openSUSE Security Announce
Threads by month
- ----- 2024 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
October 2022
- 1 participants
- 107 discussions
SUSE-SU-2022:3783-1: important: Security update for telnet
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for telnet
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3783-1
Rating: important
References: #1203759
Cross-References: CVE-2022-39028
CVSS scores:
CVE-2022-39028 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39028 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP4
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for telnet fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in telnetd
(bsc#1203759).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3783=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3783=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3783=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3783=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3783=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3783=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3783=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3783=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3783=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3783=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3783=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3783=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3783=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3783=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3783=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3783=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3783=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3783=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3783=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3783=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Manager Proxy 4.1 (x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64):
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
- SUSE CaaS Platform 4.0 (x86_64):
telnet-1.2-150000.3.6.1
telnet-debuginfo-1.2-150000.3.6.1
telnet-debugsource-1.2-150000.3.6.1
telnet-server-1.2-150000.3.6.1
telnet-server-debuginfo-1.2-150000.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-39028.html
https://bugzilla.suse.com/1203759
1
0
SUSE-SU-2022:3775-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3775-1
Rating: important
References: #1177471 #1185032 #1194023 #1196444 #1197659
#1199564 #1200313 #1200622 #1201309 #1201310
#1201489 #1201645 #1201865 #1201990 #1202095
#1202341 #1202385 #1202677 #1202960 #1202984
#1203159 #1203290 #1203313 #1203389 #1203410
#1203424 #1203514 #1203552 #1203622 #1203737
#1203769 #1203770 #1203906 #1203909 #1203935
#1203939 #1203987 #1203992 #1204051 #1204059
#1204060 #1204125 #1204289 #1204290 #1204291
#1204292 PED-529
Cross-References: CVE-2020-16119 CVE-2022-20008 CVE-2022-2503
CVE-2022-2586 CVE-2022-3169 CVE-2022-3239
CVE-2022-3303 CVE-2022-40768 CVE-2022-41218
CVE-2022-41222 CVE-2022-41674 CVE-2022-41848
CVE-2022-41849 CVE-2022-42719 CVE-2022-42720
CVE-2022-42721 CVE-2022-42722
CVSS scores:
CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves 17 vulnerabilities, contains one
feature and has 29 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed
local users to obtain sensitive information from kernel memory.
(bnc#1203514)
- CVE-2022-3169: Fixed a denial of service flaw which occurs when
consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET
are sent. (bnc#1203290)
- CVE-2022-42722: Fixed crash in beacon protection for P2P-device.
(bsc#1204125)
- CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)
- CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)
- CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to
improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in
drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that
could lead a local user to able to crash the system or escalate their
privileges (bnc#1203552).
- CVE-2022-41848: Fixed a race condition and resultant use-after-free if a
physically proximate attacker removes a PCMCIA device while calling
ioctl (bnc#1203987).
- CVE-2022-41849: Fixed a race condition and resultant use-after-free if a
physically proximate attacker removes a USB device while calling open
(bnc#1203992).
- CVE-2022-41674: Fixed a DoS issue where kernel can crash on the
reception of specific WiFi Frames (bsc#1203770).
- CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft
table is deleted (bnc#1202095).
- CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap
lock is not held during a PUD move (bnc#1203622).
- CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads
allowed users with root privileges to switch out the target with an
equivalent dm-linear target and bypass verification till reboot. This
allowed root to bypass LoadPin and can be used to load untrusted and
unverified kernel modules and firmware, which implies arbitrary kernel
execution and persistence for peripherals that do not verify firmware
updates (bnc#1202677).
- CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due
to uninitialized data. This could lead to local information disclosure
if reading from an SD card that triggers errors, with no additional
execution privileges needed. (bnc#1199564)
- CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a
local attacker due to reuse of a DCCP socket. (bnc#1177471)
The following non-security bugs were fixed:
- ALSA: aloop: Fix random zeros in capture data when using jiffies timer
(git-fixes).
- ALSA: emu10k1: Fix out of bounds access in
snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in
__snd_usb_parse_audio_interface() (git-fixes).
- ALSA: usb-audio: fix spelling mistakes (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly
(git-fixes).
- ALSA: usb-audio: Register card again for iface over delayed_register
option (git-fixes).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
(git-fixes).
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
(git-fixes)
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to
(bsc#1202341)
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id
(git-fixes)
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma
(git-fixes)
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- arm64: kexec_file: use more system keyrings to verify kernel image
signature (bsc#1196444).
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- arm64: mm: fix p?d_leaf() (git-fixes)
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds
(git-fixes)
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- arm64/mm: Validate hotplug range before creating linear mapping
(git-fixes)
- bpf: Compile out btf_parse_module() if module BTF is not enabled
(git-fixes).
- cgroup: cgroup_get_from_id() must check the looked-up kn is a directory
(bsc#1203906).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- drm/radeon: add a force flush to delay work when radeon (git-fixes).
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as
other kernel binary packages there is no need to carry duplicate sources
in dtb packages.
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
(git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace
is dead (git-fixes).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx
(git-fixes).
- HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message
(git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is configured
(bsc#1203737).
- Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
- Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
- JFS: fix GPF in diFree (bsc#1203389).
- JFS: fix memleak in jfs_mount (git-fixes).
- JFS: more checks for invalid superblock (git-fixes).
- JFS: prevent NULL deref in diFree (bsc#1203389).
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: do not verify the signature without the lockdown or mandatory
signature (bsc#1203737).
- kexec: drop weak attribute from arch_kexec_apply_relocations[_add]
(bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
- kexec: KEYS: s390: Make use of built-in and secondary keyring for
signature verification (bsc#1196444).
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
(git-fixes).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
(git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical
#GP (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
bsc#1203159).
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock
(bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified beginning
(bsc#1201990).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).
- NFS: Fix races in the legacy idmapper upcall (git-fixes).
- NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
- NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvmet: Expose max queues to configfs (bsc#1201865).
- of: device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap
fixes (git-fixes).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- psi: Fix uaf issue when psi trigger is destroyed while being polled
(bsc#1203909).
- regulator: core: Clean up on enable failure (git-fixes).
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode (bsc#1202984
LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984
LTC#199607).
- s390/qeth: set static link info during initialization (bsc#1202984
LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984
LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607).
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
(git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID
cases (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling
(bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload
(bsc#1203939).
- scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same
NPort ID (bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed
phba (bsc#1185032 bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
(bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE
(bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential padding
(bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency
(bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN Manager
application (bsc#1203939).
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status
(bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1()
(bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX
(bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1203935).
- scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational
(bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading
stale packets" (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: sg: Allow waiting for commands to complete on removed device
(git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
(git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- struct ehci_hcd: hide new member (git-fixes).
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).
- SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: fix expiry of auth creds (git-fixes).
- SUNRPC: Fix misplaced barrier in call_decode (git-fixes).
- SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before reuse
(git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
- USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- USB: core: Fix RST error in hub.c (git-fixes).
- USB: core: Prevent nested device-reset calls (git-fixes).
- USB: dwc3: disable USB core PHY management (git-fixes).
- USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- USB: otg-fsm: Fix hrtimer list corruption (git-fixes).
- USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- USB: serial: ch341: fix lost character on LCR updates (git-fixes).
- USB: serial: ch341: name prescaler, divisor registers (git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
(git-fixes).
- USB: serial: option: add support for OPPO R11 diag port (git-fixes).
- USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).
- USB: struct usb_device: hide new member (git-fixes).
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- watchdog: wdat_wdt: Set the min and max timeout values properly
(bsc#1194023).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- x86/bugs: Reenable retbleed=off While for older kernels the return
thunks are statically built in and cannot be dynamically patched out,
retbleed=off should still work so that it can be disabled.
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3775=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3775=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3775=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3775=1
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3775=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3775=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3775=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3775=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3775=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3775=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3775=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
kernel-default-5.3.18-150300.59.98.1
kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.98.1
dtb-zte-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.98.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.98.1
dlm-kmp-default-5.3.18-150300.59.98.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.98.1
gfs2-kmp-default-5.3.18-150300.59.98.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-5.3.18-150300.59.98.1
kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-base-rebuild-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
kernel-default-devel-5.3.18-150300.59.98.1
kernel-default-devel-debuginfo-5.3.18-150300.59.98.1
kernel-default-extra-5.3.18-150300.59.98.1
kernel-default-extra-debuginfo-5.3.18-150300.59.98.1
kernel-default-livepatch-5.3.18-150300.59.98.1
kernel-default-livepatch-devel-5.3.18-150300.59.98.1
kernel-default-optional-5.3.18-150300.59.98.1
kernel-default-optional-debuginfo-5.3.18-150300.59.98.1
kernel-obs-build-5.3.18-150300.59.98.1
kernel-obs-build-debugsource-5.3.18-150300.59.98.1
kernel-obs-qa-5.3.18-150300.59.98.1
kernel-syms-5.3.18-150300.59.98.1
kselftests-kmp-default-5.3.18-150300.59.98.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.98.1
ocfs2-kmp-default-5.3.18-150300.59.98.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1
reiserfs-kmp-default-5.3.18-150300.59.98.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.98.1
kernel-debug-debuginfo-5.3.18-150300.59.98.1
kernel-debug-debugsource-5.3.18-150300.59.98.1
kernel-debug-devel-5.3.18-150300.59.98.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.98.1
kernel-debug-livepatch-devel-5.3.18-150300.59.98.1
kernel-kvmsmall-5.3.18-150300.59.98.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.98.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.98.1
kernel-kvmsmall-devel-5.3.18-150300.59.98.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.98.1
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.98.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
dlm-kmp-preempt-5.3.18-150300.59.98.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
gfs2-kmp-preempt-5.3.18-150300.59.98.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-5.3.18-150300.59.98.1
kernel-preempt-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-debugsource-5.3.18-150300.59.98.1
kernel-preempt-devel-5.3.18-150300.59.98.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-extra-5.3.18-150300.59.98.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.98.1
kernel-preempt-optional-5.3.18-150300.59.98.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.98.1
kselftests-kmp-preempt-5.3.18-150300.59.98.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
ocfs2-kmp-preempt-5.3.18-150300.59.98.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
reiserfs-kmp-preempt-5.3.18-150300.59.98.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.98.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
dlm-kmp-64kb-5.3.18-150300.59.98.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
dtb-al-5.3.18-150300.59.98.1
dtb-allwinner-5.3.18-150300.59.98.1
dtb-altera-5.3.18-150300.59.98.1
dtb-amd-5.3.18-150300.59.98.1
dtb-amlogic-5.3.18-150300.59.98.1
dtb-apm-5.3.18-150300.59.98.1
dtb-arm-5.3.18-150300.59.98.1
dtb-broadcom-5.3.18-150300.59.98.1
dtb-cavium-5.3.18-150300.59.98.1
dtb-exynos-5.3.18-150300.59.98.1
dtb-freescale-5.3.18-150300.59.98.1
dtb-hisilicon-5.3.18-150300.59.98.1
dtb-lg-5.3.18-150300.59.98.1
dtb-marvell-5.3.18-150300.59.98.1
dtb-mediatek-5.3.18-150300.59.98.1
dtb-nvidia-5.3.18-150300.59.98.1
dtb-qcom-5.3.18-150300.59.98.1
dtb-renesas-5.3.18-150300.59.98.1
dtb-rockchip-5.3.18-150300.59.98.1
dtb-socionext-5.3.18-150300.59.98.1
dtb-sprd-5.3.18-150300.59.98.1
dtb-xilinx-5.3.18-150300.59.98.1
dtb-zte-5.3.18-150300.59.98.1
gfs2-kmp-64kb-5.3.18-150300.59.98.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
kernel-64kb-5.3.18-150300.59.98.1
kernel-64kb-debuginfo-5.3.18-150300.59.98.1
kernel-64kb-debugsource-5.3.18-150300.59.98.1
kernel-64kb-devel-5.3.18-150300.59.98.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.98.1
kernel-64kb-extra-5.3.18-150300.59.98.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.98.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.98.1
kernel-64kb-optional-5.3.18-150300.59.98.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.98.1
kselftests-kmp-64kb-5.3.18-150300.59.98.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
ocfs2-kmp-64kb-5.3.18-150300.59.98.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
reiserfs-kmp-64kb-5.3.18-150300.59.98.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.98.1
kernel-docs-5.3.18-150300.59.98.1
kernel-docs-html-5.3.18-150300.59.98.1
kernel-macros-5.3.18-150300.59.98.1
kernel-source-5.3.18-150300.59.98.1
kernel-source-vanilla-5.3.18-150300.59.98.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.98.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.98.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
kernel-default-extra-5.3.18-150300.59.98.1
kernel-default-extra-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-debugsource-5.3.18-150300.59.98.1
kernel-preempt-extra-5.3.18-150300.59.98.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
kernel-default-livepatch-5.3.18-150300.59.98.1
kernel-default-livepatch-devel-5.3.18-150300.59.98.1
kernel-livepatch-5_3_18-150300_59_98-default-1-150300.7.5.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
reiserfs-kmp-default-5.3.18-150300.59.98.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.3.18-150300.59.98.1
kernel-obs-build-debugsource-5.3.18-150300.59.98.1
kernel-syms-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-debugsource-5.3.18-150300.59.98.1
kernel-preempt-devel-5.3.18-150300.59.98.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-150300.59.98.1
kernel-source-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-150300.59.98.1
kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
kernel-default-devel-5.3.18-150300.59.98.1
kernel-default-devel-debuginfo-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-150300.59.98.1
kernel-preempt-debuginfo-5.3.18-150300.59.98.1
kernel-preempt-debugsource-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-150300.59.98.1
kernel-64kb-debuginfo-5.3.18-150300.59.98.1
kernel-64kb-debugsource-5.3.18-150300.59.98.1
kernel-64kb-devel-5.3.18-150300.59.98.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-150300.59.98.1
kernel-macros-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.98.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.98.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.98.1
kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.98.1
kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.98.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.98.1
dlm-kmp-default-5.3.18-150300.59.98.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.98.1
gfs2-kmp-default-5.3.18-150300.59.98.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debuginfo-5.3.18-150300.59.98.1
kernel-default-debugsource-5.3.18-150300.59.98.1
ocfs2-kmp-default-5.3.18-150300.59.98.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1
References:
https://www.suse.com/security/cve/CVE-2020-16119.html
https://www.suse.com/security/cve/CVE-2022-20008.html
https://www.suse.com/security/cve/CVE-2022-2503.html
https://www.suse.com/security/cve/CVE-2022-2586.html
https://www.suse.com/security/cve/CVE-2022-3169.html
https://www.suse.com/security/cve/CVE-2022-3239.html
https://www.suse.com/security/cve/CVE-2022-3303.html
https://www.suse.com/security/cve/CVE-2022-40768.html
https://www.suse.com/security/cve/CVE-2022-41218.html
https://www.suse.com/security/cve/CVE-2022-41222.html
https://www.suse.com/security/cve/CVE-2022-41674.html
https://www.suse.com/security/cve/CVE-2022-41848.html
https://www.suse.com/security/cve/CVE-2022-41849.html
https://www.suse.com/security/cve/CVE-2022-42719.html
https://www.suse.com/security/cve/CVE-2022-42720.html
https://www.suse.com/security/cve/CVE-2022-42721.html
https://www.suse.com/security/cve/CVE-2022-42722.html
https://bugzilla.suse.com/1177471
https://bugzilla.suse.com/1185032
https://bugzilla.suse.com/1194023
https://bugzilla.suse.com/1196444
https://bugzilla.suse.com/1197659
https://bugzilla.suse.com/1199564
https://bugzilla.suse.com/1200313
https://bugzilla.suse.com/1200622
https://bugzilla.suse.com/1201309
https://bugzilla.suse.com/1201310
https://bugzilla.suse.com/1201489
https://bugzilla.suse.com/1201645
https://bugzilla.suse.com/1201865
https://bugzilla.suse.com/1201990
https://bugzilla.suse.com/1202095
https://bugzilla.suse.com/1202341
https://bugzilla.suse.com/1202385
https://bugzilla.suse.com/1202677
https://bugzilla.suse.com/1202960
https://bugzilla.suse.com/1202984
https://bugzilla.suse.com/1203159
https://bugzilla.suse.com/1203290
https://bugzilla.suse.com/1203313
https://bugzilla.suse.com/1203389
https://bugzilla.suse.com/1203410
https://bugzilla.suse.com/1203424
https://bugzilla.suse.com/1203514
https://bugzilla.suse.com/1203552
https://bugzilla.suse.com/1203622
https://bugzilla.suse.com/1203737
https://bugzilla.suse.com/1203769
https://bugzilla.suse.com/1203770
https://bugzilla.suse.com/1203906
https://bugzilla.suse.com/1203909
https://bugzilla.suse.com/1203935
https://bugzilla.suse.com/1203939
https://bugzilla.suse.com/1203987
https://bugzilla.suse.com/1203992
https://bugzilla.suse.com/1204051
https://bugzilla.suse.com/1204059
https://bugzilla.suse.com/1204060
https://bugzilla.suse.com/1204125
https://bugzilla.suse.com/1204289
https://bugzilla.suse.com/1204290
https://bugzilla.suse.com/1204291
https://bugzilla.suse.com/1204292
1
0
SUSE-SU-2022:3768-1: important: Security update for qemu
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3768-1
Rating: important
References: #1175144 #1182282 #1185000 #1192463 #1198035
#1198037 #1198038 #1201367
Cross-References: CVE-2020-17380 CVE-2021-3409 CVE-2021-3507
CVE-2021-4206 CVE-2021-4207 CVE-2022-0216
CVE-2022-35414
CVSS scores:
CVE-2020-17380 (NVD) : 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CVE-2020-17380 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3409 (NVD) : 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3409 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3507 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE-2021-3507 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 7 vulnerabilities and has one errata
is now available.
Description:
This update for qemu fixes the following issues:
- CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and
CVE-2020-25085 in sdhi controller. (bsc#1182282)
- CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead
to heap buffer overflow. (bsc#1198035)
- CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap
buffer overflow. (bsc#1198037)
- CVE-2022-0216: Fixed a use after free issue found in
hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation
that leads to a crash. (bsc#1201367)
- CVE-2021-3507: Fixed a heap buffer overflow in DMA read data transfers.
(bsc#1185000)
- CVE-2020-17380: Fixed a heap buffer overflow in
sdhci_sdma_transfer_multi_blocks. (bsc#1175144)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3768=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3768=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3768=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3768=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3768=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3768=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3768=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.3 (aarch64 x86_64):
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le):
qemu-ppc-3.1.1.1-150100.80.43.2
qemu-ppc-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x x86_64):
qemu-kvm-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le):
qemu-ppc-3.1.1.1-150100.80.43.2
qemu-ppc-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64):
qemu-arm-3.1.1.1-150100.80.43.2
qemu-arm-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
qemu-s390-3.1.1.1-150100.80.43.2
qemu-s390-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64):
qemu-arm-3.1.1.1-150100.80.43.2
qemu-arm-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64):
qemu-arm-3.1.1.1-150100.80.43.2
qemu-arm-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Enterprise Storage 6 (aarch64 x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Enterprise Storage 6 (aarch64):
qemu-arm-3.1.1.1-150100.80.43.2
qemu-arm-debuginfo-3.1.1.1-150100.80.43.2
- SUSE Enterprise Storage 6 (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE Enterprise Storage 6 (x86_64):
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
- SUSE CaaS Platform 4.0 (noarch):
qemu-ipxe-1.0.0+-150100.80.43.2
qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2
qemu-sgabios-8-150100.80.43.2
qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2
- SUSE CaaS Platform 4.0 (x86_64):
qemu-3.1.1.1-150100.80.43.2
qemu-audio-alsa-3.1.1.1-150100.80.43.2
qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-oss-3.1.1.1-150100.80.43.2
qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2
qemu-audio-pa-3.1.1.1-150100.80.43.2
qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-curl-3.1.1.1-150100.80.43.2
qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-iscsi-3.1.1.1-150100.80.43.2
qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-rbd-3.1.1.1-150100.80.43.2
qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2
qemu-block-ssh-3.1.1.1-150100.80.43.2
qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2
qemu-debuginfo-3.1.1.1-150100.80.43.2
qemu-debugsource-3.1.1.1-150100.80.43.2
qemu-guest-agent-3.1.1.1-150100.80.43.2
qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2
qemu-kvm-3.1.1.1-150100.80.43.2
qemu-lang-3.1.1.1-150100.80.43.2
qemu-tools-3.1.1.1-150100.80.43.2
qemu-tools-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-curses-3.1.1.1-150100.80.43.2
qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2
qemu-ui-gtk-3.1.1.1-150100.80.43.2
qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2
qemu-x86-3.1.1.1-150100.80.43.2
qemu-x86-debuginfo-3.1.1.1-150100.80.43.2
References:
https://www.suse.com/security/cve/CVE-2020-17380.html
https://www.suse.com/security/cve/CVE-2021-3409.html
https://www.suse.com/security/cve/CVE-2021-3507.html
https://www.suse.com/security/cve/CVE-2021-4206.html
https://www.suse.com/security/cve/CVE-2021-4207.html
https://www.suse.com/security/cve/CVE-2022-0216.html
https://www.suse.com/security/cve/CVE-2022-35414.html
https://bugzilla.suse.com/1175144
https://bugzilla.suse.com/1182282
https://bugzilla.suse.com/1185000
https://bugzilla.suse.com/1192463
https://bugzilla.suse.com/1198035
https://bugzilla.suse.com/1198037
https://bugzilla.suse.com/1198038
https://bugzilla.suse.com/1201367
1
0
SUSE-SU-2022:3751-1: moderate: Security update for SUSE Manager Client Tools
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3751-1
Rating: moderate
References: #1198903 #1201535 #1201539 SLE-23422 SLE-23439
SLE-24565 SLE-24791
Cross-References: CVE-2022-31097 CVE-2022-31107
CVSS scores:
CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
SUSE Manager Tools 15
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves two vulnerabilities, contains four
features and has one errata is now available.
Description:
This update fixes the following issues:
dracut-saltboot:
- Update to version 0.1.1661440542.6cbe0da
* Use standard susemanager.conf
* Move image services to dracut-saltboot package
* Use salt bundle
golang-github-lusitaniae-apache_exporter:
- Update to upstream release 0.11.0 (jsc#SLE-24791)
* Add TLS support
* Switch to logger, please check --log.level and --log.format flags
- Update to version 0.10.1
* Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
- Update to version 0.10.0
* Add Apache Proxy and other metrics
- Update to version 0.8.0
* Change commandline flags
* Add metrics: Apache version, request duration total
- Adapted to build on Enterprise Linux 8
- Require building with Go 1.15
- Add %license macro for LICENSE file
grafana:
- Update to version 8.3.10
+ Security:
* CVE-2022-31097: Cross Site Scripting vulnerability in the Unified
Alerting (bsc#1201535)
* CVE-2022-31107: Fixes OAuth account takeover vulnerability
(bsc#1201539)
- Update to version 8.3.9
+ Bug fixes:
* Geomap: Display legend
* Prometheus: Fix timestamp truncation
- Update to version 8.3.7
+ Bug fix:
* Provisioning: Ensure that the default value for orgID is set when
provisioning datasources to be deleted.
- Update to version 8.3.6
+ Features and enhancements:
* Cloud Monitoring: Reduce request size when listing labels.
* Explore: Show scalar data result in a table instead of graph.
* Snapshots: Updates the default external snapshot server URL.
* Table: Makes footer not overlap table content.
* Tempo: Add request histogram to service graph datalink.
* Tempo: Add time range to tempo search query behind a feature flag.
* Tempo: Auto-clear results when changing query type.
* Tempo: Display start time in search results as relative time.
* CloudMonitoring: Fix resource labels in query editor.
* Cursor sync: Apply the settings without saving the dashboard.
* LibraryPanels: Fix for Error while cleaning library panels.
* Logs Panel: Fix timestamp parsing for string dates without timezone.
* Prometheus: Fix some of the alerting queries that use reduce/math
operation.
* TablePanel: Fix ad-hoc variables not working on default datasources.
* Text Panel: Fix alignment of elements.
* Variables: Fix for constant variables in self referencing links.
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)
mgr-daemon:
- Version 4.3.6-1
* Update translation strings
spacecmd:
- Version 4.3.15-1
* Process date values in spacecmd api calls (bsc#1198903)
spacewalk-client-tools:
- Version 4.3.12-1
* Update translation strings
uyuni-common-libs:
- Version 4.3.6-1
* Do not allow creating path if nonexistent user or group in fileutils.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3751=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3751=1
- SUSE Manager Tools 15:
zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3751=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3751=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3751=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3751=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3751=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3751=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3751=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3751=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3751=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- openSUSE Leap 15.4 (noarch):
dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1
spacecmd-4.3.15-150000.3.86.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- openSUSE Leap 15.3 (noarch):
dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1
spacecmd-4.3.15-150000.3.86.1
- SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
grafana-8.3.10-150000.1.33.1
grafana-debuginfo-8.3.10-150000.1.33.1
python3-uyuni-common-libs-4.3.6-150000.1.27.2
- SUSE Manager Tools 15 (noarch):
dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1
mgr-daemon-4.3.6-150000.1.38.1
python3-spacewalk-check-4.3.12-150000.3.68.2
python3-spacewalk-client-setup-4.3.12-150000.3.68.2
python3-spacewalk-client-tools-4.3.12-150000.3.68.2
spacecmd-4.3.15-150000.3.86.1
spacewalk-check-4.3.12-150000.3.68.2
spacewalk-client-setup-4.3.12-150000.3.68.2
spacewalk-client-tools-4.3.12-150000.3.68.2
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1
golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1
References:
https://www.suse.com/security/cve/CVE-2022-31097.html
https://www.suse.com/security/cve/CVE-2022-31107.html
https://bugzilla.suse.com/1198903
https://bugzilla.suse.com/1201535
https://bugzilla.suse.com/1201539
1
0
SUSE-SU-2022:3773-1: important: Security update for curl
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for curl
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3773-1
Rating: important
References: #1204383
Cross-References: CVE-2022-32221
CVSS scores:
CVE-2022-32221 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3773=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3773=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3773=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3773=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3773=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3773=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3773=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3773=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3773=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3773=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3773=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3773=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3773=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3773=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- openSUSE Leap 15.3 (x86_64):
libcurl-devel-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Manager Server 4.1 (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Manager Proxy 4.1 (x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
curl-7.66.0-150200.4.42.1
curl-debuginfo-7.66.0-150200.4.42.1
curl-debugsource-7.66.0-150200.4.42.1
libcurl-devel-7.66.0-150200.4.42.1
libcurl4-7.66.0-150200.4.42.1
libcurl4-debuginfo-7.66.0-150200.4.42.1
- SUSE Enterprise Storage 7 (x86_64):
libcurl4-32bit-7.66.0-150200.4.42.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1
References:
https://www.suse.com/security/cve/CVE-2022-32221.html
https://bugzilla.suse.com/1204383
1
0
SUSE-SU-2022:3766-1: important: Security update for buildah
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for buildah
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3766-1
Rating: important
References: #1167864 #1181961 #1202812
Cross-References: CVE-2020-10696 CVE-2021-20206 CVE-2022-2990
CVSS scores:
CVE-2020-10696 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-10696 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2990 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2022-2990 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for buildah fixes the following issues:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to
execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being
overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed possible information disclosure and modification /
bsc#1202812
Buildah was updated to version 1.27.1:
* run: add container gid to additional groups
- Add fix for CVE-2022-2990 / bsc#1202812
Update to version 1.27.0:
* Don't try to call runLabelStdioPipes if spec.Linux is not set
* build: support filtering cache by duration using --cache-ttl
* build: support building from commit when using git repo as build context
* build: clean up git repos correctly when using subdirs
* integration tests: quote "?" in shell scripts
* test: manifest inspect should have OCIv1 annotation
* vendor: bump to c/common@87fab4b7019a
* Failure to determine a file or directory should print an error
* refactor: remove unused CommitOptions from generateBuildOutput
* stage_executor: generate output for cases with no commit
* stage_executor, commit: output only if last stage in build
* Use errors.Is() instead of os.Is{Not,}Exist
* Minor test tweak for podman-remote compatibility
* Cirrus: Use the latest imgts container
* imagebuildah: complain about the right Dockerfile
* tests: don't try to wrap `nil` errors
* cmd/buildah.commitCmd: don't shadow "err"
* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig
* Fix a copy/paste error message
* Fix a typo in an error message
* build,cache: support pulling/pushing cache layers to/from remote sources
* Update vendor of containers/(common, storage, image)
* Rename chroot/run.go to chroot/run_linux.go
* Don't bother telling codespell to skip files that don't exist
* Set user namespace defaults correctly for the library
* imagebuildah: optimize cache hits for COPY and ADD instructions
* Cirrus: Update VM images w/ updated bats
* docs, run: show SELinux label flag for cache and bind mounts
* imagebuildah, build: remove undefined concurrent writes
* bump github.com/opencontainers/runtime-tools
* Add FreeBSD support for 'buildah info'
* Vendor in latest containers/(storage, common, image)
* Add freebsd cross build targets
* Make the jail package build on 32bit platforms
* Cirrus: Ensure the build-push VM image is labeled
* GHA: Fix dynamic script filename
* Vendor in containers/(common, storage, image)
* Run codespell
* Remove import of github.com/pkg/errors
* Avoid using cgo in pkg/jail
* Rename footypes to fooTypes for naming consistency
* Move cleanupTempVolumes and cleanupRunMounts to run_common.go
* Make the various run mounts work for FreeBSD
* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go
* Move runSetupRunMounts to run_common.go
* Move cleanableDestinationListFromMounts to run_common.go
* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD
* Move setupMounts and runSetupBuiltinVolumes to run_common.go
* Tidy up - runMakeStdioPipe can't be shared with linux
* Move runAcceptTerminal to run_common.go
* Move stdio copying utilities to run_common.go
* Move runUsingRuntime and runCollectOutput to run_common.go
* Move fileCloser, waitForSync and contains to run_common.go
* Move checkAndOverrideIsolationOptions to run_common.go
* Move DefaultNamespaceOptions to run_common.go
* Move getNetworkInterface to run_common.go
* Move configureEnvironment to run_common.go
* Don't crash in configureUIDGID if Process.Capabilities is nil
* Move configureUIDGID to run_common.go
* Move runLookupPath to run_common.go
* Move setupTerminal to run_common.go
* Move etc file generation utilities to run_common.go
* Add run support for FreeBSD
* Add a simple FreeBSD jail library
* Add FreeBSD support to pkg/chrootuser
* Sync call signature for RunUsingChroot with chroot/run.go
* test: verify feature to resolve basename with args
* vendor: bump openshift/imagebuilder to master@4151e43
* GHA: Remove required reserved-name use
* buildah: set XDG_RUNTIME_DIR before setting default runroot
* imagebuildah: honor build output even if build container is not commited
* chroot: honor DefaultErrnoRet
* [CI:DOCS] improve pull-policy documentation
* tests: retrofit test since --file does not supports dir
* Switch to golang native error wrapping
* BuildDockerfiles: error out if path to containerfile is a directory
* define.downloadToDirectory: fail early if bad HTTP response
* GHA: Allow re-use of Cirrus-Cron fail-mail workflow
* add: fail on bad http response instead of writing to container
* [CI:DOCS] Update buildahimage comment
* lint: inspectable is never nil
* vendor: c/common to common@7e1563b
* build: support OCI hooks for ephemeral build containers
* [CI:BUILD] Install latest buildah instead of compiling
* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]
* Make sure cpp is installed in buildah images
* demo: use unshare for rootless invocations
* buildah.spec.rpkg: initial addition
* build: fix test for subid 4
* build, userns: add support for --userns=auto
* Fix building upstream buildah image
* Remove redundant buildahimages-are-sane validation
* Docs: Update multi-arch buildah images readme
* Cirrus: Migrate multiarch build off github actions
* retrofit-tests: we skip unused stages so use stages
* stage_executor: dont rely on stage while looking for additional-context
* buildkit, multistage: skip computing unwanted stages
* More test cleanup
* copier: work around freebsd bug for "mkdir /"
* Replace $BUILDAH_BINARY with buildah() function
* Fix up buildah images
* Make util and copier build on FreeBSD
* Vendor in latest github.com/sirupsen/logrus
* Makefile: allow building without .git
* run_unix: don't return an error from getNetworkInterface
* run_unix: return a valid DefaultNamespaceOptions
* Update vendor of containers/storage
* chroot: use ActKillThread instead of ActKill
* use resolvconf package from c/common/libnetwork
* update c/common to latest main
* copier: add `NoOverwriteNonDirDir` option
* Sort buildoptions and move cli/build functions to internal
* Fix TODO: de-spaghettify run mounts
* Move options parsing out of build.go and into pkg/cli
* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps
* build, multiarch: support splitting build logs for --platform
* [CI:BUILD] WIP Cleanup Image Dockerfiles
* cli remove stutter
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* Fix use generic/ambiguous DEBUG name
* Cirrus: use Ubuntu 22.04 LTS
* Fix codespell errors
* Remove util.StringInSlice because it is defined in containers/common
* buildah: add support for renaming a device in rootless setups
* squash: never use build cache when computing last step of last stage
* Update vendor of containers/(common, storage, image)
* buildkit: supports additionalBuildContext in builds via --build-context
* buildah source pull/push: show progress bar
* run: allow resuing secret twice in different RUN steps
* test helpers: default to being rootless-aware
* Add --cpp-flag flag to buildah build
* build: accept branch and subdirectory when context is git repo
* Vendor in latest containers/common
* vendor: update c/storage and c/image
* Fix gentoo install docs
* copier: move NSS load to new process
* Add test for prevention of reusing encrypted layers
* Make `buildah build --label foo` create an empty "foo" label again
Update to version 1.26.4:
* build, multiarch: support splitting build logs for --platform
* copier: add `NoOverwriteNonDirDir` option
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* buildkit: supports additionalBuildContext in builds via --build-context
* Add --cpp-flag flag to buildah build
Update to version 1.26.3:
* define.downloadToDirectory: fail early if bad HTTP response
* add: fail on bad http response instead of writing to container
* squash: never use build cache when computing last step of last stage
* run: allow resuing secret twice in different RUN steps
* integration tests: update expected error messages
* integration tests: quote "?" in shell scripts
* Use errors.Is() to check for storage errors
* lint: inspectable is never nil
* chroot: use ActKillThread instead of ActKill
* chroot: honor DefaultErrnoRet
* Set user namespace defaults correctly for the library
* contrib/rpm/buildah.spec: fix `rpm` parser warnings
Drop requires on apparmor pattern, should be moved elsewhere for systems
which want AppArmor instead of SELinux.
- Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file is
required to build.
Update to version 1.26.2:
* buildah: add support for renaming a device in rootless setups
Update to version 1.26.1:
* Make `buildah build --label foo` create an empty "foo" label again
* imagebuildah,build: move deepcopy of args before we spawn goroutine
* Vendor in containers/storage v1.40.2
* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated
* help output: get more consistent about option usage text
* Handle OS version and features flags
* buildah build: --annotation and --label should remove values
* buildah build: add a --env
* buildah: deep copy options.Args before performing concurrent build/stage
* test: inline platform and builtinargs behaviour
* vendor: bump imagebuilder to master/009dbc6
* build: automatically set correct TARGETPLATFORM where expected
* Vendor in containers/(common, storage, image)
* imagebuildah, executor: process arg variables while populating baseMap
* buildkit: add support for custom build output with --output
* Cirrus: Update CI VMs to F36
* fix staticcheck linter warning for deprecated function
* Fix docs build on FreeBSD
* copier.unwrapError(): update for Go 1.16
* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit
* copier.Put(): write to read-only directories
* Ed's periodic test cleanup
* using consistent lowercase 'invalid' word in returned err msg
* use etchosts package from c/common
* run: set actual hostname in /etc/hostname to match docker parity
* Update vendor of containers/(common,storage,image)
* manifest-create: allow creating manifest list from local image
* Update vendor of storage,common,image
* Initialize network backend before first pull
* oci spec: change special mount points for namespaces
* tests/helpers.bash: assert handle corner cases correctly
* buildah: actually use containers.conf settings
* integration tests: learn to start a dummy registry
* Fix error check to work on Podman
* buildah build should accept at most one arg
* tests: reduce concurrency for flaky bud-multiple-platform-no-run
* vendor in latest containers/common,image,storage
* manifest-add: allow override arch,variant while adding image
* Remove a stray `\` from .containerenv
* Vendor in latest opencontainers/selinux v1.10.1
* build, commit: allow removing default identity labels
* Create shorter names for containers based on image IDs
* test: skip rootless on cgroupv2 in root env
* fix hang when oci runtime fails
* Set permissions for GitHub actions
* copier test: use correct UID/GID in test archives
* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3766=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3766=1
- SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3766=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3766=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3766=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3766=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libgpg-error-debugsource-1.42-150300.9.3.1
libgpg-error0-1.42-150300.9.3.1
libgpg-error0-debuginfo-1.42-150300.9.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
buildah-1.27.1-150300.8.11.1
libgpg-error-debugsource-1.42-150300.9.3.1
libgpg-error-devel-1.42-150300.9.3.1
libgpg-error-devel-debuginfo-1.42-150300.9.3.1
libgpg-error0-1.42-150300.9.3.1
libgpg-error0-debuginfo-1.42-150300.9.3.1
- openSUSE Leap 15.3 (x86_64):
libgpg-error-devel-32bit-1.42-150300.9.3.1
libgpg-error-devel-32bit-debuginfo-1.42-150300.9.3.1
libgpg-error0-32bit-1.42-150300.9.3.1
libgpg-error0-32bit-debuginfo-1.42-150300.9.3.1
- SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64):
buildah-1.27.1-150300.8.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libgpg-error-debugsource-1.42-150300.9.3.1
libgpg-error-devel-1.42-150300.9.3.1
libgpg-error-devel-debuginfo-1.42-150300.9.3.1
libgpg-error0-1.42-150300.9.3.1
libgpg-error0-debuginfo-1.42-150300.9.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libgpg-error0-32bit-1.42-150300.9.3.1
libgpg-error0-32bit-debuginfo-1.42-150300.9.3.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libgpg-error-debugsource-1.42-150300.9.3.1
libgpg-error0-1.42-150300.9.3.1
libgpg-error0-debuginfo-1.42-150300.9.3.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libgpg-error-debugsource-1.42-150300.9.3.1
libgpg-error0-1.42-150300.9.3.1
libgpg-error0-debuginfo-1.42-150300.9.3.1
References:
https://www.suse.com/security/cve/CVE-2020-10696.html
https://www.suse.com/security/cve/CVE-2021-20206.html
https://www.suse.com/security/cve/CVE-2022-2990.html
https://bugzilla.suse.com/1167864
https://bugzilla.suse.com/1181961
https://bugzilla.suse.com/1202812
1
0
SUSE-SU-2022:3765-1: important: Security update for grafana
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for grafana
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3765-1
Rating: important
References: #1195726 #1195727 #1195728 #1201535 #1201539
SLE-23422 SLE-23439 SLE-24565
Cross-References: CVE-2022-21702 CVE-2022-21703 CVE-2022-21713
CVE-2022-31097 CVE-2022-31107
CVSS scores:
CVE-2022-21702 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2022-21702 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
CVE-2022-21703 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-21703 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2022-21713 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 5 vulnerabilities, contains three
features is now available.
Description:
This update for grafana fixes the following issues:
Updated to version 8.3.10 (jsc#SLE-24565, jsc#SLE-23422, jsc#SLE-23439):
- CVE-2022-31097: Fixed XSS vulnerability in the Unified Alerting
(bsc#1201535).
- CVE-2022-31107: Fixed OAuth account takeover vulnerability
(bsc#1201539).
- CVE-2022-21702: Fixed XSS through attacker-controlled data source
(bsc#1195726).
- CVE-2022-21703: Fixed Cross Site Request Forgery (bsc#1195727).
- CVE-2022-21713: Fixed Teams API IDOR (bsc#1195728).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3765=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3765=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3765=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
grafana-8.3.10-150200.3.26.1
grafana-debuginfo-8.3.10-150200.3.26.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
grafana-8.3.10-150200.3.26.1
grafana-debuginfo-8.3.10-150200.3.26.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64):
grafana-8.3.10-150200.3.26.1
References:
https://www.suse.com/security/cve/CVE-2022-21702.html
https://www.suse.com/security/cve/CVE-2022-21703.html
https://www.suse.com/security/cve/CVE-2022-21713.html
https://www.suse.com/security/cve/CVE-2022-31097.html
https://www.suse.com/security/cve/CVE-2022-31107.html
https://bugzilla.suse.com/1195726
https://bugzilla.suse.com/1195727
https://bugzilla.suse.com/1195728
https://bugzilla.suse.com/1201535
https://bugzilla.suse.com/1201539
1
0
SUSE-SU-2022:3745-1: moderate: Security update for golang-github-prometheus-node_exporter
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Security update for golang-github-prometheus-node_exporter
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3745-1
Rating: moderate
References: #1196338 SLE-24238 SLE-24239
Cross-References: CVE-2022-21698
CVSS scores:
CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability, contains two
features is now available.
Description:
This update for golang-github-prometheus-node_exporter fixes the following
issues:
(bsc#1196338, jsc#SLE-24238, jsc#SLE-24239, jsc#SUMA-114, CVE-2022-21698)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3745=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3745=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3745=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3745=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3745=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3745=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3745=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3745=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3745=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3745=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3745=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3745=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3745=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3745=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3745=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3745=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3745=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3745=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3745=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Manager Proxy 4.1 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
- SUSE CaaS Platform 4.0 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-150100.3.18.1
References:
https://www.suse.com/security/cve/CVE-2022-21698.html
https://bugzilla.suse.com/1196338
1
0
SUSE-SU-2022:3767-1: important: Recommended update for bind
by opensuse-security@opensuse.org 26 Oct '22
by opensuse-security@opensuse.org 26 Oct '22
26 Oct '22
SUSE Security Update: Recommended update for bind
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3767-1
Rating: important
References: #1201689 #1203250 #1203614 #1203618 #1203619
#1203620 SLE-24600
Cross-References: CVE-2022-2795 CVE-2022-3080 CVE-2022-38177
CVE-2022-38178
CVSS scores:
CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-3080 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3080 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves four vulnerabilities, contains one
feature and has two fixes is now available.
Description:
This update for bind fixes the following issues:
Update to release 9.16.33:
- CVE-2022-2795: Fixed potential performance degredation due to missing
database lookup limits when processing large delegations (bsc#1203614).
- CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in
the cache for the incoming query and the stale-answer-client-timeout
option is set to 0 (bsc#1203618).
- CVE-2022-38177: Fixed a memory leak that could be externally triggered
in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
- CVE-2022-38178: Fixed memory leaks that could be externally triggered in
the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).
- Add systemd drop-in directory for named service (bsc#1201689).
- Add modified createNamedConfInclude script and README-bind.chrootenv
(bsc#1203250).
- Feature Changes:
- Response Rate Limiting (RRL) code now treats all QNAMEs that are
subject to wildcard processing within a given zone as the same name,
to prevent circumventing the limits enforced by RRL.
- Zones using dnssec-policy now require dynamic DNS or inline-signing to
be configured explicitly.
- A backward-compatible approach was implemented for encoding
internationalized domain names (IDN) in dig and converting the domain
to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion.
- The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically
disabled on systems where they are disallowed by the security policy.
Primary zones using those algorithms need to be migrated to new
algorithms prior to running on these systems, as graceful migration to
different DNSSEC algorithms is not possible when RSASHA1 is disallowed
by the operating system.
- Log messages related to fetch limiting have been improved to provide
more complete information. Specifically, the final counts of allowed
and spilled fetches are now logged before the counter object is
destroyed.
- Non-dynamic zones that inherit dnssec-policy from the view or options
blocks were not marked as inline-signed and therefore never scheduled
to be re-signed. This has been fixed.
- The old max-zone-ttl zone option was meant to be superseded by the
max-zone-ttl option in dnssec-policy; however, the latter option was
not fully effective. This has been corrected: zones no longer load if
they contain TTLs greater than the limit configured in dnssec-policy.
For zones with both the old max-zone-ttl option and dnssec-policy
configured, the old option is ignored, and a warning is generated.
- rndc dumpdb -expired was fixed to include expired RRsets, even if
stale-cache-enable is set to no and the cache-cleaning time window has
passed. (jsc#SLE-24600)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3767=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3767=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3767=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
bind-9.16.33-150400.5.11.1
bind-debuginfo-9.16.33-150400.5.11.1
bind-debugsource-9.16.33-150400.5.11.1
bind-utils-9.16.33-150400.5.11.1
bind-utils-debuginfo-9.16.33-150400.5.11.1
- openSUSE Leap 15.4 (noarch):
bind-doc-9.16.33-150400.5.11.1
python3-bind-9.16.33-150400.5.11.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
bind-9.16.33-150400.5.11.1
bind-debuginfo-9.16.33-150400.5.11.1
bind-debugsource-9.16.33-150400.5.11.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
bind-doc-9.16.33-150400.5.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
bind-debuginfo-9.16.33-150400.5.11.1
bind-debugsource-9.16.33-150400.5.11.1
bind-utils-9.16.33-150400.5.11.1
bind-utils-debuginfo-9.16.33-150400.5.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
python3-bind-9.16.33-150400.5.11.1
References:
https://www.suse.com/security/cve/CVE-2022-2795.html
https://www.suse.com/security/cve/CVE-2022-3080.html
https://www.suse.com/security/cve/CVE-2022-38177.html
https://www.suse.com/security/cve/CVE-2022-38178.html
https://bugzilla.suse.com/1201689
https://bugzilla.suse.com/1203250
https://bugzilla.suse.com/1203614
https://bugzilla.suse.com/1203618
https://bugzilla.suse.com/1203619
https://bugzilla.suse.com/1203620
1
0
SUSE-SU-2022:3729-1: important: Security update for bind
by opensuse-security@opensuse.org 25 Oct '22
by opensuse-security@opensuse.org 25 Oct '22
25 Oct '22
SUSE Security Update: Security update for bind
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3729-1
Rating: important
References: #1203614 #1203619 #1203620
Cross-References: CVE-2022-2795 CVE-2022-38177 CVE-2022-38178
CVSS scores:
CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for bind fixes the following issues:
- CVE-2022-2795: Fixed potential performance degredation due to missing
database lookup limits when processing large delegations (bsc#1203614).
- CVE-2022-38177: Fixed a memory leak that could be externally triggered
in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
- CVE-2022-38178: Fixed memory leaks that could be externally triggered
in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3729=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3729=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3729=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3729=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3729=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3729=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3729=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3729=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3729=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3729=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3729=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3729=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3729=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3729=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3729=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3729=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (x86_64):
bind-devel-32bit-9.16.6-150000.12.63.1
libbind9-1600-32bit-9.16.6-150000.12.63.1
libbind9-1600-32bit-debuginfo-9.16.6-150000.12.63.1
libdns1605-32bit-9.16.6-150000.12.63.1
libdns1605-32bit-debuginfo-9.16.6-150000.12.63.1
libirs1601-32bit-9.16.6-150000.12.63.1
libirs1601-32bit-debuginfo-9.16.6-150000.12.63.1
libisc1606-32bit-9.16.6-150000.12.63.1
libisc1606-32bit-debuginfo-9.16.6-150000.12.63.1
libisccc1600-32bit-9.16.6-150000.12.63.1
libisccc1600-32bit-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-32bit-9.16.6-150000.12.63.1
libisccfg1600-32bit-debuginfo-9.16.6-150000.12.63.1
libns1604-32bit-9.16.6-150000.12.63.1
libns1604-32bit-debuginfo-9.16.6-150000.12.63.1
- openSUSE Leap 15.3 (x86_64):
bind-devel-32bit-9.16.6-150000.12.63.1
libbind9-1600-32bit-9.16.6-150000.12.63.1
libbind9-1600-32bit-debuginfo-9.16.6-150000.12.63.1
libdns1605-32bit-9.16.6-150000.12.63.1
libdns1605-32bit-debuginfo-9.16.6-150000.12.63.1
libirs1601-32bit-9.16.6-150000.12.63.1
libirs1601-32bit-debuginfo-9.16.6-150000.12.63.1
libisc1606-32bit-9.16.6-150000.12.63.1
libisc1606-32bit-debuginfo-9.16.6-150000.12.63.1
libisccc1600-32bit-9.16.6-150000.12.63.1
libisccc1600-32bit-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-32bit-9.16.6-150000.12.63.1
libisccfg1600-32bit-debuginfo-9.16.6-150000.12.63.1
libns1604-32bit-9.16.6-150000.12.63.1
libns1604-32bit-debuginfo-9.16.6-150000.12.63.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Manager Server 4.1 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Manager Proxy 4.1 (x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Manager Proxy 4.1 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Enterprise Storage 7 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
- SUSE Enterprise Storage 6 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE CaaS Platform 4.0 (noarch):
bind-doc-9.16.6-150000.12.63.1
python3-bind-9.16.6-150000.12.63.1
- SUSE CaaS Platform 4.0 (x86_64):
bind-9.16.6-150000.12.63.1
bind-chrootenv-9.16.6-150000.12.63.1
bind-debuginfo-9.16.6-150000.12.63.1
bind-debugsource-9.16.6-150000.12.63.1
bind-devel-9.16.6-150000.12.63.1
bind-utils-9.16.6-150000.12.63.1
bind-utils-debuginfo-9.16.6-150000.12.63.1
libbind9-1600-9.16.6-150000.12.63.1
libbind9-1600-debuginfo-9.16.6-150000.12.63.1
libdns1605-9.16.6-150000.12.63.1
libdns1605-debuginfo-9.16.6-150000.12.63.1
libirs-devel-9.16.6-150000.12.63.1
libirs1601-9.16.6-150000.12.63.1
libirs1601-debuginfo-9.16.6-150000.12.63.1
libisc1606-9.16.6-150000.12.63.1
libisc1606-debuginfo-9.16.6-150000.12.63.1
libisccc1600-9.16.6-150000.12.63.1
libisccc1600-debuginfo-9.16.6-150000.12.63.1
libisccfg1600-9.16.6-150000.12.63.1
libisccfg1600-debuginfo-9.16.6-150000.12.63.1
libns1604-9.16.6-150000.12.63.1
libns1604-debuginfo-9.16.6-150000.12.63.1
References:
https://www.suse.com/security/cve/CVE-2022-2795.html
https://www.suse.com/security/cve/CVE-2022-38177.html
https://www.suse.com/security/cve/CVE-2022-38178.html
https://bugzilla.suse.com/1203614
https://bugzilla.suse.com/1203619
https://bugzilla.suse.com/1203620
1
0
SUSE-SU-2022:3730-1: important: Security update for python-paramiko
by opensuse-security@opensuse.org 25 Oct '22
by opensuse-security@opensuse.org 25 Oct '22
25 Oct '22
SUSE Security Update: Security update for python-paramiko
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3730-1
Rating: important
References: #1111151 #1200603
Cross-References: CVE-2018-1000805
CVSS scores:
CVE-2018-1000805 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2018-1000805 (SUSE): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Python2 15-SP3
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for python-paramiko fixes the following issues:
Updated to version 2.4.3:
- CVE-2018-1000805: Fixed authentication bypass (bsc#1111151).
Bugfixes:
- Fixed Ed25519 key handling for certain key comment lengths (bsc#1200603).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3730=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3730=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3730=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3730=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3730=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3730=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3730=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3730=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3730=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3730=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3730=1
- SUSE Linux Enterprise Module for Python2 15-SP3:
zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3730=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3730=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3730=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3730=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3730=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3730=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3730=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3730=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3730=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (noarch):
python-paramiko-doc-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- openSUSE Leap 15.3 (noarch):
python-paramiko-doc-2.4.3-150100.6.15.1
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Manager Server 4.1 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Manager Proxy 4.1 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Module for Python2 15-SP3 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Enterprise Storage 7 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE Enterprise Storage 6 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
- SUSE CaaS Platform 4.0 (noarch):
python2-paramiko-2.4.3-150100.6.15.1
python3-paramiko-2.4.3-150100.6.15.1
References:
https://www.suse.com/security/cve/CVE-2018-1000805.html
https://bugzilla.suse.com/1111151
https://bugzilla.suse.com/1200603
1
0
SUSE-SU-2022:3731-1: important: Security update for python-waitress
by opensuse-security@opensuse.org 25 Oct '22
by opensuse-security@opensuse.org 25 Oct '22
25 Oct '22
SUSE Security Update: Security update for python-waitress
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3731-1
Rating: important
References: #1197255
Cross-References: CVE-2022-24761
CVSS scores:
CVE-2022-24761 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-24761 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-waitress fixes the following issues:
- CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP
requests leading to request smuggling. (bsc#1197255)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3731=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3731=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3731=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3731=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3731=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3731=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3731=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3731=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3731=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3731=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3731=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3731=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3731=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3731=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3731=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3731=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3731=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3731=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3731=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3731=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- openSUSE Leap 15.3 (noarch):
python2-waitress-1.4.3-150000.3.6.1
python3-waitress-1.4.3-150000.3.6.1
- SUSE Manager Server 4.1 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Manager Proxy 4.1 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch):
python2-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
python2-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Enterprise Storage 7 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE Enterprise Storage 6 (noarch):
python3-waitress-1.4.3-150000.3.6.1
- SUSE CaaS Platform 4.0 (noarch):
python3-waitress-1.4.3-150000.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-24761.html
https://bugzilla.suse.com/1197255
1
0
25 Oct '22
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3727-1
Rating: moderate
References: #1027519 #1167608 #1201631 #1201994 #1203806
#1203807
Cross-References: CVE-2022-33746 CVE-2022-33748
CVSS scores:
CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves two vulnerabilities and has four
fixes is now available.
Description:
This update for xen fixes the following issues:
Updated to version 4.16.2 (bsc#1027519):
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing
(bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
Bugfixes:
- Fixed Xen DomU unable to emulate audio device (bsc#1201994).
- Fixed logic error in built-in default of max_event_channels
(bsc#1167608, bsc#1201631).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3727=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3727=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3727=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3727=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
xen-4.16.2_06-150400.4.11.1
xen-debugsource-4.16.2_06-150400.4.11.1
xen-devel-4.16.2_06-150400.4.11.1
xen-doc-html-4.16.2_06-150400.4.11.1
xen-libs-4.16.2_06-150400.4.11.1
xen-libs-debuginfo-4.16.2_06-150400.4.11.1
xen-tools-4.16.2_06-150400.4.11.1
xen-tools-debuginfo-4.16.2_06-150400.4.11.1
xen-tools-domU-4.16.2_06-150400.4.11.1
xen-tools-domU-debuginfo-4.16.2_06-150400.4.11.1
- openSUSE Leap 15.4 (x86_64):
xen-libs-32bit-4.16.2_06-150400.4.11.1
xen-libs-32bit-debuginfo-4.16.2_06-150400.4.11.1
- openSUSE Leap 15.4 (noarch):
xen-tools-xendomains-wait-disk-4.16.2_06-150400.4.11.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64):
xen-4.16.2_06-150400.4.11.1
xen-debugsource-4.16.2_06-150400.4.11.1
xen-devel-4.16.2_06-150400.4.11.1
xen-tools-4.16.2_06-150400.4.11.1
xen-tools-debuginfo-4.16.2_06-150400.4.11.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
xen-tools-xendomains-wait-disk-4.16.2_06-150400.4.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
xen-debugsource-4.16.2_06-150400.4.11.1
xen-libs-4.16.2_06-150400.4.11.1
xen-libs-debuginfo-4.16.2_06-150400.4.11.1
xen-tools-domU-4.16.2_06-150400.4.11.1
xen-tools-domU-debuginfo-4.16.2_06-150400.4.11.1
- SUSE Linux Enterprise Micro 5.3 (x86_64):
xen-debugsource-4.16.2_06-150400.4.11.1
xen-libs-4.16.2_06-150400.4.11.1
xen-libs-debuginfo-4.16.2_06-150400.4.11.1
References:
https://www.suse.com/security/cve/CVE-2022-33746.html
https://www.suse.com/security/cve/CVE-2022-33748.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1167608
https://bugzilla.suse.com/1201631
https://bugzilla.suse.com/1201994
https://bugzilla.suse.com/1203806
https://bugzilla.suse.com/1203807
1
0
SUSE-SU-2022:3726-1: important: Security update for MozillaFirefox
by opensuse-security@opensuse.org 25 Oct '22
by opensuse-security@opensuse.org 25 Oct '22
25 Oct '22
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3726-1
Rating: important
References: #1204421
Cross-References: CVE-2022-42927 CVE-2022-42928 CVE-2022-42929
CVE-2022-42932
CVSS scores:
CVE-2022-42927 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-42928 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-42929 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-42932 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
- Updated to version 102.4.0 ESR (bsc#1204421)
- CVE-2022-42927: Fixed same-origin policy violation that could have
leaked cross-origin URLs.
- CVE-2022-42928: Fixed memory Corruption in JS Engine.
- CVE-2022-42929: Fixed denial of Service via window.print.
- CVE-2022-42932: Fixed memory safety bugs.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3726=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3726=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3726=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3726=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3726=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3726=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3726=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3726=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3726=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3726=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3726=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3726=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3726=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-branding-upstream-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-branding-upstream-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Manager Proxy 4.1 (x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64):
MozillaFirefox-devel-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64):
MozillaFirefox-devel-102.4.0-150200.152.64.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
MozillaFirefox-102.4.0-150200.152.64.1
MozillaFirefox-debuginfo-102.4.0-150200.152.64.1
MozillaFirefox-debugsource-102.4.0-150200.152.64.1
MozillaFirefox-devel-102.4.0-150200.152.64.1
MozillaFirefox-translations-common-102.4.0-150200.152.64.1
MozillaFirefox-translations-other-102.4.0-150200.152.64.1
References:
https://www.suse.com/security/cve/CVE-2022-42927.html
https://www.suse.com/security/cve/CVE-2022-42928.html
https://www.suse.com/security/cve/CVE-2022-42929.html
https://www.suse.com/security/cve/CVE-2022-42932.html
https://bugzilla.suse.com/1204421
1
0
SUSE-SU-2022:3710-1: important: Security update for multipath-tools
by opensuse-security@opensuse.org 24 Oct '22
by opensuse-security@opensuse.org 24 Oct '22
24 Oct '22
SUSE Security Update: Security update for multipath-tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3710-1
Rating: important
References: #1189551 #1191900 #1195506 #1197570 #1202616
#1202739 PED-1448
Cross-References: CVE-2022-41973 CVE-2022-41974
CVSS scores:
CVE-2022-41973 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves two vulnerabilities, contains one
feature and has four fixes is now available.
Description:
This update for multipath-tools fixes the following issues:
- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd.
(bsc#1202739)
- multipathd: add "force_reconfigure" option (bsc#1189551) The command
"multipathd -kreconfigure" changes behavior: instead
of reloading every map, it checks map configuration and reloads
only modified maps. This speeds up the reconfigure operation
substantially. The old behavior can be reinstated by setting
"force_reconfigure yes" in multipath.conf (not recommended). Note:
"force_reconfigure yes" is not supported in SLE15-SP4 and beyond,
which provide the command "multipathd -k'reconfigure all'"
- multipathd: avoid stalled clients during reconfigure (bsc#1189551)
- multipathd: handle client disconnect correctly (bsc#1189551)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570)
- multipathd: disallow changing to/from fpin marginal paths on reconfig
- multipathd handle fpin events (bsc#1195506,jsc#PED-1448)
- multipath: fix exit status of multipath -T (bsc#1191900)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3710=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3710=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3710=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3710=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3710=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1
kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1
kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1
kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp0_2_0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libdmmp0_2_0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-devel-0.8.5+126+suse.8ce8da5-150300.2.14.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1
kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kpartx-0.8.5+126+suse.8ce8da5-150300.2.14.1
kpartx-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-0.8.5+126+suse.8ce8da5-150300.2.14.1
libmpath0-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debuginfo-0.8.5+126+suse.8ce8da5-150300.2.14.1
multipath-tools-debugsource-0.8.5+126+suse.8ce8da5-150300.2.14.1
References:
https://www.suse.com/security/cve/CVE-2022-41973.html
https://www.suse.com/security/cve/CVE-2022-41974.html
https://bugzilla.suse.com/1189551
https://bugzilla.suse.com/1191900
https://bugzilla.suse.com/1195506
https://bugzilla.suse.com/1197570
https://bugzilla.suse.com/1202616
https://bugzilla.suse.com/1202739
1
0
SUSE-SU-2022:3711-1: important: Security update for multipath-tools
by opensuse-security@opensuse.org 24 Oct '22
by opensuse-security@opensuse.org 24 Oct '22
24 Oct '22
SUSE Security Update: Security update for multipath-tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3711-1
Rating: important
References: #1197570 #1199342 #1199345 #1199346 #1199347
#1201483 #1202616 #1202739
Cross-References: CVE-2022-41973 CVE-2022-41974
CVSS scores:
CVE-2022-41973 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves two vulnerabilities and has 6 fixes
is now available.
Description:
This update for multipath-tools fixes the following issues:
- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd.
(bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- libmultipath: fix find_multipaths_timeout for unknown hardware
(bsc#1201483)
- multipath-tools: fix "multipath -ll" for Native NVME Multipath devices
(bsc#1201483)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346,
bsc#1197570)
- multipathd: avoid delays during uevent processing (bsc#1199347)
- multipathd: Don't keep starting TUR threads, if they always hang.
(bsc#1199345)
- Fix busy loop with delayed_reconfigure (bsc#1199342)
- multipath.conf: add support for "protocol" subsection in "overrides"
section to set certain config options by protocol.
- Removed the previously deprecated options getuid_callout, config_dir,
multipath_dir, pg_timeout
- Add disclaimer about vendor support
- Change built-in defaults for NVMe: group by prio, and immediate failback
- Fixes for minor issues reported by coverity
- Fix for memory leak with uid_attrs
- Updates for built in hardware db
- Logging improvements
- multipathd: use remove_map_callback for delayed reconfigure
- Fix handling of path addition in read-only arrays on NVMe
- Updates of built-in hardware database
- libmultipath: only warn once about unsupported dev_loss_tmo
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3711=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3711=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3711=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1
kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp-devel-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp0_2_0-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp0_2_0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-devel-0.9.0+62+suse.3e048d4-150400.4.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1
kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp-devel-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp0_2_0-0.9.0+62+suse.3e048d4-150400.4.7.1
libdmmp0_2_0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-devel-0.9.0+62+suse.3e048d4-150400.4.7.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1
kpartx-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-0.9.0+62+suse.3e048d4-150400.4.7.1
libmpath0-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debuginfo-0.9.0+62+suse.3e048d4-150400.4.7.1
multipath-tools-debugsource-0.9.0+62+suse.3e048d4-150400.4.7.1
References:
https://www.suse.com/security/cve/CVE-2022-41973.html
https://www.suse.com/security/cve/CVE-2022-41974.html
https://bugzilla.suse.com/1197570
https://bugzilla.suse.com/1199342
https://bugzilla.suse.com/1199345
https://bugzilla.suse.com/1199346
https://bugzilla.suse.com/1199347
https://bugzilla.suse.com/1201483
https://bugzilla.suse.com/1202616
https://bugzilla.suse.com/1202739
1
0
SUSE-SU-2022:3712-1: important: Security update for multipath-tools
by opensuse-security@opensuse.org 24 Oct '22
by opensuse-security@opensuse.org 24 Oct '22
24 Oct '22
SUSE Security Update: Security update for multipath-tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3712-1
Rating: important
References: #1202616 #1202739 #1204325
Cross-References: CVE-2022-41974
CVSS scores:
CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP 15
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for multipath-tools fixes the following issues:
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd.
(bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3712=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3712=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3712=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3712=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3712=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3712=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1
kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1
kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1
kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
kpartx-0.7.3+173+suse.7dd1b01-150000.3.29.1
kpartx-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-0.7.3+173+suse.7dd1b01-150000.3.29.1
libdmmp0_1_0-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-debugsource-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-devel-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-0.7.3+173+suse.7dd1b01-150000.3.29.1
multipath-tools-rbd-debuginfo-0.7.3+173+suse.7dd1b01-150000.3.29.1
References:
https://www.suse.com/security/cve/CVE-2022-41974.html
https://bugzilla.suse.com/1202616
https://bugzilla.suse.com/1202739
https://bugzilla.suse.com/1204325
1
0
SUSE-SU-2022:3693-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 22 Oct '22
by opensuse-security@opensuse.org 22 Oct '22
22 Oct '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3693-1
Rating: important
References: #1199564 #1200288 #1201309 #1202677 #1202960
#1203552 #1203769 #1203987 PED-529
Cross-References: CVE-2022-20008 CVE-2022-2503 CVE-2022-32296
CVE-2022-3239 CVE-2022-3303 CVE-2022-41218
CVE-2022-41848
CVSS scores:
CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-32296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 7 vulnerabilities, contains one
feature and has one errata is now available.
Description:
The SUSE Linux Enterprise 15-SP1 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-20008: Fixed local information disclosure due to possibility to
read kernel heap memory via mmc_blk_read_single of block.c (bnc#1199564).
- CVE-2022-2503: Fixed a vulnerability that allowed root to bypass LoadPin
and load untrusted and unverified kernel modules and firmware
(bnc#1202677).
- CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to
identify clients by observing what source ports are used (bnc#1200288).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that
could lead a local user to able to crash the system or escalate their
privileges (bnc#1203552).
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to
improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in
drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-41848: Fixed a race condition in
drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach
(bnc#1203987).
The following non-security bugs were fixed:
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as
other kernel binary packages there is no need to carry duplicate sources
in dtb packages.
- mkspec: eliminate @NOSOURCE@ macro This should be alsways used with
@SOURCES@, just include the content there.
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add the Linux MANA PF driver (bnc#1201309, jsc#PED-529).
- x86/bugs: Reenable retbleed=off While for older kernels the return
thunks are statically built in and cannot be dynamically patched out,
retbleed=off should still be possible to do so that the mitigation can
still be disabled on Intel who do not use the return thunks but IBRS.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3693=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3693=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3693=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3693=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3693=1
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3693=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3693=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3693=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3693=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3693=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-4.12.14-150100.197.126.1
kernel-vanilla-base-4.12.14-150100.197.126.1
kernel-vanilla-base-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-debugsource-4.12.14-150100.197.126.1
kernel-vanilla-devel-4.12.14-150100.197.126.1
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-livepatch-devel-4.12.14-150100.197.126.1
- openSUSE Leap 15.4 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.126.1
kernel-debug-base-debuginfo-4.12.14-150100.197.126.1
- openSUSE Leap 15.4 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.126.1
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.126.1
- openSUSE Leap 15.4 (s390x):
kernel-default-man-4.12.14-150100.197.126.1
kernel-zfcpdump-man-4.12.14-150100.197.126.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-4.12.14-150100.197.126.1
kernel-vanilla-base-4.12.14-150100.197.126.1
kernel-vanilla-base-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-debugsource-4.12.14-150100.197.126.1
kernel-vanilla-devel-4.12.14-150100.197.126.1
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.126.1
kernel-vanilla-livepatch-devel-4.12.14-150100.197.126.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.126.1
kernel-debug-base-debuginfo-4.12.14-150100.197.126.1
- openSUSE Leap 15.3 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.126.1
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.126.1
- openSUSE Leap 15.3 (s390x):
kernel-default-man-4.12.14-150100.197.126.1
kernel-zfcpdump-man-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
reiserfs-kmp-default-4.12.14-150100.197.126.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
reiserfs-kmp-default-4.12.14-150100.197.126.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
kernel-default-man-4.12.14-150100.197.126.1
kernel-zfcpdump-debuginfo-4.12.14-150100.197.126.1
kernel-zfcpdump-debugsource-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
reiserfs-kmp-default-4.12.14-150100.197.126.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-livepatch-4.12.14-150100.197.126.1
kernel-default-livepatch-devel-4.12.14-150100.197.126.1
kernel-livepatch-4_12_14-150100_197_126-default-1-150100.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-150100.197.126.1
cluster-md-kmp-default-debuginfo-4.12.14-150100.197.126.1
dlm-kmp-default-4.12.14-150100.197.126.1
dlm-kmp-default-debuginfo-4.12.14-150100.197.126.1
gfs2-kmp-default-4.12.14-150100.197.126.1
gfs2-kmp-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
ocfs2-kmp-default-4.12.14-150100.197.126.1
ocfs2-kmp-default-debuginfo-4.12.14-150100.197.126.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
reiserfs-kmp-default-4.12.14-150100.197.126.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1
- SUSE Enterprise Storage 6 (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE CaaS Platform 4.0 (noarch):
kernel-devel-4.12.14-150100.197.126.1
kernel-docs-4.12.14-150100.197.126.1
kernel-macros-4.12.14-150100.197.126.1
kernel-source-4.12.14-150100.197.126.1
- SUSE CaaS Platform 4.0 (x86_64):
kernel-default-4.12.14-150100.197.126.1
kernel-default-base-4.12.14-150100.197.126.1
kernel-default-base-debuginfo-4.12.14-150100.197.126.1
kernel-default-debuginfo-4.12.14-150100.197.126.1
kernel-default-debugsource-4.12.14-150100.197.126.1
kernel-default-devel-4.12.14-150100.197.126.1
kernel-default-devel-debuginfo-4.12.14-150100.197.126.1
kernel-obs-build-4.12.14-150100.197.126.1
kernel-obs-build-debugsource-4.12.14-150100.197.126.1
kernel-syms-4.12.14-150100.197.126.1
reiserfs-kmp-default-4.12.14-150100.197.126.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.126.1
References:
https://www.suse.com/security/cve/CVE-2022-20008.html
https://www.suse.com/security/cve/CVE-2022-2503.html
https://www.suse.com/security/cve/CVE-2022-32296.html
https://www.suse.com/security/cve/CVE-2022-3239.html
https://www.suse.com/security/cve/CVE-2022-3303.html
https://www.suse.com/security/cve/CVE-2022-41218.html
https://www.suse.com/security/cve/CVE-2022-41848.html
https://bugzilla.suse.com/1199564
https://bugzilla.suse.com/1200288
https://bugzilla.suse.com/1201309
https://bugzilla.suse.com/1202677
https://bugzilla.suse.com/1202960
https://bugzilla.suse.com/1203552
https://bugzilla.suse.com/1203769
https://bugzilla.suse.com/1203987
1
0
SUSE-SU-2022:3692-1: important: Security update for libxml2
by opensuse-security@opensuse.org 21 Oct '22
by opensuse-security@opensuse.org 21 Oct '22
21 Oct '22
SUSE Security Update: Security update for libxml2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3692-1
Rating: important
References: #1204366 #1204367
Cross-References: CVE-2022-40303 CVE-2022-40304
CVSS scores:
CVE-2022-40303 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-40304 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for libxml2 fixes the following issues:
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE
(bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference
cycles (bsc#1204367).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3692=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3692=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3692=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libxml2-2-2.9.14-150400.5.10.1
libxml2-2-debuginfo-2.9.14-150400.5.10.1
libxml2-debugsource-2.9.14-150400.5.10.1
libxml2-devel-2.9.14-150400.5.10.1
libxml2-tools-2.9.14-150400.5.10.1
libxml2-tools-debuginfo-2.9.14-150400.5.10.1
python3-libxml2-2.9.14-150400.5.10.1
python3-libxml2-debuginfo-2.9.14-150400.5.10.1
- openSUSE Leap 15.4 (x86_64):
libxml2-2-32bit-2.9.14-150400.5.10.1
libxml2-2-32bit-debuginfo-2.9.14-150400.5.10.1
libxml2-devel-32bit-2.9.14-150400.5.10.1
- openSUSE Leap 15.4 (noarch):
libxml2-doc-2.9.14-150400.5.10.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libxml2-2-2.9.14-150400.5.10.1
libxml2-2-debuginfo-2.9.14-150400.5.10.1
libxml2-debugsource-2.9.14-150400.5.10.1
libxml2-devel-2.9.14-150400.5.10.1
libxml2-tools-2.9.14-150400.5.10.1
libxml2-tools-debuginfo-2.9.14-150400.5.10.1
python3-libxml2-2.9.14-150400.5.10.1
python3-libxml2-debuginfo-2.9.14-150400.5.10.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libxml2-2-32bit-2.9.14-150400.5.10.1
libxml2-2-32bit-debuginfo-2.9.14-150400.5.10.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
libxml2-2-2.9.14-150400.5.10.1
libxml2-2-debuginfo-2.9.14-150400.5.10.1
libxml2-debugsource-2.9.14-150400.5.10.1
libxml2-python-debugsource-2.9.14-150400.5.10.1
libxml2-tools-2.9.14-150400.5.10.1
libxml2-tools-debuginfo-2.9.14-150400.5.10.1
python3-libxml2-2.9.14-150400.5.10.1
python3-libxml2-debuginfo-2.9.14-150400.5.10.1
References:
https://www.suse.com/security/cve/CVE-2022-40303.html
https://www.suse.com/security/cve/CVE-2022-40304.html
https://bugzilla.suse.com/1204366
https://bugzilla.suse.com/1204367
1
0
SUSE-SU-2022:3690-1: important: Security update for tiff
by opensuse-security@opensuse.org 21 Oct '22
by opensuse-security@opensuse.org 21 Oct '22
21 Oct '22
SUSE Security Update: Security update for tiff
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3690-1
Rating: important
References: #1201723 #1201971 #1202026 #1202466 #1202467
#1202468 #1202968 #1202971 #1202973
Cross-References: CVE-2022-0561 CVE-2022-2519 CVE-2022-2520
CVE-2022-2521 CVE-2022-2867 CVE-2022-2868
CVE-2022-2869 CVE-2022-34266 CVE-2022-34526
CVSS scores:
CVE-2022-0561 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0561 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2519 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2519 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-2520 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2520 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2521 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2521 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2867 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2867 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2868 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2022-2868 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2869 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2869 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-34266 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-34266 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-34526 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-34526 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for tiff fixes the following issues:
- CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968).
- CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973).
- CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971).
- CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c
(bsc#1202466).
- CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits()
(bsc#1202467).
- CVE-2022-2869: Fixed out of bounds read and write in
extractContigSamples8bits() (bsc#1202468).
- CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of
Tiffsplit (bsc#1202026).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3690=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3690=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3690=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3690=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3690=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3690=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3690=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3690=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3690=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3690=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3690=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3690=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3690=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3690=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3690=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3690=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3690=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3690=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3690=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3690=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3690=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3690=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3690=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3690=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- openSUSE Leap 15.4 (x86_64):
libtiff-devel-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- openSUSE Leap 15.3 (x86_64):
libtiff-devel-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Manager Server 4.1 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Manager Proxy 4.1 (x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server for SAP 15 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64):
tiff-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
tiff-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Enterprise Storage 7 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
- SUSE Enterprise Storage 6 (x86_64):
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
- SUSE CaaS Platform 4.0 (x86_64):
libtiff-devel-4.0.9-150000.45.16.1
libtiff5-32bit-4.0.9-150000.45.16.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.16.1
libtiff5-4.0.9-150000.45.16.1
libtiff5-debuginfo-4.0.9-150000.45.16.1
tiff-debuginfo-4.0.9-150000.45.16.1
tiff-debugsource-4.0.9-150000.45.16.1
References:
https://www.suse.com/security/cve/CVE-2022-0561.html
https://www.suse.com/security/cve/CVE-2022-2519.html
https://www.suse.com/security/cve/CVE-2022-2520.html
https://www.suse.com/security/cve/CVE-2022-2521.html
https://www.suse.com/security/cve/CVE-2022-2867.html
https://www.suse.com/security/cve/CVE-2022-2868.html
https://www.suse.com/security/cve/CVE-2022-2869.html
https://www.suse.com/security/cve/CVE-2022-34266.html
https://www.suse.com/security/cve/CVE-2022-34526.html
https://bugzilla.suse.com/1201723
https://bugzilla.suse.com/1201971
https://bugzilla.suse.com/1202026
https://bugzilla.suse.com/1202466
https://bugzilla.suse.com/1202467
https://bugzilla.suse.com/1202468
https://bugzilla.suse.com/1202968
https://bugzilla.suse.com/1202971
https://bugzilla.suse.com/1202973
1
0
SUSE-SU-2022:3682-1: important: Security update for bind
by opensuse-security@opensuse.org 21 Oct '22
by opensuse-security@opensuse.org 21 Oct '22
21 Oct '22
SUSE Security Update: Security update for bind
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3682-1
Rating: important
References: #1201247 #1203614 #1203619 #1203620
Cross-References: CVE-2022-2795 CVE-2022-38177 CVE-2022-38178
CVSS scores:
CVE-2022-2795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2795 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-38177 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38177 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38178 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for bind fixes the following issues:
- CVE-2022-2795: Fixed potential performance degredation due to missing
database lookup limits when processing large delegations (bsc#1203614).
- CVE-2022-38177: Fixed a memory leak that could be externally triggered
in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619).
- CVE-2022-38178: Fixed memory leaks that could be externally triggered in
the DNSSEC verification code for the EdDSA algorithm (bsc#1203620).
Bugfixes:
- Changed ownership of /var/lib/named/master from named:named to root:root
(bsc#1201247)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3682=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3682=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3682=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3682=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3682=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
bind-chrootenv-9.16.6-150300.22.21.2
bind-devel-9.16.6-150300.22.21.2
libbind9-1600-9.16.6-150300.22.21.2
libbind9-1600-debuginfo-9.16.6-150300.22.21.2
libdns1605-9.16.6-150300.22.21.2
libdns1605-debuginfo-9.16.6-150300.22.21.2
libirs-devel-9.16.6-150300.22.21.2
libirs1601-9.16.6-150300.22.21.2
libirs1601-debuginfo-9.16.6-150300.22.21.2
libisc1606-9.16.6-150300.22.21.2
libisc1606-debuginfo-9.16.6-150300.22.21.2
libisccc1600-9.16.6-150300.22.21.2
libisccc1600-debuginfo-9.16.6-150300.22.21.2
libisccfg1600-9.16.6-150300.22.21.2
libisccfg1600-debuginfo-9.16.6-150300.22.21.2
libns1604-9.16.6-150300.22.21.2
libns1604-debuginfo-9.16.6-150300.22.21.2
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
bind-9.16.6-150300.22.21.2
bind-chrootenv-9.16.6-150300.22.21.2
bind-debuginfo-9.16.6-150300.22.21.2
bind-debugsource-9.16.6-150300.22.21.2
bind-devel-9.16.6-150300.22.21.2
bind-utils-9.16.6-150300.22.21.2
bind-utils-debuginfo-9.16.6-150300.22.21.2
libbind9-1600-9.16.6-150300.22.21.2
libbind9-1600-debuginfo-9.16.6-150300.22.21.2
libdns1605-9.16.6-150300.22.21.2
libdns1605-debuginfo-9.16.6-150300.22.21.2
libirs-devel-9.16.6-150300.22.21.2
libirs1601-9.16.6-150300.22.21.2
libirs1601-debuginfo-9.16.6-150300.22.21.2
libisc1606-9.16.6-150300.22.21.2
libisc1606-debuginfo-9.16.6-150300.22.21.2
libisccc1600-9.16.6-150300.22.21.2
libisccc1600-debuginfo-9.16.6-150300.22.21.2
libisccfg1600-9.16.6-150300.22.21.2
libisccfg1600-debuginfo-9.16.6-150300.22.21.2
libns1604-9.16.6-150300.22.21.2
libns1604-debuginfo-9.16.6-150300.22.21.2
- openSUSE Leap 15.3 (noarch):
bind-doc-9.16.6-150300.22.21.2
python3-bind-9.16.6-150300.22.21.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
bind-9.16.6-150300.22.21.2
bind-chrootenv-9.16.6-150300.22.21.2
bind-debuginfo-9.16.6-150300.22.21.2
bind-debugsource-9.16.6-150300.22.21.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
bind-doc-9.16.6-150300.22.21.2
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
bind-debuginfo-9.16.6-150300.22.21.2
bind-debugsource-9.16.6-150300.22.21.2
libbind9-1600-9.16.6-150300.22.21.2
libbind9-1600-debuginfo-9.16.6-150300.22.21.2
libdns1605-9.16.6-150300.22.21.2
libdns1605-debuginfo-9.16.6-150300.22.21.2
libirs1601-9.16.6-150300.22.21.2
libirs1601-debuginfo-9.16.6-150300.22.21.2
libisc1606-9.16.6-150300.22.21.2
libisc1606-debuginfo-9.16.6-150300.22.21.2
libisccc1600-9.16.6-150300.22.21.2
libisccc1600-debuginfo-9.16.6-150300.22.21.2
libisccfg1600-9.16.6-150300.22.21.2
libisccfg1600-debuginfo-9.16.6-150300.22.21.2
libns1604-9.16.6-150300.22.21.2
libns1604-debuginfo-9.16.6-150300.22.21.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
bind-debuginfo-9.16.6-150300.22.21.2
bind-debugsource-9.16.6-150300.22.21.2
bind-devel-9.16.6-150300.22.21.2
bind-utils-9.16.6-150300.22.21.2
bind-utils-debuginfo-9.16.6-150300.22.21.2
libbind9-1600-9.16.6-150300.22.21.2
libbind9-1600-debuginfo-9.16.6-150300.22.21.2
libdns1605-9.16.6-150300.22.21.2
libdns1605-debuginfo-9.16.6-150300.22.21.2
libirs-devel-9.16.6-150300.22.21.2
libirs1601-9.16.6-150300.22.21.2
libirs1601-debuginfo-9.16.6-150300.22.21.2
libisc1606-9.16.6-150300.22.21.2
libisc1606-debuginfo-9.16.6-150300.22.21.2
libisccc1600-9.16.6-150300.22.21.2
libisccc1600-debuginfo-9.16.6-150300.22.21.2
libisccfg1600-9.16.6-150300.22.21.2
libisccfg1600-debuginfo-9.16.6-150300.22.21.2
libns1604-9.16.6-150300.22.21.2
libns1604-debuginfo-9.16.6-150300.22.21.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
python3-bind-9.16.6-150300.22.21.2
References:
https://www.suse.com/security/cve/CVE-2022-2795.html
https://www.suse.com/security/cve/CVE-2022-38177.html
https://www.suse.com/security/cve/CVE-2022-38178.html
https://bugzilla.suse.com/1201247
https://bugzilla.suse.com/1203614
https://bugzilla.suse.com/1203619
https://bugzilla.suse.com/1203620
1
0
SUSE-SU-2022:3683-1: critical: Security update for libksba
by opensuse-security@opensuse.org 21 Oct '22
by opensuse-security@opensuse.org 21 Oct '22
21 Oct '22
SUSE Security Update: Security update for libksba
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3683-1
Rating: critical
References: #1204357
Cross-References: CVE-2022-3515
CVSS scores:
CVE-2022-3515 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser
(bsc#1204357).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3683=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3683=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3683=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3683=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3683=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3683=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3683=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3683=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3683=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3683=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3683=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3683=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3683=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3683=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3683=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3683=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3683=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3683=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3683=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3683=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3683=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3683=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Manager Proxy 4.1 (x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
- SUSE CaaS Platform 4.0 (x86_64):
libksba-debugsource-1.3.5-150000.4.3.1
libksba-devel-1.3.5-150000.4.3.1
libksba8-1.3.5-150000.4.3.1
libksba8-debuginfo-1.3.5-150000.4.3.1
References:
https://www.suse.com/security/cve/CVE-2022-3515.html
https://bugzilla.suse.com/1204357
1
0
openSUSE-SU-2022:10160-1: moderate: Security update for v4l2loopback
by opensuse-security@opensuse.org 20 Oct '22
by opensuse-security@opensuse.org 20 Oct '22
20 Oct '22
openSUSE Security Update: Security update for v4l2loopback
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10160-1
Rating: moderate
References: #1202156
Cross-References: CVE-2022-2652
CVSS scores:
CVE-2022-2652 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CVE-2022-2652 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for v4l2loopback fixes the following issues:
- Fix string format vulnerability (boo#1202156, CVE-2022-2652)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-10160=1
Package List:
- openSUSE Leap 15.3 (aarch64 x86_64):
v4l2loopback-debugsource-0.12.5-lp153.2.5.1
v4l2loopback-kmp-default-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
v4l2loopback-kmp-default-debuginfo-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
v4l2loopback-kmp-preempt-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
v4l2loopback-kmp-preempt-debuginfo-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
- openSUSE Leap 15.3 (aarch64):
v4l2loopback-kmp-64kb-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
v4l2loopback-kmp-64kb-debuginfo-0.12.5_k5.3.18_150300.59.93-lp153.2.5.1
- openSUSE Leap 15.3 (noarch):
v4l2loopback-autoload-0.12.5-lp153.2.5.1
v4l2loopback-utils-0.12.5-lp153.2.5.1
References:
https://www.suse.com/security/cve/CVE-2022-2652.html
https://bugzilla.suse.com/1202156
1
0
openSUSE-SU-2022:10159-1: moderate: Security update for v4l2loopback
by opensuse-security@opensuse.org 20 Oct '22
by opensuse-security@opensuse.org 20 Oct '22
20 Oct '22
openSUSE Security Update: Security update for v4l2loopback
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10159-1
Rating: moderate
References: #1202156
Cross-References: CVE-2022-2652
CVSS scores:
CVE-2022-2652 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CVE-2022-2652 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for v4l2loopback fixes the following issues:
- Fix string format vulnerability (boo#1202156, CVE-2022-2652)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-2022-10159=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
v4l2loopback-debugsource-0.12.5-lp154.3.3.1
v4l2loopback-kmp-default-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1
v4l2loopback-kmp-default-debuginfo-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1
- openSUSE Leap 15.4 (aarch64):
v4l2loopback-kmp-64kb-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1
v4l2loopback-kmp-64kb-debuginfo-0.12.5_k5.14.21_150400.24.21-lp154.3.3.1
- openSUSE Leap 15.4 (noarch):
v4l2loopback-autoload-0.12.5-lp154.3.3.1
v4l2loopback-utils-0.12.5-lp154.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-2652.html
https://bugzilla.suse.com/1202156
1
0
SUSE-SU-2022:3673-1: moderate: Security update for jasper
by opensuse-security@opensuse.org 20 Oct '22
by opensuse-security@opensuse.org 20 Oct '22
20 Oct '22
SUSE Security Update: Security update for jasper
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3673-1
Rating: moderate
References: #1202642
Cross-References: CVE-2022-2963
CVSS scores:
CVE-2022-2963 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2963 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for jasper fixes the following issues:
- CVE-2022-2963: Fixed memory leaks in function cmdopts_parse
(bsc#1202642).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3673=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3673=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3673=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3673=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3673=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3673=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
jasper-2.0.14-150000.3.28.1
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper-devel-2.0.14-150000.3.28.1
libjasper4-2.0.14-150000.3.28.1
libjasper4-debuginfo-2.0.14-150000.3.28.1
- openSUSE Leap 15.4 (x86_64):
libjasper4-32bit-2.0.14-150000.3.28.1
libjasper4-32bit-debuginfo-2.0.14-150000.3.28.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
jasper-2.0.14-150000.3.28.1
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper-devel-2.0.14-150000.3.28.1
libjasper4-2.0.14-150000.3.28.1
libjasper4-debuginfo-2.0.14-150000.3.28.1
- openSUSE Leap 15.3 (x86_64):
libjasper4-32bit-2.0.14-150000.3.28.1
libjasper4-32bit-debuginfo-2.0.14-150000.3.28.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper-devel-2.0.14-150000.3.28.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper-devel-2.0.14-150000.3.28.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper4-2.0.14-150000.3.28.1
libjasper4-debuginfo-2.0.14-150000.3.28.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
jasper-debuginfo-2.0.14-150000.3.28.1
jasper-debugsource-2.0.14-150000.3.28.1
libjasper4-2.0.14-150000.3.28.1
libjasper4-debuginfo-2.0.14-150000.3.28.1
References:
https://www.suse.com/security/cve/CVE-2022-2963.html
https://bugzilla.suse.com/1202642
1
0