203939
https://bugzilla.suse.com/1203969
https://bugzilla.suse.com/1203987
https://bugzilla.suse.com/1203992
1
0
openSUSE-SU-2022:10147-1: important: Security update for libosip2
by opensuse-security@opensuse.org 13 Oct '22
by opensuse-security@opensuse.org 13 Oct '22
13 Oct '22
openSUSE Security Update: Security update for libosip2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10147-1
Rating: important
References: #1204225
Cross-References: CVE-2022-41550
CVSS scores:
CVE-2022-41550 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libosip2 fixes the following issues:
- CVE-2022-41550: Fixed an integer overflow in the header parser
(boo#1204225)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10147=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
libosip2-12-5.2.1-bp154.2.3.1
libosip2-devel-5.2.1-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-41550.html
https://bugzilla.suse.com/1204225
1
0
openSUSE-SU-2022:10146-1: important: Security update for chromium
by opensuse-security@opensuse.org 13 Oct '22
by opensuse-security@opensuse.org 13 Oct '22
13 Oct '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10146-1
Rating: important
References: #1204223
Cross-References: CVE-2022-3445 CVE-2022-3446 CVE-2022-3447
CVE-2022-3448 CVE-2022-3449 CVE-2022-3450
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 106.0.5249.119 (boo#1204223):
* CVE-2022-3445: Use after free in Skia
* CVE-2022-3446: Heap buffer overflow in WebSQL
* CVE-2022-3447: Inappropriate implementation in Custom Tabs
* CVE-2022-3448: Use after free in Permissions API
* CVE-2022-3449: Use after free in Safe Browsing
* CVE-2022-3450: Use after free in Peer Connection
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10146=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):
chromedriver-106.0.5249.119-bp154.2.35.1
chromium-106.0.5249.119-bp154.2.35.1
References:
https://www.suse.com/security/cve/CVE-2022-3445.html
https://www.suse.com/security/cve/CVE-2022-3446.html
https://www.suse.com/security/cve/CVE-2022-3447.html
https://www.suse.com/security/cve/CVE-2022-3448.html
https://www.suse.com/security/cve/CVE-2022-3449.html
https://www.suse.com/security/cve/CVE-2022-3450.html
https://bugzilla.suse.com/1204223
1
0
SUSE-SU-2022:3571-1: important: Security update for rubygem-puma
by opensuse-security@opensuse.org 13 Oct '22
by opensuse-security@opensuse.org 13 Oct '22
13 Oct '22
SUSE Security Update: Security update for rubygem-puma
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3571-1
Rating: important
References: #1197818
Cross-References: CVE-2022-24790
CVSS scores:
CVE-2022-24790 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-24790 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Availability 15-SP2
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 6
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rubygem-puma fixes the following issues:
Updated to version 4.3.12:
- CVE-2022-24790: Fixed HTTP request smuggling if proxy is not RFC7230
compliant (bsc#1197818).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3571=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3571=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3571=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3571=1
- SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3571=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3571=1
- SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2022-3571=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1
ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1
rubygem-puma-debugsource-4.3.12-150000.3.9.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1
ruby2.5-rubygem-puma-doc-4.3.12-150000.3.9.1
rubygem-puma-debugsource-4.3.12-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1
rubygem-puma-debugsource-4.3.12-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1
rubygem-puma-debugsource-4.3.12-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1
- SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-puma-4.3.12-150000.3.9.1
ruby2.5-rubygem-puma-debuginfo-4.3.12-150000.3.9.1
References:
https://www.suse.com/security/cve/CVE-2022-24790.html
https://bugzilla.suse.com/1197818
1
0
openSUSE-SU-2022:10144-1: important: Security update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer
by opensuse-security@opensuse.org 12 Oct '22
by opensuse-security@opensuse.org 12 Oct '22
12 Oct '22
openSUSE Security Update: Security update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10144-1
Rating: important
References: #1181400
Cross-References: CVE-2022-2119 CVE-2022-2120
CVSS scores:
CVE-2022-2119 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2120 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the
following issues:
Changes in gdcm:
- Provides/obsoletes moved to lbgdcm-package (Thx DimStar)
- rename of gdcm-libgdcm3_0 to libgdcm3_0 (proposal S. Br��ns)
- version 3.0.18
no changelog
- version 3.0.12
* support for poppler 22.03 added
- version 3.0.11
* Fix for a significant issue with JPEG-LS and RGB color space
* tons of small bug fixes
- version 3.0.10 (no changelog)
Changes in orthanc-gdcm:
- changed dependency gdcm-libgdcm3_0 -> libgdcm3_0
- Version 1.5
* Take the configuration option "RestrictTransferSyntaxes" into account
not only for decoding, but also for transcoding
* Upgrade to GDCM 3.0.10 for static builds-
Changes in orthanc:
- version 1.11.2
* Added support for RGBA64 images in tools/create-dicom and /preview
* New configuration "MaximumStorageMode" to choose between recyling of
old patients (default behavior) and rejection of new incoming data
when the MaximumStorageSize has been reached.
* New sample plugin: "DelayedDeletion" that will delete files from disk
asynchronously to speed up deletion of large studies.
* Lua: new "SetHttpTimeout" function
* Lua: new "OnHeartBeat" callback called at regular interval provided
that you have configured "LuaHeartBeatPeriod" > 0.
* "ExtraMainDicomTags" configuration now accepts Dicom Sequences.
Sequences are stored in a dedicated new metadata
"MainDicomSequences". This should improve DicomWeb QIDO-RS and avoid
warnings like "Accessing Dicom tags from storage when accessing series
: 0040,0275". Main dicom sequences can now be returned in
"MainDicomTags" and in "RequestedTags".
* Fix the "Never" option of the "StorageAccessOnFind" that was sill
accessing files (bug introduced in 1.11.0).
* Fix the Storage Cache for compressed files (bug introduced in 1.11.1).
* Fix the storage cache that was not used by the Plugin SDK. This fixes
the DicomWeb plugin "/rendered" route performance issues.
* DelayedDeletion plugin: Fix leaking of symbols
* SQLite now closes and deletes WAL and SHM files on exit. This should
improve handling of SQLite DB over network drives.
* Fix static compilation of boost 1.69 on Ubuntu 22.04
* Upgraded dependencies for static builds:
- boost 1.80.0
- dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120)
- openssl 3.0.5
* Housekeeper plugin: Fix resume of previous processing
* Added missing MOVEPatientRootQueryRetrieveInformationModel in
DicomControlUserConnection::SetupPresentationContexts()
* Improved HttpClient error logging (add method + url)
* API version upgraded to 18
* /system is now reporting "DatabaseServerIdentifier"
* Added an Asynchronous mode to /modalities/../move.
* "RequestedTags" option can now include DICOM sequences.
* New function in the SDK: "OrthancPluginGetDatabaseServerIdentifier"
* DicomMap::ParseMainDicomTags has been deprecated -> retrieve "full"
tags and use DicomMap::FromDicomAsJson instead
- version 1.11.0
* new API version 1.7
* new configuration parameter
* for detailed changelog see NEWS
- version 1.10.1
* for detailed changelog see NEWS
- Version 1.9.7
* New configuration option "DicomAlwaysAllowMove" to disable verification
of the remote modality in C-MOVE SCP
* API version upgraded to 15
* Added "Level" option to POST /tools/bulk-modify
* Added missing OpenAPI documentation of "KeepSource" in ".../modify" and
".../anonymize"
* Added file CITATION.cff
* Linux Standard Base (LSB) builds of Orthanc can load non-LSB builds of
plugins
* Fix upload of ZIP archives containing a DICOMDIR file
* Fix computation of the estimated time of arrival in jobs
* Support detection of windowing and rescale in Philips multiframe images
Changes in orthanc-webviewer:
- version 2.8
* Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart
Kurutac, NCC Group)
* framework190.diff removed (covered in actual version)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10144=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64):
gdcm-3.0.19-bp153.2.8.1
gdcm-applications-3.0.19-bp153.2.8.1
gdcm-applications-debuginfo-3.0.19-bp153.2.8.1
gdcm-debuginfo-3.0.19-bp153.2.8.1
gdcm-debugsource-3.0.19-bp153.2.8.1
gdcm-devel-3.0.19-bp153.2.8.1
gdcm-examples-3.0.19-bp153.2.8.1
libgdcm3_0-3.0.19-bp153.2.8.1
libgdcm3_0-debuginfo-3.0.19-bp153.2.8.1
libsocketxx1_2-3.0.19-bp153.2.8.1
libsocketxx1_2-debuginfo-3.0.19-bp153.2.8.1
orthanc-gdcm-1.5-bp153.2.6.1
orthanc-gdcm-debuginfo-1.5-bp153.2.6.1
orthanc-gdcm-debugsource-1.5-bp153.2.6.1
orthanc-webviewer-2.8-bp153.2.3.1
orthanc-webviewer-debuginfo-2.8-bp153.2.3.1
orthanc-webviewer-debugsource-2.8-bp153.2.3.1
python3-gdcm-3.0.19-bp153.2.8.1
python3-gdcm-debuginfo-3.0.19-bp153.2.8.1
- openSUSE Backports SLE-15-SP3 (aarch64 ppc64le x86_64):
orthanc-1.11.2-bp153.2.13.1
orthanc-debuginfo-1.11.2-bp153.2.13.1
orthanc-debugsource-1.11.2-bp153.2.13.1
orthanc-devel-1.11.2-bp153.2.13.1
orthanc-source-1.11.2-bp153.2.13.1
- openSUSE Backports SLE-15-SP3 (noarch):
orthanc-doc-1.11.2-bp153.2.13.1
References:
https://www.suse.com/security/cve/CVE-2022-2119.html
https://www.suse.com/security/cve/CVE-2022-2120.html
https://bugzilla.suse.com/1181400
1
0
openSUSE-SU-2022:10145-1: important: Security update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer
by opensuse-security@opensuse.org 12 Oct '22
by opensuse-security@opensuse.org 12 Oct '22
12 Oct '22
openSUSE Security Update: Security update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10145-1
Rating: important
References:
Cross-References: CVE-2022-2119 CVE-2022-2120
CVSS scores:
CVE-2022-2119 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2120 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the
following issues:
Changes in gdcm:
- rename of gdcm-libgdcm3_0 to libgdcm3_0 (proposal S. Br��ns)
- version 3.0.18
no changelog
- version 3.0.12
* support for poppler 22.03 added
Changes in orthanc-gdcm:
- changed dependency gdcm-libgdcm3_0 -> libgdcm3_0
Changes in orthanc:
- version 1.11.2
* Added support for RGBA64 images in tools/create-dicom and /preview
* New configuration "MaximumStorageMode" to choose between recyling of
old patients (default behavior) and rejection of new incoming data
when the MaximumStorageSize has been reached.
* New sample plugin: "DelayedDeletion" that will delete files from disk
asynchronously to speed up deletion of large studies.
* Lua: new "SetHttpTimeout" function
* Lua: new "OnHeartBeat" callback called at regular interval provided
that you have configured "LuaHeartBeatPeriod" > 0.
* "ExtraMainDicomTags" configuration now accepts Dicom Sequences.
Sequences are stored in a dedicated new metadata
"MainDicomSequences". This should improve DicomWeb QIDO-RS and avoid
warnings like "Accessing Dicom tags from storage when accessing series
: 0040,0275". Main dicom sequences can now be returned in
"MainDicomTags" and in "RequestedTags".
* Fix the "Never" option of the "StorageAccessOnFind" that was sill
accessing files (bug introduced in 1.11.0).
* Fix the Storage Cache for compressed files (bug introduced in 1.11.1).
* Fix the storage cache that was not used by the Plugin SDK. This fixes
the DicomWeb plugin "/rendered" route performance issues.
* DelayedDeletion plugin: Fix leaking of symbols
* SQLite now closes and deletes WAL and SHM files on exit. This should
improve handling of SQLite DB over network drives.
* Fix static compilation of boost 1.69 on Ubuntu 22.04
* Upgraded dependencies for static builds:
- boost 1.80.0
- dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120)
- openssl 3.0.5
* Housekeeper plugin: Fix resume of previous processing
* Added missing MOVEPatientRootQueryRetrieveInformationModel in
DicomControlUserConnection::SetupPresentationContexts()
* Improved HttpClient error logging (add method + url)
* API version upgraded to 18
* /system is now reporting "DatabaseServerIdentifier"
* Added an Asynchronous mode to /modalities/../move.
* "RequestedTags" option can now include DICOM sequences.
* New function in the SDK: "OrthancPluginGetDatabaseServerIdentifier"
* DicomMap::ParseMainDicomTags has been deprecated -> retrieve "full"
tags and use DicomMap::FromDicomAsJson instead
Changes in orthanc-webviewer:
- version 2.8
* Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart
Kurutac, NCC Group)
* framework190.diff removed (covered in actual version)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10145=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):
gdcm-3.0.19-bp154.2.5.1
gdcm-applications-3.0.19-bp154.2.5.1
gdcm-applications-debuginfo-3.0.19-bp154.2.5.1
gdcm-debuginfo-3.0.19-bp154.2.5.1
gdcm-debugsource-3.0.19-bp154.2.5.1
gdcm-devel-3.0.19-bp154.2.5.1
gdcm-examples-3.0.19-bp154.2.5.1
libgdcm3_0-3.0.19-bp154.2.5.1
libgdcm3_0-debuginfo-3.0.19-bp154.2.5.1
libsocketxx1_2-3.0.19-bp154.2.5.1
libsocketxx1_2-debuginfo-3.0.19-bp154.2.5.1
orthanc-gdcm-1.5-bp154.2.3.1
orthanc-gdcm-debuginfo-1.5-bp154.2.3.1
orthanc-gdcm-debugsource-1.5-bp154.2.3.1
orthanc-webviewer-2.8-bp154.2.3.1
orthanc-webviewer-debuginfo-2.8-bp154.2.3.1
orthanc-webviewer-debugsource-2.8-bp154.2.3.1
python3-gdcm-3.0.19-bp154.2.5.1
python3-gdcm-debuginfo-3.0.19-bp154.2.5.1
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le x86_64):
orthanc-1.11.2-bp154.2.3.1
orthanc-debuginfo-1.11.2-bp154.2.3.1
orthanc-debugsource-1.11.2-bp154.2.3.1
orthanc-devel-1.11.2-bp154.2.3.1
orthanc-source-1.11.2-bp154.2.3.1
- openSUSE Backports SLE-15-SP4 (noarch):
orthanc-doc-1.11.2-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-2119.html
https://www.suse.com/security/cve/CVE-2022-2120.html
1
0
07 Oct '22
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3552-1
Rating: low
References: #1203212
Cross-References: CVE-2021-3574
CVSS scores:
CVE-2021-3574 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-3574 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for ImageMagick fixes the following issues:
- CVE-2021-3574: Fixed memory leaks with convert command (bsc#1203212).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3552=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3552=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3552=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3552=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.39.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.39.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.39.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.39.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1
- openSUSE Leap 15.4 (x86_64):
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.39.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.39.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.39.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.39.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.39.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.39.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.39.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.39.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.39.1
ImageMagick-debuginfo-7.0.7.34-150200.10.39.1
ImageMagick-debugsource-7.0.7.34-150200.10.39.1
ImageMagick-devel-7.0.7.34-150200.10.39.1
ImageMagick-extra-7.0.7.34-150200.10.39.1
ImageMagick-extra-debuginfo-7.0.7.34-150200.10.39.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.39.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.39.1
libMagick++-devel-7.0.7.34-150200.10.39.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.39.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.39.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1
perl-PerlMagick-7.0.7.34-150200.10.39.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.39.1
- openSUSE Leap 15.3 (x86_64):
ImageMagick-devel-32bit-7.0.7.34-150200.10.39.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.39.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.39.1
libMagick++-devel-32bit-7.0.7.34-150200.10.39.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.39.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.39.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.39.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.39.1
- openSUSE Leap 15.3 (noarch):
ImageMagick-doc-7.0.7.34-150200.10.39.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
ImageMagick-debuginfo-7.0.7.34-150200.10.39.1
ImageMagick-debugsource-7.0.7.34-150200.10.39.1
perl-PerlMagick-7.0.7.34-150200.10.39.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.39.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.39.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.39.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.39.1
ImageMagick-debuginfo-7.0.7.34-150200.10.39.1
ImageMagick-debugsource-7.0.7.34-150200.10.39.1
ImageMagick-devel-7.0.7.34-150200.10.39.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.39.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.39.1
libMagick++-devel-7.0.7.34-150200.10.39.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.39.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.39.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.39.1
References:
https://www.suse.com/security/cve/CVE-2021-3574.html
https://bugzilla.suse.com/1203212
1
0
SUSE-SU-2022:3544-1: important: Security update for python3
by opensuse-security@opensuse.org 06 Oct '22
by opensuse-security@opensuse.org 06 Oct '22
06 Oct '22
SUSE Security Update: Security update for python3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3544-1
Rating: important
References: #1202624
Cross-References: CVE-2021-28861
CVSS scores:
CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2021-28861 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP
server when an URI path starts with // (bsc#1202624).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3544=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3544=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3544=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3544=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3544=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3544=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3544=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3544=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3544=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libpython3_6m1_0-3.6.15-150300.10.30.1
libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1
python3-3.6.15-150300.10.30.1
python3-base-3.6.15-150300.10.30.1
python3-base-debuginfo-3.6.15-150300.10.30.1
python3-core-debugsource-3.6.15-150300.10.30.1
python3-debuginfo-3.6.15-150300.10.30.1
python3-debugsource-3.6.15-150300.10.30.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.30.1
libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1
python3-3.6.15-150300.10.30.1
python3-base-3.6.15-150300.10.30.1
python3-base-debuginfo-3.6.15-150300.10.30.1
python3-core-debugsource-3.6.15-150300.10.30.1
python3-curses-3.6.15-150300.10.30.1
python3-curses-debuginfo-3.6.15-150300.10.30.1
python3-dbm-3.6.15-150300.10.30.1
python3-dbm-debuginfo-3.6.15-150300.10.30.1
python3-debuginfo-3.6.15-150300.10.30.1
python3-debugsource-3.6.15-150300.10.30.1
python3-devel-3.6.15-150300.10.30.1
python3-devel-debuginfo-3.6.15-150300.10.30.1
python3-doc-3.6.15-150300.10.30.1
python3-doc-devhelp-3.6.15-150300.10.30.1
python3-idle-3.6.15-150300.10.30.1
python3-testsuite-3.6.15-150300.10.30.1
python3-testsuite-debuginfo-3.6.15-150300.10.30.1
python3-tk-3.6.15-150300.10.30.1
python3-tk-debuginfo-3.6.15-150300.10.30.1
python3-tools-3.6.15-150300.10.30.1
- openSUSE Leap 15.4 (x86_64):
libpython3_6m1_0-32bit-3.6.15-150300.10.30.1
libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.30.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.30.1
libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1
python3-3.6.15-150300.10.30.1
python3-base-3.6.15-150300.10.30.1
python3-base-debuginfo-3.6.15-150300.10.30.1
python3-core-debugsource-3.6.15-150300.10.30.1
python3-curses-3.6.15-150300.10.30.1
python3-curses-debuginfo-3.6.15-150300.10.30.1
python3-dbm-3.6.15-150300.10.30.1
python3-dbm-debuginfo-3.6.15-150300.10.30.1
python3-debuginfo-3.6.15-150300.10.30.1
python3-debugsource-3.6.15-150300.10.30.1
python3-devel-3.6.15-150300.10.30.1
python3-devel-debuginfo-3.6.15-150300.10.30.1
python3-doc-3.6.15-150300.10.30.1
python3-doc-devhelp-3.6.15-150300.10.30.1
python3-idle-3.6.15-150300.10.30.1
python3-testsuite-3.6.15-150300.10.30.1
python3-testsuite-debuginfo-3.6.15-150300.10.30.1
python3-tk-3.6.15-150300.10.30.1
python3-tk-debuginfo-3.6.15-150300.10.30.1
python3-tools-3.6.15-150300.10.30.1
- openSUSE Leap 15.3 (x86_64):
libpython3_6m1_0-32bit-3.6.15-150300.10.30.1
libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.30.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
python3-core-debugsource-3.6.15-150300.10.30.1
python3-tools-3.6.15-150300.10.30.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
python3-core-debugsource-3.6.15-150300.10.30.1
python3-tools-3.6.15-150300.10.30.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.30.1
libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1
python3-3.6.15-150300.10.30.1
python3-base-3.6.15-150300.10.30.1
python3-base-debuginfo-3.6.15-150300.10.30.1
python3-core-debugsource-3.6.15-150300.10.30.1
python3-curses-3.6.15-150300.10.30.1
python3-curses-debuginfo-3.6.15-150300.10.30.1
python3-dbm-3.6.15-150300.10.30.1
python3-dbm-debuginfo-3.6.15-150300.10.30.1
python3-debuginfo-3.6.15-150300.10.30.1
python3-debugsource-3.6.15-150300.10.30.1
python3-devel-3.6.15-150300.10.30.1
python3-devel-debuginfo-3.6.15-150300.10.30.1
python3-idle-3.6.15-150300.10.30.1
python3-tk-3.6.15-150300.10.30.1
python3-tk-debuginfo-3.6.15-150300.10.30.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.30.1
libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1
python3-3.6.15-150300.10.30.1
python3-base-3.6.15-150300.10.30.1
python3-base-debuginfo-3.6.15-150300.10.30.1
python3-core-debugsource-3.6.15-150300.10.30.1
python3-curses-3.6.15-150300.10.30.1
python3-curses-debuginfo-3.6.15-150300.10.30.1
python3-dbm-3.6.15-150300.10.30.1
python3-dbm-debuginfo-3.6.15-150300.10.30.1
python3-debuginfo-3.6.15-150300.10.30.1
python3-debugsource-3.6.15-150300.10.30.1
python3-devel-3.6.15-150300.10.30.1
python3-devel-debuginfo-3.6.15-150300.10.30.1
python3-idle-3.6.15-150300.10.30.1
python3-tk-3.6.15-150300.10.30.1
python3-tk-debuginfo-3.6.15-150300.10.30.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.30.1
libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1
python3-3.6.15-150300.10.30.1
python3-base-3.6.15-150300.10.30.1
python3-base-debuginfo-3.6.15-150300.10.30.1
python3-core-debugsource-3.6.15-150300.10.30.1
python3-debuginfo-3.6.15-150300.10.30.1
python3-debugsource-3.6.15-150300.10.30.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.30.1
libpython3_6m1_0-debuginfo-3.6.15-150300.10.30.1
python3-3.6.15-150300.10.30.1
python3-base-3.6.15-150300.10.30.1
python3-base-debuginfo-3.6.15-150300.10.30.1
python3-core-debugsource-3.6.15-150300.10.30.1
python3-debuginfo-3.6.15-150300.10.30.1
python3-debugsource-3.6.15-150300.10.30.1
References:
https://www.suse.com/security/cve/CVE-2021-28861.html
https://bugzilla.suse.com/1202624
1
0
SUSE-SU-2022:3531-1: important: Security update for squid
by opensuse-security@opensuse.org 06 Oct '22
by opensuse-security@opensuse.org 06 Oct '22
06 Oct '22
SUSE Security Update: Security update for squid
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3531-1
Rating: important
References: #1203677 #1203680
Cross-References: CVE-2022-41317 CVE-2022-41318
CVSS scores:
CVE-2022-41317 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-41318 (SUSE): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for squid fixes the following issues:
Updated squid to version 5.7:
- CVE-2022-41317: Fixed exposure of sensitive information in cache
manager (bsc#1203677).
- CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication
(bsc#1203680).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3531=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3531=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
squid-5.7-150400.3.6.1
squid-debuginfo-5.7-150400.3.6.1
squid-debugsource-5.7-150400.3.6.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
squid-5.7-150400.3.6.1
squid-debuginfo-5.7-150400.3.6.1
squid-debugsource-5.7-150400.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-41317.html
https://www.suse.com/security/cve/CVE-2022-41318.html
https://bugzilla.suse.com/1203677
https://bugzilla.suse.com/1203680
1
0
SUSE-SU-2022:3540-1: moderate: Security update for LibVNCServer
by opensuse-security@opensuse.org 06 Oct '22
by opensuse-security@opensuse.org 06 Oct '22
06 Oct '22
SUSE Security Update: Security update for LibVNCServer
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3540-1
Rating: moderate
References: #1203106
Cross-References: CVE-2020-29260
CVSS scores:
CVE-2020-29260 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-29260 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for LibVNCServer fixes the following issues:
- CVE-2020-29260: Fixed memory leakage via rfbClientCleanup()
(bsc#1203106).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3540=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3540=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3540=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
LibVNCServer-debugsource-0.9.13-150400.3.3.1
LibVNCServer-devel-0.9.13-150400.3.3.1
libvncclient1-0.9.13-150400.3.3.1
libvncclient1-debuginfo-0.9.13-150400.3.3.1
libvncserver1-0.9.13-150400.3.3.1
libvncserver1-debuginfo-0.9.13-150400.3.3.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
LibVNCServer-debugsource-0.9.13-150400.3.3.1
libvncclient1-0.9.13-150400.3.3.1
libvncclient1-debuginfo-0.9.13-150400.3.3.1
libvncserver1-0.9.13-150400.3.3.1
libvncserver1-debuginfo-0.9.13-150400.3.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x):
LibVNCServer-debugsource-0.9.13-150400.3.3.1
libvncclient1-0.9.13-150400.3.3.1
libvncclient1-debuginfo-0.9.13-150400.3.3.1
libvncserver1-0.9.13-150400.3.3.1
libvncserver1-debuginfo-0.9.13-150400.3.3.1
References:
https://www.suse.com/security/cve/CVE-2020-29260.html
https://bugzilla.suse.com/1203106
1
0
SUSE-SU-2022:3535-1: important: Security update for slurm
by opensuse-security@opensuse.org 06 Oct '22
by opensuse-security@opensuse.org 06 Oct '22
06 Oct '22
SUSE Security Update: Security update for slurm
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3535-1
Rating: important
References: #1199278 #1199279 #1201674
Cross-References: CVE-2022-29500 CVE-2022-29501 CVE-2022-31251
CVSS scores:
CVE-2022-29500 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29500 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31251 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for slurm fixes the following issues:
- CVE-2022-31251: Fixed a potential security vulnerability in the test
package (bsc#1201674).
- CVE-2022-29500: Fixed architectural flaw that could have been exploited
to allow an unprivileged user to execute arbitrary processes as root
(bsc#1199278).
- CVE-2022-29501: Fixed a problem that an unprivileged user could have
sent data to arbitrary unix socket as root (bsc#1199279).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3535=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3535=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3535=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3535=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libslurm32-17.11.13-150000.6.40.1
libslurm32-debuginfo-17.11.13-150000.6.40.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libslurm32-17.11.13-150000.6.40.1
libslurm32-debuginfo-17.11.13-150000.6.40.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libpmi0-17.11.13-150000.6.40.1
libpmi0-debuginfo-17.11.13-150000.6.40.1
libslurm32-17.11.13-150000.6.40.1
libslurm32-debuginfo-17.11.13-150000.6.40.1
perl-slurm-17.11.13-150000.6.40.1
perl-slurm-debuginfo-17.11.13-150000.6.40.1
slurm-17.11.13-150000.6.40.1
slurm-auth-none-17.11.13-150000.6.40.1
slurm-auth-none-debuginfo-17.11.13-150000.6.40.1
slurm-config-17.11.13-150000.6.40.1
slurm-debuginfo-17.11.13-150000.6.40.1
slurm-debugsource-17.11.13-150000.6.40.1
slurm-devel-17.11.13-150000.6.40.1
slurm-doc-17.11.13-150000.6.40.1
slurm-lua-17.11.13-150000.6.40.1
slurm-lua-debuginfo-17.11.13-150000.6.40.1
slurm-munge-17.11.13-150000.6.40.1
slurm-munge-debuginfo-17.11.13-150000.6.40.1
slurm-node-17.11.13-150000.6.40.1
slurm-node-debuginfo-17.11.13-150000.6.40.1
slurm-pam_slurm-17.11.13-150000.6.40.1
slurm-pam_slurm-debuginfo-17.11.13-150000.6.40.1
slurm-plugins-17.11.13-150000.6.40.1
slurm-plugins-debuginfo-17.11.13-150000.6.40.1
slurm-slurmdbd-17.11.13-150000.6.40.1
slurm-slurmdbd-debuginfo-17.11.13-150000.6.40.1
slurm-sql-17.11.13-150000.6.40.1
slurm-sql-debuginfo-17.11.13-150000.6.40.1
slurm-torque-17.11.13-150000.6.40.1
slurm-torque-debuginfo-17.11.13-150000.6.40.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libpmi0-17.11.13-150000.6.40.1
libpmi0-debuginfo-17.11.13-150000.6.40.1
libslurm32-17.11.13-150000.6.40.1
libslurm32-debuginfo-17.11.13-150000.6.40.1
perl-slurm-17.11.13-150000.6.40.1
perl-slurm-debuginfo-17.11.13-150000.6.40.1
slurm-17.11.13-150000.6.40.1
slurm-auth-none-17.11.13-150000.6.40.1
slurm-auth-none-debuginfo-17.11.13-150000.6.40.1
slurm-config-17.11.13-150000.6.40.1
slurm-debuginfo-17.11.13-150000.6.40.1
slurm-debugsource-17.11.13-150000.6.40.1
slurm-devel-17.11.13-150000.6.40.1
slurm-doc-17.11.13-150000.6.40.1
slurm-lua-17.11.13-150000.6.40.1
slurm-lua-debuginfo-17.11.13-150000.6.40.1
slurm-munge-17.11.13-150000.6.40.1
slurm-munge-debuginfo-17.11.13-150000.6.40.1
slurm-node-17.11.13-150000.6.40.1
slurm-node-debuginfo-17.11.13-150000.6.40.1
slurm-pam_slurm-17.11.13-150000.6.40.1
slurm-pam_slurm-debuginfo-17.11.13-150000.6.40.1
slurm-plugins-17.11.13-150000.6.40.1
slurm-plugins-debuginfo-17.11.13-150000.6.40.1
slurm-slurmdbd-17.11.13-150000.6.40.1
slurm-slurmdbd-debuginfo-17.11.13-150000.6.40.1
slurm-sql-17.11.13-150000.6.40.1
slurm-sql-debuginfo-17.11.13-150000.6.40.1
slurm-torque-17.11.13-150000.6.40.1
slurm-torque-debuginfo-17.11.13-150000.6.40.1
References:
https://www.suse.com/security/cve/CVE-2022-29500.html
https://www.suse.com/security/cve/CVE-2022-29501.html
https://www.suse.com/security/cve/CVE-2022-31251.html
https://bugzilla.suse.com/1199278
https://bugzilla.suse.com/1199279
https://bugzilla.suse.com/1201674
1
0
SUSE-SU-2022:3537-1: important: Security update for postgresql-jdbc
by opensuse-security@opensuse.org 06 Oct '22
by opensuse-security@opensuse.org 06 Oct '22
06 Oct '22
SUSE Security Update: Security update for postgresql-jdbc
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3537-1
Rating: important
References: #1202170
Cross-References: CVE-2022-31197
CVSS scores:
CVE-2022-31197 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31197 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for postgresql-jdbc fixes the following issues:
- CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3537=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3537=1
Package List:
- openSUSE Leap 15.4 (noarch):
postgresql-jdbc-42.2.25-150400.3.6.1
postgresql-jdbc-javadoc-42.2.25-150400.3.6.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
postgresql-jdbc-42.2.25-150400.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-31197.html
https://bugzilla.suse.com/1202170
1
0
SUSE-SU-2022:3538-1: important: Security update for webkit2gtk3
by opensuse-security@opensuse.org 06 Oct '22
by opensuse-security@opensuse.org 06 Oct '22
06 Oct '22
SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3538-1
Rating: important
References: #1203530
Cross-References: CVE-2022-32886 CVE-2022-32912
CVSS scores:
CVE-2022-32886 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32886 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32912 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32912 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
Updated to version 2.36.8 (bsc#1203530):
- CVE-2022-32886: Fixed a buffer overflow issue that could potentially
lead to code execution.
- CVE-2022-32912: Fixed an out-of-bounds read that could potentially
lead to code execution.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3538=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3538=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3538=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3538=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3538=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3538=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3538=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3538=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3538=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3538=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3538=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3538=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3538=1
Package List:
- openSUSE Leap 15.4 (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1
webkit-jsc-4-2.36.8-150200.47.1
webkit-jsc-4-debuginfo-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
webkit2gtk3-devel-2.36.8-150200.47.1
webkit2gtk3-minibrowser-2.36.8-150200.47.1
webkit2gtk3-minibrowser-debuginfo-2.36.8-150200.47.1
- openSUSE Leap 15.3 (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
- openSUSE Leap 15.3 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-32bit-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.8-150200.47.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
webkit2gtk3-devel-2.36.8-150200.47.1
- SUSE Manager Server 4.1 (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
webkit2gtk3-devel-2.36.8-150200.47.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
- SUSE Manager Proxy 4.1 (x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
webkit2gtk3-devel-2.36.8-150200.47.1
- SUSE Manager Proxy 4.1 (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
webkit2gtk3-devel-2.36.8-150200.47.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
webkit2gtk3-devel-2.36.8-150200.47.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
webkit2gtk3-devel-2.36.8-150200.47.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
webkit2gtk3-devel-2.36.8-150200.47.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
webkit2gtk3-devel-2.36.8-150200.47.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
webkit2gtk3-devel-2.36.8-150200.47.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150200.47.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-2.36.8-150200.47.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150200.47.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2-4_0-2.36.8-150200.47.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-2.36.8-150200.47.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150200.47.1
webkit2gtk3-debugsource-2.36.8-150200.47.1
webkit2gtk3-devel-2.36.8-150200.47.1
- SUSE Enterprise Storage 7 (noarch):
libwebkit2gtk3-lang-2.36.8-150200.47.1
References:
https://www.suse.com/security/cve/CVE-2022-32886.html
https://www.suse.com/security/cve/CVE-2022-32912.html
https://bugzilla.suse.com/1203530
1
0
openSUSE-SU-2022:10142-1: moderate: Security update for pngcheck
by opensuse-security@opensuse.org 06 Oct '22
by opensuse-security@opensuse.org 06 Oct '22
06 Oct '22
openSUSE Security Update: Security update for pngcheck
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10142-1
Rating: moderate
References: #1202662
Cross-References: CVE-2020-35511
CVSS scores:
CVE-2020-35511 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for pngcheck fixes the following issues:
version update to 3.0.3 [boo#1202662]
* fixed a crash bug (and probable vulnerability) in large (MNG) LOOP chunks
* fixed a divide-by-zero crash bug (and probable vulnerability) in
interlaced images with extra compressed data beyond the nominal end of
the image data (found by "chiba of topsec alpha lab")
version update to 3.0.0
* tweaked color definitions slightly to work better on terminals with
white/light backgrounds
* fixed DHDR (pre-MNG-1.0) bug identified by Winfried <szukw000(a)arcor.de>
* added eXIf support (GRR: added check for II/MM/unknown format)
* converted static const help/usage-related strings to macros so
-Werror=format-security doesn't trigger (Ben Beasley)
* added (help2man-generated) man pages for all three utils added
top-level LICENSE file; fixed various compiler warnings
* fixed buffer-overflow vulnerability discovered by "giantbranch of
NSFOCUS Security Team" *
https://bugzilla.redhat.com/show_bug.cgi?id=1897485
* found and fixed four additional vulnerabilities (null-pointer
dereference and three buffer overruns)
* an off-by-one bug in check_magic() (Lucy Phipps)
* converted two zlib-version warnings/errors to go to stderr (Lemures
Lemniscati, actually from 20180318; forwarded by LP)
* fixed another buffer-overflow vulnerability discovered by "giantbranch
of NSFOCUS Security Team"
https://bugzilla.redhat.com/show_bug.cgi?id=1905775
* removed -f ("force") option due to multiple security issues
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10142=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
pngcheck-3.0.3-bp153.3.3.1
References:
https://www.suse.com/security/cve/CVE-2020-35511.html
https://bugzilla.suse.com/1202662
1
0
SUSE-SU-2022:3525-1: moderate: Security update for cifs-utils
by opensuse-security@opensuse.org 05 Oct '22
by opensuse-security@opensuse.org 05 Oct '22
05 Oct '22
SUSE Security Update: Security update for cifs-utils
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3525-1
Rating: moderate
References: #1198976
Cross-References: CVE-2022-29869
CVSS scores:
CVE-2022-29869 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-29869 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for cifs-utils fixes the following issues:
- Fix changelog to include Bugzilla and CVE tracker id numbers missing
from previous update
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3525=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3525=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3525=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
cifs-utils-6.15-150400.3.9.1
cifs-utils-debuginfo-6.15-150400.3.9.1
cifs-utils-debugsource-6.15-150400.3.9.1
cifs-utils-devel-6.15-150400.3.9.1
pam_cifscreds-6.15-150400.3.9.1
pam_cifscreds-debuginfo-6.15-150400.3.9.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
cifs-utils-6.15-150400.3.9.1
cifs-utils-debuginfo-6.15-150400.3.9.1
cifs-utils-debugsource-6.15-150400.3.9.1
cifs-utils-devel-6.15-150400.3.9.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
cifs-utils-6.15-150400.3.9.1
cifs-utils-debuginfo-6.15-150400.3.9.1
cifs-utils-debugsource-6.15-150400.3.9.1
References:
https://www.suse.com/security/cve/CVE-2022-29869.html
https://bugzilla.suse.com/1198976
1
0
SUSE-SU-2022:3523-1: moderate: Security update for libjpeg-turbo
by opensuse-security@opensuse.org 04 Oct '22
by opensuse-security@opensuse.org 04 Oct '22
04 Oct '22
SUSE Security Update: Security update for libjpeg-turbo
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3523-1
Rating: moderate
References: #1202915
Cross-References: CVE-2020-35538
CVSS scores:
CVE-2020-35538 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-35538 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libjpeg-turbo fixes the following issues:
- CVE-2020-35538: Fixed null pointer dereference in jcopy_sample_rows()
function (bsc#1202915).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3523=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3523=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3523=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3523=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3523=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3523=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3523=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3523=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libjpeg8-8.1.2-150000.32.5.1
libjpeg8-debuginfo-8.1.2-150000.32.5.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libjpeg62-turbo-1.5.3-150000.32.5.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libjpeg-turbo-1.5.3-150000.32.5.1
libjpeg-turbo-debuginfo-1.5.3-150000.32.5.1
libjpeg-turbo-debugsource-1.5.3-150000.32.5.1
libjpeg62-62.2.0-150000.32.5.1
libjpeg62-debuginfo-62.2.0-150000.32.5.1
libjpeg62-devel-62.2.0-150000.32.5.1
libjpeg62-turbo-1.5.3-150000.32.5.1
libjpeg62-turbo-debugsource-1.5.3-150000.32.5.1
libjpeg8-8.1.2-150000.32.5.1
libjpeg8-debuginfo-8.1.2-150000.32.5.1
libjpeg8-devel-8.1.2-150000.32.5.1
libturbojpeg0-8.1.2-150000.32.5.1
libturbojpeg0-debuginfo-8.1.2-150000.32.5.1
- openSUSE Leap 15.3 (x86_64):
libjpeg62-32bit-62.2.0-150000.32.5.1
libjpeg62-32bit-debuginfo-62.2.0-150000.32.5.1
libjpeg62-devel-32bit-62.2.0-150000.32.5.1
libjpeg8-32bit-8.1.2-150000.32.5.1
libjpeg8-32bit-debuginfo-8.1.2-150000.32.5.1
libjpeg8-devel-32bit-8.1.2-150000.32.5.1
libturbojpeg0-32bit-8.1.2-150000.32.5.1
libturbojpeg0-32bit-debuginfo-8.1.2-150000.32.5.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
libjpeg-turbo-1.5.3-150000.32.5.1
libjpeg-turbo-debuginfo-1.5.3-150000.32.5.1
libjpeg-turbo-debugsource-1.5.3-150000.32.5.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
libjpeg8-32bit-8.1.2-150000.32.5.1
libjpeg8-32bit-debuginfo-8.1.2-150000.32.5.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64):
libjpeg8-32bit-8.1.2-150000.32.5.1
libjpeg8-32bit-debuginfo-8.1.2-150000.32.5.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libjpeg62-62.2.0-150000.32.5.1
libjpeg62-debuginfo-62.2.0-150000.32.5.1
libjpeg62-devel-62.2.0-150000.32.5.1
libjpeg8-8.1.2-150000.32.5.1
libjpeg8-debuginfo-8.1.2-150000.32.5.1
libjpeg8-devel-8.1.2-150000.32.5.1
libturbojpeg0-8.1.2-150000.32.5.1
libturbojpeg0-debuginfo-8.1.2-150000.32.5.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libjpeg8-8.1.2-150000.32.5.1
libjpeg8-debuginfo-8.1.2-150000.32.5.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libjpeg8-8.1.2-150000.32.5.1
libjpeg8-debuginfo-8.1.2-150000.32.5.1
References:
https://www.suse.com/security/cve/CVE-2020-35538.html
https://bugzilla.suse.com/1202915
1
0
SUSE-SU-2022:3495-1: important: Security update for libgit2
by opensuse-security@opensuse.org 04 Oct '22
by opensuse-security@opensuse.org 04 Oct '22
04 Oct '22
SUSE Security Update: Security update for libgit2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3495-1
Rating: important
References: #1158790 #1158981 #1198234 #1201431
Cross-References: CVE-2019-1352 CVE-2022-24765 CVE-2022-29187
CVSS scores:
CVE-2019-1352 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-24765 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24765 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-29187 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29187 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for libgit2 fixes the following issues:
- Fixed DoS by oob write in constructed commit object with a very large
number of parents (bsc#1158981).
- CVE-2019-1352: Fixed git on Windows being unaware of NTFS Alternate Data
Streams (bnc#1158790).
- CVE-2022-24765: Fixed potential command injection via git worktree
(bsc#1198234).
- CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3495=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3495=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3495=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3495=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3495=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3495=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3495=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3495=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3495=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3495=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3495=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3495=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3495=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3495=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3495=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3495=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3495=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3495=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3495=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3495=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3495=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
- openSUSE Leap 15.4 (x86_64):
libgit2-26-32bit-0.26.8-150000.3.15.1
libgit2-26-32bit-debuginfo-0.26.8-150000.3.15.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
- openSUSE Leap 15.3 (x86_64):
libgit2-26-32bit-0.26.8-150000.3.15.1
libgit2-26-32bit-debuginfo-0.26.8-150000.3.15.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
- SUSE Manager Proxy 4.1 (x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
libgit2-debugsource-0.26.8-150000.3.15.1
libgit2-devel-0.26.8-150000.3.15.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
libgit2-debugsource-0.26.8-150000.3.15.1
libgit2-devel-0.26.8-150000.3.15.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
libgit2-debugsource-0.26.8-150000.3.15.1
libgit2-devel-0.26.8-150000.3.15.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
libgit2-debugsource-0.26.8-150000.3.15.1
libgit2-devel-0.26.8-150000.3.15.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
libgit2-debugsource-0.26.8-150000.3.15.1
libgit2-devel-0.26.8-150000.3.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
libgit2-debugsource-0.26.8-150000.3.15.1
libgit2-devel-0.26.8-150000.3.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
libgit2-debugsource-0.26.8-150000.3.15.1
libgit2-devel-0.26.8-150000.3.15.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
libgit2-debugsource-0.26.8-150000.3.15.1
libgit2-devel-0.26.8-150000.3.15.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
libgit2-debugsource-0.26.8-150000.3.15.1
libgit2-devel-0.26.8-150000.3.15.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
libgit2-debugsource-0.26.8-150000.3.15.1
libgit2-devel-0.26.8-150000.3.15.1
- SUSE CaaS Platform 4.0 (x86_64):
libgit2-26-0.26.8-150000.3.15.1
libgit2-26-debuginfo-0.26.8-150000.3.15.1
libgit2-debugsource-0.26.8-150000.3.15.1
libgit2-devel-0.26.8-150000.3.15.1
References:
https://www.suse.com/security/cve/CVE-2019-1352.html
https://www.suse.com/security/cve/CVE-2022-24765.html
https://www.suse.com/security/cve/CVE-2022-29187.html
https://bugzilla.suse.com/1158790
https://bugzilla.suse.com/1158981
https://bugzilla.suse.com/1198234
https://bugzilla.suse.com/1201431
1
0
SUSE-SU-2022:3496-1: moderate: Security update for colord
by opensuse-security@opensuse.org 04 Oct '22
by opensuse-security@opensuse.org 04 Oct '22
04 Oct '22
SUSE Security Update: Security update for colord
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3496-1
Rating: moderate
References: #1202802
Cross-References: CVE-2021-42523
CVSS scores:
CVE-2021-42523 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-42523 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for colord fixes the following issues:
- CVE-2021-42523: Fixed a small memory leak in sqlite3_exec (bsc#1202802).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3496=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3496=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3496=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3496=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3496=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
colord-1.4.5-150400.4.3.1
colord-color-profiles-1.4.5-150400.4.3.1
colord-debuginfo-1.4.5-150400.4.3.1
colord-debugsource-1.4.5-150400.4.3.1
libcolord-devel-1.4.5-150400.4.3.1
libcolord2-1.4.5-150400.4.3.1
libcolord2-debuginfo-1.4.5-150400.4.3.1
libcolorhug2-1.4.5-150400.4.3.1
libcolorhug2-debuginfo-1.4.5-150400.4.3.1
typelib-1_0-Colord-1_0-1.4.5-150400.4.3.1
typelib-1_0-Colorhug-1_0-1.4.5-150400.4.3.1
- openSUSE Leap 15.4 (noarch):
colord-lang-1.4.5-150400.4.3.1
- openSUSE Leap 15.4 (x86_64):
libcolord2-32bit-1.4.5-150400.4.3.1
libcolord2-32bit-debuginfo-1.4.5-150400.4.3.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch):
colord-lang-1.4.5-150400.4.3.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
colord-1.4.5-150400.4.3.1
colord-debuginfo-1.4.5-150400.4.3.1
colord-debugsource-1.4.5-150400.4.3.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
colord-color-profiles-1.4.5-150400.4.3.1
colord-debuginfo-1.4.5-150400.4.3.1
colord-debugsource-1.4.5-150400.4.3.1
libcolord-devel-1.4.5-150400.4.3.1
libcolorhug2-1.4.5-150400.4.3.1
libcolorhug2-debuginfo-1.4.5-150400.4.3.1
typelib-1_0-Colord-1_0-1.4.5-150400.4.3.1
typelib-1_0-Colorhug-1_0-1.4.5-150400.4.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
colord-debuginfo-1.4.5-150400.4.3.1
colord-debugsource-1.4.5-150400.4.3.1
libcolord2-1.4.5-150400.4.3.1
libcolord2-debuginfo-1.4.5-150400.4.3.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
colord-debuginfo-1.4.5-150400.4.3.1
colord-debugsource-1.4.5-150400.4.3.1
libcolord2-1.4.5-150400.4.3.1
libcolord2-debuginfo-1.4.5-150400.4.3.1
References:
https://www.suse.com/security/cve/CVE-2021-42523.html
https://bugzilla.suse.com/1202802
1
0
SUSE-SU-2022:3494-1: important: Security update for libgit2
by opensuse-security@opensuse.org 04 Oct '22
by opensuse-security@opensuse.org 04 Oct '22
04 Oct '22
SUSE Security Update: Security update for libgit2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3494-1
Rating: important
References: #1198234 #1201431
Cross-References: CVE-2022-24765 CVE-2022-29187
CVSS scores:
CVE-2022-24765 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24765 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-29187 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29187 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for libgit2 fixes the following issues:
- CVE-2022-24765: Fixed potential command injection via git worktree
(bsc#1198234).
- CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3494=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3494=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3494=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3494=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3494=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3494=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3494=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3494=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3494=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3494=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3494=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3494=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3494=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3494=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3494=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
- openSUSE Leap 15.4 (x86_64):
libgit2-28-32bit-0.28.4-150200.3.3.1
libgit2-28-32bit-debuginfo-0.28.4-150200.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
libgit2-devel-0.28.4-150200.3.3.1
- openSUSE Leap 15.3 (x86_64):
libgit2-28-32bit-0.28.4-150200.3.3.1
libgit2-28-32bit-debuginfo-0.28.4-150200.3.3.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
libgit2-devel-0.28.4-150200.3.3.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
libgit2-devel-0.28.4-150200.3.3.1
- SUSE Manager Proxy 4.1 (x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
libgit2-devel-0.28.4-150200.3.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
libgit2-devel-0.28.4-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
libgit2-devel-0.28.4-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
libgit2-devel-0.28.4-150200.3.3.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
libgit2-devel-0.28.4-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
libgit2-devel-0.28.4-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
libgit2-devel-0.28.4-150200.3.3.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libgit2-28-0.28.4-150200.3.3.1
libgit2-28-debuginfo-0.28.4-150200.3.3.1
libgit2-debugsource-0.28.4-150200.3.3.1
libgit2-devel-0.28.4-150200.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-24765.html
https://www.suse.com/security/cve/CVE-2022-29187.html
https://bugzilla.suse.com/1198234
https://bugzilla.suse.com/1201431
1
0
SUSE-SU-2022:3512-1: moderate: Security update for python
by opensuse-security@opensuse.org 04 Oct '22
by opensuse-security@opensuse.org 04 Oct '22
04 Oct '22
SUSE Security Update: Security update for python
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3512-1
Rating: moderate
References: #1202624
Cross-References: CVE-2021-28861
CVSS scores:
CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2021-28861 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Python2 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP
server when an URI path starts with // (bsc#1202624).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3512=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3512=1
- SUSE Linux Enterprise Module for Python2 15-SP3:
zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3512=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3512=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3512=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libpython2_7-1_0-2.7.18-150000.44.1
libpython2_7-1_0-debuginfo-2.7.18-150000.44.1
python-2.7.18-150000.44.1
python-base-2.7.18-150000.44.1
python-base-debuginfo-2.7.18-150000.44.1
python-base-debugsource-2.7.18-150000.44.1
python-curses-2.7.18-150000.44.1
python-curses-debuginfo-2.7.18-150000.44.1
python-debuginfo-2.7.18-150000.44.1
python-debugsource-2.7.18-150000.44.1
python-demo-2.7.18-150000.44.1
python-devel-2.7.18-150000.44.1
python-gdbm-2.7.18-150000.44.1
python-gdbm-debuginfo-2.7.18-150000.44.1
python-idle-2.7.18-150000.44.1
python-tk-2.7.18-150000.44.1
python-tk-debuginfo-2.7.18-150000.44.1
python-xml-2.7.18-150000.44.1
python-xml-debuginfo-2.7.18-150000.44.1
- openSUSE Leap 15.4 (noarch):
python-doc-2.7.18-150000.44.1
python-doc-pdf-2.7.18-150000.44.1
- openSUSE Leap 15.4 (x86_64):
libpython2_7-1_0-32bit-2.7.18-150000.44.1
libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.44.1
python-32bit-2.7.18-150000.44.1
python-32bit-debuginfo-2.7.18-150000.44.1
python-base-32bit-2.7.18-150000.44.1
python-base-32bit-debuginfo-2.7.18-150000.44.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libpython2_7-1_0-2.7.18-150000.44.1
libpython2_7-1_0-debuginfo-2.7.18-150000.44.1
python-2.7.18-150000.44.1
python-base-2.7.18-150000.44.1
python-base-debuginfo-2.7.18-150000.44.1
python-base-debugsource-2.7.18-150000.44.1
python-curses-2.7.18-150000.44.1
python-curses-debuginfo-2.7.18-150000.44.1
python-debuginfo-2.7.18-150000.44.1
python-debugsource-2.7.18-150000.44.1
python-demo-2.7.18-150000.44.1
python-devel-2.7.18-150000.44.1
python-gdbm-2.7.18-150000.44.1
python-gdbm-debuginfo-2.7.18-150000.44.1
python-idle-2.7.18-150000.44.1
python-tk-2.7.18-150000.44.1
python-tk-debuginfo-2.7.18-150000.44.1
python-xml-2.7.18-150000.44.1
python-xml-debuginfo-2.7.18-150000.44.1
- openSUSE Leap 15.3 (noarch):
python-doc-2.7.18-150000.44.1
python-doc-pdf-2.7.18-150000.44.1
- openSUSE Leap 15.3 (x86_64):
libpython2_7-1_0-32bit-2.7.18-150000.44.1
libpython2_7-1_0-32bit-debuginfo-2.7.18-150000.44.1
python-32bit-2.7.18-150000.44.1
python-32bit-debuginfo-2.7.18-150000.44.1
python-base-32bit-2.7.18-150000.44.1
python-base-32bit-debuginfo-2.7.18-150000.44.1
- SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64):
python-base-debuginfo-2.7.18-150000.44.1
python-base-debugsource-2.7.18-150000.44.1
python-curses-2.7.18-150000.44.1
python-curses-debuginfo-2.7.18-150000.44.1
python-debuginfo-2.7.18-150000.44.1
python-debugsource-2.7.18-150000.44.1
python-devel-2.7.18-150000.44.1
python-gdbm-2.7.18-150000.44.1
python-gdbm-debuginfo-2.7.18-150000.44.1
python-xml-2.7.18-150000.44.1
python-xml-debuginfo-2.7.18-150000.44.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
python-debuginfo-2.7.18-150000.44.1
python-debugsource-2.7.18-150000.44.1
python-tk-2.7.18-150000.44.1
python-tk-debuginfo-2.7.18-150000.44.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libpython2_7-1_0-2.7.18-150000.44.1
libpython2_7-1_0-debuginfo-2.7.18-150000.44.1
python-2.7.18-150000.44.1
python-base-2.7.18-150000.44.1
python-base-debuginfo-2.7.18-150000.44.1
python-base-debugsource-2.7.18-150000.44.1
python-debuginfo-2.7.18-150000.44.1
python-debugsource-2.7.18-150000.44.1
References:
https://www.suse.com/security/cve/CVE-2021-28861.html
https://bugzilla.suse.com/1202624
1
0
openSUSE-SU-2022:10138-1: important: Security update for chromium
by opensuse-security@opensuse.org 03 Oct '22
by opensuse-security@opensuse.org 03 Oct '22
03 Oct '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10138-1
Rating: important
References: #1203808
Cross-References: CVE-2022-3201 CVE-2022-3304 CVE-2022-3305
CVE-2022-3306 CVE-2022-3307 CVE-2022-3308
CVE-2022-3309 CVE-2022-3310 CVE-2022-3311
CVE-2022-3312 CVE-2022-3313 CVE-2022-3314
CVE-2022-3315 CVE-2022-3316 CVE-2022-3317
CVE-2022-3318 CVE-2022-3370 CVE-2022-3373
CVSS scores:
CVE-2022-3201 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 106.0.5249.91 (boo#1203808):
* CVE-2022-3370: Use after free in Custom Elements
* CVE-2022-3373: Out of bounds write in V8
includes changes from 106.0.5249.61:
* CVE-2022-3304: Use after free in CSS
* CVE-2022-3201: Insufficient validation of untrusted input in Developer
Tools
* CVE-2022-3305: Use after free in Survey
* CVE-2022-3306: Use after free in Survey
* CVE-2022-3307: Use after free in Media
* CVE-2022-3308: Insufficient policy enforcement in Developer Tools
* CVE-2022-3309: Use after free in Assistant
* CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
* CVE-2022-3311: Use after free in Import
* CVE-2022-3312: Insufficient validation of untrusted input in VPN
* CVE-2022-3313: Incorrect security UI in Full Screen
* CVE-2022-3314: Use after free in Logging
* CVE-2022-3315: Type confusion in Blink
* CVE-2022-3316: Insufficient validation of untrusted input in Safe
Browsing
* CVE-2022-3317: Insufficient validation of untrusted input in Intents
* CVE-2022-3318: Use after free in ChromeOS Notifications
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10138=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):
chromedriver-106.0.5249.91-bp154.2.32.1
chromium-106.0.5249.91-bp154.2.32.1
References:
https://www.suse.com/security/cve/CVE-2022-3201.html
https://www.suse.com/security/cve/CVE-2022-3304.html
https://www.suse.com/security/cve/CVE-2022-3305.html
https://www.suse.com/security/cve/CVE-2022-3306.html
https://www.suse.com/security/cve/CVE-2022-3307.html
https://www.suse.com/security/cve/CVE-2022-3308.html
https://www.suse.com/security/cve/CVE-2022-3309.html
https://www.suse.com/security/cve/CVE-2022-3310.html
https://www.suse.com/security/cve/CVE-2022-3311.html
https://www.suse.com/security/cve/CVE-2022-3312.html
https://www.suse.com/security/cve/CVE-2022-3313.html
https://www.suse.com/security/cve/CVE-2022-3314.html
https://www.suse.com/security/cve/CVE-2022-3315.html
https://www.suse.com/security/cve/CVE-2022-3316.html
https://www.suse.com/security/cve/CVE-2022-3317.html
https://www.suse.com/security/cve/CVE-2022-3318.html
https://www.suse.com/security/cve/CVE-2022-3370.html
https://www.suse.com/security/cve/CVE-2022-3373.html
https://bugzilla.suse.com/1203808
1
0
SUSE-SU-2022:3491-1: important: Security update for slurm_20_02
by opensuse-security@opensuse.org 03 Oct '22
by opensuse-security@opensuse.org 03 Oct '22
03 Oct '22
SUSE Security Update: Security update for slurm_20_02
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3491-1
Rating: important
References: #1186646 #1199278 #1199279 #1201674
Cross-References: CVE-2022-29500 CVE-2022-29501 CVE-2022-31251
CVSS scores:
CVE-2022-29500 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29500 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31251 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for slurm_20_02 fixes the following issues:
- CVE-2022-31251: Fixed security vulnerability in the test package
(bsc#1201674).
- CVE-2022-29500: Fixed architectural flaw that can be exploited to allow
an unprivileged user to execute arbitrary processes as root
(bsc#1199278).
- CVE-2022-29501: Fixed vulnerability where an unprivileged user can send
data to arbitrary unix socket as root (bsc#1199279).
Bugfixes:
- Fixed qstat error message (torque wrapper) (bsc#1186646).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3491=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3491=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3491=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3491=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libnss_slurm2_20_02-20.02.7-150100.3.24.1
libnss_slurm2_20_02-debuginfo-20.02.7-150100.3.24.1
libpmi0_20_02-20.02.7-150100.3.24.1
libpmi0_20_02-debuginfo-20.02.7-150100.3.24.1
perl-slurm_20_02-20.02.7-150100.3.24.1
perl-slurm_20_02-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-20.02.7-150100.3.24.1
slurm_20_02-auth-none-20.02.7-150100.3.24.1
slurm_20_02-auth-none-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-config-20.02.7-150100.3.24.1
slurm_20_02-config-man-20.02.7-150100.3.24.1
slurm_20_02-cray-20.02.7-150100.3.24.1
slurm_20_02-cray-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-debugsource-20.02.7-150100.3.24.1
slurm_20_02-devel-20.02.7-150100.3.24.1
slurm_20_02-doc-20.02.7-150100.3.24.1
slurm_20_02-hdf5-20.02.7-150100.3.24.1
slurm_20_02-hdf5-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-lua-20.02.7-150100.3.24.1
slurm_20_02-lua-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-munge-20.02.7-150100.3.24.1
slurm_20_02-munge-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-node-20.02.7-150100.3.24.1
slurm_20_02-node-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-openlava-20.02.7-150100.3.24.1
slurm_20_02-pam_slurm-20.02.7-150100.3.24.1
slurm_20_02-pam_slurm-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-plugins-20.02.7-150100.3.24.1
slurm_20_02-plugins-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-rest-20.02.7-150100.3.24.1
slurm_20_02-rest-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-seff-20.02.7-150100.3.24.1
slurm_20_02-sjstat-20.02.7-150100.3.24.1
slurm_20_02-slurmdbd-20.02.7-150100.3.24.1
slurm_20_02-slurmdbd-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-sql-20.02.7-150100.3.24.1
slurm_20_02-sql-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-sview-20.02.7-150100.3.24.1
slurm_20_02-sview-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-torque-20.02.7-150100.3.24.1
slurm_20_02-torque-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-webdoc-20.02.7-150100.3.24.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libnss_slurm2_20_02-20.02.7-150100.3.24.1
libnss_slurm2_20_02-debuginfo-20.02.7-150100.3.24.1
libpmi0_20_02-20.02.7-150100.3.24.1
libpmi0_20_02-debuginfo-20.02.7-150100.3.24.1
perl-slurm_20_02-20.02.7-150100.3.24.1
perl-slurm_20_02-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-20.02.7-150100.3.24.1
slurm_20_02-auth-none-20.02.7-150100.3.24.1
slurm_20_02-auth-none-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-config-20.02.7-150100.3.24.1
slurm_20_02-config-man-20.02.7-150100.3.24.1
slurm_20_02-cray-20.02.7-150100.3.24.1
slurm_20_02-cray-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-debugsource-20.02.7-150100.3.24.1
slurm_20_02-devel-20.02.7-150100.3.24.1
slurm_20_02-doc-20.02.7-150100.3.24.1
slurm_20_02-hdf5-20.02.7-150100.3.24.1
slurm_20_02-hdf5-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-lua-20.02.7-150100.3.24.1
slurm_20_02-lua-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-munge-20.02.7-150100.3.24.1
slurm_20_02-munge-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-node-20.02.7-150100.3.24.1
slurm_20_02-node-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-openlava-20.02.7-150100.3.24.1
slurm_20_02-pam_slurm-20.02.7-150100.3.24.1
slurm_20_02-pam_slurm-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-plugins-20.02.7-150100.3.24.1
slurm_20_02-plugins-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-rest-20.02.7-150100.3.24.1
slurm_20_02-rest-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-seff-20.02.7-150100.3.24.1
slurm_20_02-sjstat-20.02.7-150100.3.24.1
slurm_20_02-slurmdbd-20.02.7-150100.3.24.1
slurm_20_02-slurmdbd-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-sql-20.02.7-150100.3.24.1
slurm_20_02-sql-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-sview-20.02.7-150100.3.24.1
slurm_20_02-sview-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-torque-20.02.7-150100.3.24.1
slurm_20_02-torque-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-webdoc-20.02.7-150100.3.24.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libnss_slurm2_20_02-20.02.7-150100.3.24.1
libnss_slurm2_20_02-debuginfo-20.02.7-150100.3.24.1
libpmi0_20_02-20.02.7-150100.3.24.1
libpmi0_20_02-debuginfo-20.02.7-150100.3.24.1
libslurm35-20.02.7-150100.3.24.1
libslurm35-debuginfo-20.02.7-150100.3.24.1
perl-slurm_20_02-20.02.7-150100.3.24.1
perl-slurm_20_02-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-20.02.7-150100.3.24.1
slurm_20_02-auth-none-20.02.7-150100.3.24.1
slurm_20_02-auth-none-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-config-20.02.7-150100.3.24.1
slurm_20_02-config-man-20.02.7-150100.3.24.1
slurm_20_02-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-debugsource-20.02.7-150100.3.24.1
slurm_20_02-devel-20.02.7-150100.3.24.1
slurm_20_02-doc-20.02.7-150100.3.24.1
slurm_20_02-lua-20.02.7-150100.3.24.1
slurm_20_02-lua-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-munge-20.02.7-150100.3.24.1
slurm_20_02-munge-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-node-20.02.7-150100.3.24.1
slurm_20_02-node-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-pam_slurm-20.02.7-150100.3.24.1
slurm_20_02-pam_slurm-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-plugins-20.02.7-150100.3.24.1
slurm_20_02-plugins-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-slurmdbd-20.02.7-150100.3.24.1
slurm_20_02-slurmdbd-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-sql-20.02.7-150100.3.24.1
slurm_20_02-sql-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-sview-20.02.7-150100.3.24.1
slurm_20_02-sview-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-torque-20.02.7-150100.3.24.1
slurm_20_02-torque-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-webdoc-20.02.7-150100.3.24.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libnss_slurm2_20_02-20.02.7-150100.3.24.1
libnss_slurm2_20_02-debuginfo-20.02.7-150100.3.24.1
libpmi0_20_02-20.02.7-150100.3.24.1
libpmi0_20_02-debuginfo-20.02.7-150100.3.24.1
libslurm35-20.02.7-150100.3.24.1
libslurm35-debuginfo-20.02.7-150100.3.24.1
perl-slurm_20_02-20.02.7-150100.3.24.1
perl-slurm_20_02-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-20.02.7-150100.3.24.1
slurm_20_02-auth-none-20.02.7-150100.3.24.1
slurm_20_02-auth-none-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-config-20.02.7-150100.3.24.1
slurm_20_02-config-man-20.02.7-150100.3.24.1
slurm_20_02-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-debugsource-20.02.7-150100.3.24.1
slurm_20_02-devel-20.02.7-150100.3.24.1
slurm_20_02-doc-20.02.7-150100.3.24.1
slurm_20_02-lua-20.02.7-150100.3.24.1
slurm_20_02-lua-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-munge-20.02.7-150100.3.24.1
slurm_20_02-munge-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-node-20.02.7-150100.3.24.1
slurm_20_02-node-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-pam_slurm-20.02.7-150100.3.24.1
slurm_20_02-pam_slurm-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-plugins-20.02.7-150100.3.24.1
slurm_20_02-plugins-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-slurmdbd-20.02.7-150100.3.24.1
slurm_20_02-slurmdbd-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-sql-20.02.7-150100.3.24.1
slurm_20_02-sql-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-sview-20.02.7-150100.3.24.1
slurm_20_02-sview-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-torque-20.02.7-150100.3.24.1
slurm_20_02-torque-debuginfo-20.02.7-150100.3.24.1
slurm_20_02-webdoc-20.02.7-150100.3.24.1
References:
https://www.suse.com/security/cve/CVE-2022-29500.html
https://www.suse.com/security/cve/CVE-2022-29501.html
https://www.suse.com/security/cve/CVE-2022-31251.html
https://bugzilla.suse.com/1186646
https://bugzilla.suse.com/1199278
https://bugzilla.suse.com/1199279
https://bugzilla.suse.com/1201674
1
0
openSUSE-SU-2022:10139-1: important: Security update for chromium
by opensuse-security@opensuse.org 03 Oct '22
by opensuse-security@opensuse.org 03 Oct '22
03 Oct '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10139-1
Rating: important
References: #1203808
Cross-References: CVE-2022-3201 CVE-2022-3304 CVE-2022-3305
CVE-2022-3306 CVE-2022-3307 CVE-2022-3308
CVE-2022-3309 CVE-2022-3310 CVE-2022-3311
CVE-2022-3312 CVE-2022-3313 CVE-2022-3314
CVE-2022-3315 CVE-2022-3316 CVE-2022-3317
CVE-2022-3318 CVE-2022-3370 CVE-2022-3373
CVSS scores:
CVE-2022-3201 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 106.0.5249.91 (boo#1203808):
* CVE-2022-3370: Use after free in Custom Elements
* CVE-2022-3373: Out of bounds write in V8
Uncludes changes from 106.0.5249.61:
* CVE-2022-3304: Use after free in CSS
* CVE-2022-3201: Insufficient validation of untrusted input in Developer
Tools
* CVE-2022-3305: Use after free in Survey
* CVE-2022-3306: Use after free in Survey
* CVE-2022-3307: Use after free in Media
* CVE-2022-3308: Insufficient policy enforcement in Developer Tools
* CVE-2022-3309: Use after free in Assistant
* CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
* CVE-2022-3311: Use after free in Import
* CVE-2022-3312: Insufficient validation of untrusted input in VPN
* CVE-2022-3313: Incorrect security UI in Full Screen
* CVE-2022-3314: Use after free in Logging
* CVE-2022-3315: Type confusion in Blink
* CVE-2022-3316: Insufficient validation of untrusted input in Safe
Browsing
* CVE-2022-3317: Insufficient validation of untrusted input in Intents
* CVE-2022-3318: Use after free in ChromeOS Notifications
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10139=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-106.0.5249.91-bp153.2.125.1
chromium-106.0.5249.91-bp153.2.125.1
References:
https://www.suse.com/security/cve/CVE-2022-3201.html
https://www.suse.com/security/cve/CVE-2022-3304.html
https://www.suse.com/security/cve/CVE-2022-3305.html
https://www.suse.com/security/cve/CVE-2022-3306.html
https://www.suse.com/security/cve/CVE-2022-3307.html
https://www.suse.com/security/cve/CVE-2022-3308.html
https://www.suse.com/security/cve/CVE-2022-3309.html
https://www.suse.com/security/cve/CVE-2022-3310.html
https://www.suse.com/security/cve/CVE-2022-3311.html
https://www.suse.com/security/cve/CVE-2022-3312.html
https://www.suse.com/security/cve/CVE-2022-3313.html
https://www.suse.com/security/cve/CVE-2022-3314.html
https://www.suse.com/security/cve/CVE-2022-3315.html
https://www.suse.com/security/cve/CVE-2022-3316.html
https://www.suse.com/security/cve/CVE-2022-3317.html
https://www.suse.com/security/cve/CVE-2022-3318.html
https://www.suse.com/security/cve/CVE-2022-3370.html
https://www.suse.com/security/cve/CVE-2022-3373.html
https://bugzilla.suse.com/1203808
1
0
openSUSE-SU-2022:10140-1: moderate: Security update for lighttpd
by opensuse-security@opensuse.org 03 Oct '22
by opensuse-security@opensuse.org 03 Oct '22
03 Oct '22
openSUSE Security Update: Security update for lighttpd
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10140-1
Rating: moderate
References: #1203872
Cross-References: CVE-2022-41556
CVSS scores:
CVE-2022-41556 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for lighttpd fixes the following issues:
lighttpd was updated to 1.4.67:
* Update comment about TCP_INFO on OpenBSD
* [mod_ajp13] fix crash with bad response headers (fixes #3170)
* [core] handle RDHUP when collecting chunked body CVE-2022-41556
(boo#1203872)
* [core] tweak streaming request body to backends
* [core] handle ENOSPC with pwritev() (#3171)
* [core] manually calculate off_t max (fixes #3171)
* [autoconf] force large file support (#3171)
* [multiple] quiet coverity warnings using casts
* [meson] add license keyword to project declaration
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10140=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10140=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
lighttpd-1.4.67-bp154.2.6.1
lighttpd-debuginfo-1.4.67-bp154.2.6.1
lighttpd-debugsource-1.4.67-bp154.2.6.1
lighttpd-mod_authn_gssapi-1.4.67-bp154.2.6.1
lighttpd-mod_authn_gssapi-debuginfo-1.4.67-bp154.2.6.1
lighttpd-mod_authn_ldap-1.4.67-bp154.2.6.1
lighttpd-mod_authn_ldap-debuginfo-1.4.67-bp154.2.6.1
lighttpd-mod_authn_pam-1.4.67-bp154.2.6.1
lighttpd-mod_authn_pam-debuginfo-1.4.67-bp154.2.6.1
lighttpd-mod_authn_sasl-1.4.67-bp154.2.6.1
lighttpd-mod_authn_sasl-debuginfo-1.4.67-bp154.2.6.1
lighttpd-mod_magnet-1.4.67-bp154.2.6.1
lighttpd-mod_magnet-debuginfo-1.4.67-bp154.2.6.1
lighttpd-mod_maxminddb-1.4.67-bp154.2.6.1
lighttpd-mod_maxminddb-debuginfo-1.4.67-bp154.2.6.1
lighttpd-mod_rrdtool-1.4.67-bp154.2.6.1
lighttpd-mod_rrdtool-debuginfo-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_dbi-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_dbi-debuginfo-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_ldap-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_ldap-debuginfo-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_mysql-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_mysql-debuginfo-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_pgsql-1.4.67-bp154.2.6.1
lighttpd-mod_vhostdb_pgsql-debuginfo-1.4.67-bp154.2.6.1
lighttpd-mod_webdav-1.4.67-bp154.2.6.1
lighttpd-mod_webdav-debuginfo-1.4.67-bp154.2.6.1
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
lighttpd-1.4.67-bp153.2.12.1
lighttpd-mod_authn_gssapi-1.4.67-bp153.2.12.1
lighttpd-mod_authn_ldap-1.4.67-bp153.2.12.1
lighttpd-mod_authn_pam-1.4.67-bp153.2.12.1
lighttpd-mod_authn_sasl-1.4.67-bp153.2.12.1
lighttpd-mod_magnet-1.4.67-bp153.2.12.1
lighttpd-mod_maxminddb-1.4.67-bp153.2.12.1
lighttpd-mod_rrdtool-1.4.67-bp153.2.12.1
lighttpd-mod_vhostdb_dbi-1.4.67-bp153.2.12.1
lighttpd-mod_vhostdb_ldap-1.4.67-bp153.2.12.1
lighttpd-mod_vhostdb_mysql-1.4.67-bp153.2.12.1
lighttpd-mod_vhostdb_pgsql-1.4.67-bp153.2.12.1
lighttpd-mod_webdav-1.4.67-bp153.2.12.1
References:
https://www.suse.com/security/cve/CVE-2022-41556.html
https://bugzilla.suse.com/1203872
1
0
SUSE-SU-2022:3490-1: important: Security update for slurm
by opensuse-security@opensuse.org 03 Oct '22
by opensuse-security@opensuse.org 03 Oct '22
03 Oct '22
SUSE Security Update: Security update for slurm
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3490-1
Rating: important
References: #1199278 #1199279 #1201674
Cross-References: CVE-2022-29500 CVE-2022-29501 CVE-2022-31251
CVSS scores:
CVE-2022-29500 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29500 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31251 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for slurm fixes the following issues:
- CVE-2022-31251: Fixed a potential security vulnerability in the test
package (bsc#1201674).
- CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an
unprivileged user to execute arbitrary processes as root (bsc#1199278).
- CVE-2022-29501: Fixed a vulnerability where an unprivileged user can
send data to arbitrary unix socket as root (bsc#1199279).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3490=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3490=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3490=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3490=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libslurm35-20.02.7-150200.3.14.2
libslurm35-debuginfo-20.02.7-150200.3.14.2
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libslurm35-20.02.7-150200.3.14.2
libslurm35-debuginfo-20.02.7-150200.3.14.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libnss_slurm2-20.02.7-150200.3.14.2
libnss_slurm2-debuginfo-20.02.7-150200.3.14.2
libpmi0-20.02.7-150200.3.14.2
libpmi0-debuginfo-20.02.7-150200.3.14.2
libslurm35-20.02.7-150200.3.14.2
libslurm35-debuginfo-20.02.7-150200.3.14.2
perl-slurm-20.02.7-150200.3.14.2
perl-slurm-debuginfo-20.02.7-150200.3.14.2
slurm-20.02.7-150200.3.14.2
slurm-auth-none-20.02.7-150200.3.14.2
slurm-auth-none-debuginfo-20.02.7-150200.3.14.2
slurm-config-20.02.7-150200.3.14.2
slurm-config-man-20.02.7-150200.3.14.2
slurm-debuginfo-20.02.7-150200.3.14.2
slurm-debugsource-20.02.7-150200.3.14.2
slurm-devel-20.02.7-150200.3.14.2
slurm-doc-20.02.7-150200.3.14.2
slurm-lua-20.02.7-150200.3.14.2
slurm-lua-debuginfo-20.02.7-150200.3.14.2
slurm-munge-20.02.7-150200.3.14.2
slurm-munge-debuginfo-20.02.7-150200.3.14.2
slurm-node-20.02.7-150200.3.14.2
slurm-node-debuginfo-20.02.7-150200.3.14.2
slurm-pam_slurm-20.02.7-150200.3.14.2
slurm-pam_slurm-debuginfo-20.02.7-150200.3.14.2
slurm-plugins-20.02.7-150200.3.14.2
slurm-plugins-debuginfo-20.02.7-150200.3.14.2
slurm-slurmdbd-20.02.7-150200.3.14.2
slurm-slurmdbd-debuginfo-20.02.7-150200.3.14.2
slurm-sql-20.02.7-150200.3.14.2
slurm-sql-debuginfo-20.02.7-150200.3.14.2
slurm-sview-20.02.7-150200.3.14.2
slurm-sview-debuginfo-20.02.7-150200.3.14.2
slurm-torque-20.02.7-150200.3.14.2
slurm-torque-debuginfo-20.02.7-150200.3.14.2
slurm-webdoc-20.02.7-150200.3.14.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libnss_slurm2-20.02.7-150200.3.14.2
libnss_slurm2-debuginfo-20.02.7-150200.3.14.2
libpmi0-20.02.7-150200.3.14.2
libpmi0-debuginfo-20.02.7-150200.3.14.2
libslurm35-20.02.7-150200.3.14.2
libslurm35-debuginfo-20.02.7-150200.3.14.2
perl-slurm-20.02.7-150200.3.14.2
perl-slurm-debuginfo-20.02.7-150200.3.14.2
slurm-20.02.7-150200.3.14.2
slurm-auth-none-20.02.7-150200.3.14.2
slurm-auth-none-debuginfo-20.02.7-150200.3.14.2
slurm-config-20.02.7-150200.3.14.2
slurm-config-man-20.02.7-150200.3.14.2
slurm-debuginfo-20.02.7-150200.3.14.2
slurm-debugsource-20.02.7-150200.3.14.2
slurm-devel-20.02.7-150200.3.14.2
slurm-doc-20.02.7-150200.3.14.2
slurm-lua-20.02.7-150200.3.14.2
slurm-lua-debuginfo-20.02.7-150200.3.14.2
slurm-munge-20.02.7-150200.3.14.2
slurm-munge-debuginfo-20.02.7-150200.3.14.2
slurm-node-20.02.7-150200.3.14.2
slurm-node-debuginfo-20.02.7-150200.3.14.2
slurm-pam_slurm-20.02.7-150200.3.14.2
slurm-pam_slurm-debuginfo-20.02.7-150200.3.14.2
slurm-plugins-20.02.7-150200.3.14.2
slurm-plugins-debuginfo-20.02.7-150200.3.14.2
slurm-slurmdbd-20.02.7-150200.3.14.2
slurm-slurmdbd-debuginfo-20.02.7-150200.3.14.2
slurm-sql-20.02.7-150200.3.14.2
slurm-sql-debuginfo-20.02.7-150200.3.14.2
slurm-sview-20.02.7-150200.3.14.2
slurm-sview-debuginfo-20.02.7-150200.3.14.2
slurm-torque-20.02.7-150200.3.14.2
slurm-torque-debuginfo-20.02.7-150200.3.14.2
slurm-webdoc-20.02.7-150200.3.14.2
References:
https://www.suse.com/security/cve/CVE-2022-29500.html
https://www.suse.com/security/cve/CVE-2022-29501.html
https://www.suse.com/security/cve/CVE-2022-31251.html
https://bugzilla.suse.com/1199278
https://bugzilla.suse.com/1199279
https://bugzilla.suse.com/1201674
1
0
SUSE-SU-2022:3488-1: important: Security update for webkit2gtk3
by opensuse-security@opensuse.org 01 Oct '22
by opensuse-security@opensuse.org 01 Oct '22
01 Oct '22
SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3488-1
Rating: important
References: #1203530
Cross-References: CVE-2022-32886 CVE-2022-32912
CVSS scores:
CVE-2022-32886 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32886 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32912 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32912 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
Updated to version 2.36.8 (bsc#1203530):
- CVE-2022-32886: Fixed a buffer overflow issue that could potentially
lead to code execution.
- CVE-2022-32912: Fixed an out-of-bounds read that could potentially
lead to code execution.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3488=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3488=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3488=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3488=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150400.4.15.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150400.4.15.1
libjavascriptcoregtk-4_1-0-2.36.8-150400.4.15.1
libjavascriptcoregtk-4_1-0-debuginfo-2.36.8-150400.4.15.1
libjavascriptcoregtk-5_0-0-2.36.8-150400.4.15.1
libjavascriptcoregtk-5_0-0-debuginfo-2.36.8-150400.4.15.1
libwebkit2gtk-4_0-37-2.36.8-150400.4.15.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150400.4.15.1
libwebkit2gtk-4_1-0-2.36.8-150400.4.15.1
libwebkit2gtk-4_1-0-debuginfo-2.36.8-150400.4.15.1
libwebkit2gtk-5_0-0-2.36.8-150400.4.15.1
libwebkit2gtk-5_0-0-debuginfo-2.36.8-150400.4.15.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150400.4.15.1
typelib-1_0-JavaScriptCore-4_1-2.36.8-150400.4.15.1
typelib-1_0-JavaScriptCore-5_0-2.36.8-150400.4.15.1
typelib-1_0-WebKit2-4_0-2.36.8-150400.4.15.1
typelib-1_0-WebKit2-4_1-2.36.8-150400.4.15.1
typelib-1_0-WebKit2-5_0-2.36.8-150400.4.15.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150400.4.15.1
typelib-1_0-WebKit2WebExtension-4_1-2.36.8-150400.4.15.1
typelib-1_0-WebKit2WebExtension-5_0-2.36.8-150400.4.15.1
webkit-jsc-4-2.36.8-150400.4.15.1
webkit-jsc-4-debuginfo-2.36.8-150400.4.15.1
webkit-jsc-4.1-2.36.8-150400.4.15.1
webkit-jsc-4.1-debuginfo-2.36.8-150400.4.15.1
webkit-jsc-5.0-2.36.8-150400.4.15.1
webkit-jsc-5.0-debuginfo-2.36.8-150400.4.15.1
webkit2gtk-4_0-injected-bundles-2.36.8-150400.4.15.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150400.4.15.1
webkit2gtk-4_1-injected-bundles-2.36.8-150400.4.15.1
webkit2gtk-4_1-injected-bundles-debuginfo-2.36.8-150400.4.15.1
webkit2gtk-5_0-injected-bundles-2.36.8-150400.4.15.1
webkit2gtk-5_0-injected-bundles-debuginfo-2.36.8-150400.4.15.1
webkit2gtk3-debugsource-2.36.8-150400.4.15.1
webkit2gtk3-devel-2.36.8-150400.4.15.1
webkit2gtk3-minibrowser-2.36.8-150400.4.15.1
webkit2gtk3-minibrowser-debuginfo-2.36.8-150400.4.15.1
webkit2gtk3-soup2-debugsource-2.36.8-150400.4.15.1
webkit2gtk3-soup2-devel-2.36.8-150400.4.15.1
webkit2gtk3-soup2-minibrowser-2.36.8-150400.4.15.1
webkit2gtk3-soup2-minibrowser-debuginfo-2.36.8-150400.4.15.1
webkit2gtk4-debugsource-2.36.8-150400.4.15.1
webkit2gtk4-devel-2.36.8-150400.4.15.1
webkit2gtk4-minibrowser-2.36.8-150400.4.15.1
webkit2gtk4-minibrowser-debuginfo-2.36.8-150400.4.15.1
- openSUSE Leap 15.4 (noarch):
WebKit2GTK-4.0-lang-2.36.8-150400.4.15.1
WebKit2GTK-4.1-lang-2.36.8-150400.4.15.1
WebKit2GTK-5.0-lang-2.36.8-150400.4.15.1
- openSUSE Leap 15.4 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.36.8-150400.4.15.1
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.8-150400.4.15.1
libjavascriptcoregtk-4_1-0-32bit-2.36.8-150400.4.15.1
libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.36.8-150400.4.15.1
libwebkit2gtk-4_0-37-32bit-2.36.8-150400.4.15.1
libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.8-150400.4.15.1
libwebkit2gtk-4_1-0-32bit-2.36.8-150400.4.15.1
libwebkit2gtk-4_1-0-32bit-debuginfo-2.36.8-150400.4.15.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-5_0-0-2.36.8-150400.4.15.1
libjavascriptcoregtk-5_0-0-debuginfo-2.36.8-150400.4.15.1
libwebkit2gtk-5_0-0-2.36.8-150400.4.15.1
libwebkit2gtk-5_0-0-debuginfo-2.36.8-150400.4.15.1
typelib-1_0-JavaScriptCore-5_0-2.36.8-150400.4.15.1
typelib-1_0-WebKit2-5_0-2.36.8-150400.4.15.1
webkit2gtk-5_0-injected-bundles-2.36.8-150400.4.15.1
webkit2gtk-5_0-injected-bundles-debuginfo-2.36.8-150400.4.15.1
webkit2gtk4-debugsource-2.36.8-150400.4.15.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_1-0-2.36.8-150400.4.15.1
libjavascriptcoregtk-4_1-0-debuginfo-2.36.8-150400.4.15.1
libwebkit2gtk-4_1-0-2.36.8-150400.4.15.1
libwebkit2gtk-4_1-0-debuginfo-2.36.8-150400.4.15.1
typelib-1_0-JavaScriptCore-4_1-2.36.8-150400.4.15.1
typelib-1_0-WebKit2-4_1-2.36.8-150400.4.15.1
typelib-1_0-WebKit2WebExtension-4_1-2.36.8-150400.4.15.1
webkit2gtk-4_1-injected-bundles-2.36.8-150400.4.15.1
webkit2gtk-4_1-injected-bundles-debuginfo-2.36.8-150400.4.15.1
webkit2gtk3-debugsource-2.36.8-150400.4.15.1
webkit2gtk3-devel-2.36.8-150400.4.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.8-150400.4.15.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.8-150400.4.15.1
libwebkit2gtk-4_0-37-2.36.8-150400.4.15.1
libwebkit2gtk-4_0-37-debuginfo-2.36.8-150400.4.15.1
typelib-1_0-JavaScriptCore-4_0-2.36.8-150400.4.15.1
typelib-1_0-WebKit2-4_0-2.36.8-150400.4.15.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.8-150400.4.15.1
webkit2gtk-4_0-injected-bundles-2.36.8-150400.4.15.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.8-150400.4.15.1
webkit2gtk3-soup2-debugsource-2.36.8-150400.4.15.1
webkit2gtk3-soup2-devel-2.36.8-150400.4.15.1
References:
https://www.suse.com/security/cve/CVE-2022-32886.html
https://www.suse.com/security/cve/CVE-2022-32912.html
https://bugzilla.suse.com/1203530
1
0
SUSE-SU-2022:3489-1: important: Security update for expat
by opensuse-security@opensuse.org 01 Oct '22
by opensuse-security@opensuse.org 01 Oct '22
01 Oct '22
SUSE Security Update: Security update for expat
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3489-1
Rating: important
References: #1203438
Cross-References: CVE-2022-40674
CVSS scores:
CVE-2022-40674 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-40674 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in
xmlparse.c (bsc#1203438).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3489=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3489=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3489=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
expat-2.4.4-150400.3.9.1
expat-debuginfo-2.4.4-150400.3.9.1
expat-debugsource-2.4.4-150400.3.9.1
libexpat-devel-2.4.4-150400.3.9.1
libexpat1-2.4.4-150400.3.9.1
libexpat1-debuginfo-2.4.4-150400.3.9.1
- openSUSE Leap 15.4 (x86_64):
expat-32bit-debuginfo-2.4.4-150400.3.9.1
libexpat-devel-32bit-2.4.4-150400.3.9.1
libexpat1-32bit-2.4.4-150400.3.9.1
libexpat1-32bit-debuginfo-2.4.4-150400.3.9.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
expat-2.4.4-150400.3.9.1
expat-debuginfo-2.4.4-150400.3.9.1
expat-debugsource-2.4.4-150400.3.9.1
libexpat-devel-2.4.4-150400.3.9.1
libexpat1-2.4.4-150400.3.9.1
libexpat1-debuginfo-2.4.4-150400.3.9.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
expat-32bit-debuginfo-2.4.4-150400.3.9.1
libexpat1-32bit-2.4.4-150400.3.9.1
libexpat1-32bit-debuginfo-2.4.4-150400.3.9.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
expat-debuginfo-2.4.4-150400.3.9.1
expat-debugsource-2.4.4-150400.3.9.1
libexpat1-2.4.4-150400.3.9.1
libexpat1-debuginfo-2.4.4-150400.3.9.1
References:
https://www.suse.com/security/cve/CVE-2022-40674.html
https://bugzilla.suse.com/1203438
1
0
SUSE-SU-2022:3486-1: important: Security update for cosign
by opensuse-security@opensuse.org 01 Oct '22
by opensuse-security@opensuse.org 01 Oct '22
01 Oct '22
SUSE Security Update: Security update for cosign
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3486-1
Rating: important
References: #1203430 SLE-23879
Cross-References: CVE-2022-36056
CVSS scores:
CVE-2022-36056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability, contains one
feature is now available.
Description:
This update for cosign fixes the following issues:
Updated to version 1.12.0 (jsc#SLE-23879):
- CVE-2022-36056: Fixed verify-blob could successfully verify an artifact
when verification should have failed (bsc#1203430).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3486=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3486=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
cosign-1.12.0-150400.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
cosign-1.12.0-150400.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-36056.html
https://bugzilla.suse.com/1203430
1
0
SUSE-SU-2022:3487-1: moderate: Security update for ImageMagick
by opensuse-security@opensuse.org 01 Oct '22
by opensuse-security@opensuse.org 01 Oct '22
01 Oct '22
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3487-1
Rating: moderate
References: #1203450
Cross-References: CVE-2022-3213
CVSS scores:
CVE-2022-3213 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3213 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for ImageMagick fixes the following issues:
- CVE-2022-3213: Fixed heap buffer overflow when processing a malformed
TIFF file (bsc#1203450).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3487=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3487=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3487=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.1.0.9-150400.6.9.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.9.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.9.1
ImageMagick-debuginfo-7.1.0.9-150400.6.9.1
ImageMagick-debugsource-7.1.0.9-150400.6.9.1
ImageMagick-devel-7.1.0.9-150400.6.9.1
ImageMagick-extra-7.1.0.9-150400.6.9.1
ImageMagick-extra-debuginfo-7.1.0.9-150400.6.9.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.9.1
libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.9.1
libMagick++-devel-7.1.0.9-150400.6.9.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.9.1
libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.9.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.9.1
libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.9.1
perl-PerlMagick-7.1.0.9-150400.6.9.1
perl-PerlMagick-debuginfo-7.1.0.9-150400.6.9.1
- openSUSE Leap 15.4 (x86_64):
ImageMagick-devel-32bit-7.1.0.9-150400.6.9.1
libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.9.1
libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.9.1
libMagick++-devel-32bit-7.1.0.9-150400.6.9.1
libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.9.1
libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.9.1
libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.9.1
libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.9.1
- openSUSE Leap 15.4 (noarch):
ImageMagick-doc-7.1.0.9-150400.6.9.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
ImageMagick-debuginfo-7.1.0.9-150400.6.9.1
ImageMagick-debugsource-7.1.0.9-150400.6.9.1
perl-PerlMagick-7.1.0.9-150400.6.9.1
perl-PerlMagick-debuginfo-7.1.0.9-150400.6.9.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.1.0.9-150400.6.9.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.9.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.9.1
ImageMagick-debuginfo-7.1.0.9-150400.6.9.1
ImageMagick-debugsource-7.1.0.9-150400.6.9.1
ImageMagick-devel-7.1.0.9-150400.6.9.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.9.1
libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.9.1
libMagick++-devel-7.1.0.9-150400.6.9.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.9.1
libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.9.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.9.1
libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.9.1
References:
https://www.suse.com/security/cve/CVE-2022-3213.html
https://bugzilla.suse.com/1203450
1
0
SUSE-SU-2022:3485-1: important: Security update for python39
by opensuse-security@opensuse.org 01 Oct '22
by opensuse-security@opensuse.org 01 Oct '22
01 Oct '22
SUSE Security Update: Security update for python39
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3485-1
Rating: important
References: #1202624 #1203125
Cross-References: CVE-2020-10735 CVE-2021-28861
CVSS scores:
CVE-2020-10735 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-10735 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2021-28861 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for python39 fixes the following issues:
python39 was updated to version 3.9.14:
- CVE-2020-10735: Fixed DoS due to int() type in PyLong_FromString() not
limiting amount of digits when converting text to int (bsc#1203125).
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP
server when an URI path starts with // (bsc#1202624).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3485=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3485=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3485=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3485=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libpython3_9-1_0-3.9.14-150300.4.16.1
libpython3_9-1_0-debuginfo-3.9.14-150300.4.16.1
python39-3.9.14-150300.4.16.1
python39-base-3.9.14-150300.4.16.1
python39-base-debuginfo-3.9.14-150300.4.16.1
python39-core-debugsource-3.9.14-150300.4.16.1
python39-curses-3.9.14-150300.4.16.1
python39-curses-debuginfo-3.9.14-150300.4.16.1
python39-dbm-3.9.14-150300.4.16.1
python39-dbm-debuginfo-3.9.14-150300.4.16.1
python39-debuginfo-3.9.14-150300.4.16.1
python39-debugsource-3.9.14-150300.4.16.1
python39-devel-3.9.14-150300.4.16.1
python39-doc-3.9.14-150300.4.16.1
python39-doc-devhelp-3.9.14-150300.4.16.1
python39-idle-3.9.14-150300.4.16.1
python39-testsuite-3.9.14-150300.4.16.1
python39-testsuite-debuginfo-3.9.14-150300.4.16.1
python39-tk-3.9.14-150300.4.16.1
python39-tk-debuginfo-3.9.14-150300.4.16.1
python39-tools-3.9.14-150300.4.16.1
- openSUSE Leap 15.4 (x86_64):
libpython3_9-1_0-32bit-3.9.14-150300.4.16.1
libpython3_9-1_0-32bit-debuginfo-3.9.14-150300.4.16.1
python39-32bit-3.9.14-150300.4.16.1
python39-32bit-debuginfo-3.9.14-150300.4.16.1
python39-base-32bit-3.9.14-150300.4.16.1
python39-base-32bit-debuginfo-3.9.14-150300.4.16.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libpython3_9-1_0-3.9.14-150300.4.16.1
libpython3_9-1_0-debuginfo-3.9.14-150300.4.16.1
python39-3.9.14-150300.4.16.1
python39-base-3.9.14-150300.4.16.1
python39-base-debuginfo-3.9.14-150300.4.16.1
python39-core-debugsource-3.9.14-150300.4.16.1
python39-curses-3.9.14-150300.4.16.1
python39-curses-debuginfo-3.9.14-150300.4.16.1
python39-dbm-3.9.14-150300.4.16.1
python39-dbm-debuginfo-3.9.14-150300.4.16.1
python39-debuginfo-3.9.14-150300.4.16.1
python39-debugsource-3.9.14-150300.4.16.1
python39-devel-3.9.14-150300.4.16.1
python39-doc-3.9.14-150300.4.16.1
python39-doc-devhelp-3.9.14-150300.4.16.1
python39-idle-3.9.14-150300.4.16.1
python39-testsuite-3.9.14-150300.4.16.1
python39-testsuite-debuginfo-3.9.14-150300.4.16.1
python39-tk-3.9.14-150300.4.16.1
python39-tk-debuginfo-3.9.14-150300.4.16.1
python39-tools-3.9.14-150300.4.16.1
- openSUSE Leap 15.3 (x86_64):
libpython3_9-1_0-32bit-3.9.14-150300.4.16.1
libpython3_9-1_0-32bit-debuginfo-3.9.14-150300.4.16.1
python39-32bit-3.9.14-150300.4.16.1
python39-32bit-debuginfo-3.9.14-150300.4.16.1
python39-base-32bit-3.9.14-150300.4.16.1
python39-base-32bit-debuginfo-3.9.14-150300.4.16.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
python39-core-debugsource-3.9.14-150300.4.16.1
python39-tools-3.9.14-150300.4.16.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libpython3_9-1_0-3.9.14-150300.4.16.1
libpython3_9-1_0-debuginfo-3.9.14-150300.4.16.1
python39-3.9.14-150300.4.16.1
python39-base-3.9.14-150300.4.16.1
python39-base-debuginfo-3.9.14-150300.4.16.1
python39-core-debugsource-3.9.14-150300.4.16.1
python39-curses-3.9.14-150300.4.16.1
python39-curses-debuginfo-3.9.14-150300.4.16.1
python39-dbm-3.9.14-150300.4.16.1
python39-dbm-debuginfo-3.9.14-150300.4.16.1
python39-debuginfo-3.9.14-150300.4.16.1
python39-debugsource-3.9.14-150300.4.16.1
python39-devel-3.9.14-150300.4.16.1
python39-idle-3.9.14-150300.4.16.1
python39-tk-3.9.14-150300.4.16.1
python39-tk-debuginfo-3.9.14-150300.4.16.1
References:
https://www.suse.com/security/cve/CVE-2020-10735.html
https://www.suse.com/security/cve/CVE-2021-28861.html
https://bugzilla.suse.com/1202624
https://bugzilla.suse.com/1203125
1
0