October 2022 - openSUSE Security Announce

SUSE-SU-2022:3667-1: moderate: Security update for clone-master-clean-up
by opensuse-security＠opensuse.org 20 Oct '22

20 Oct '22

SUSE Security Update: Security update for clone-master-clean-up ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3667-1 Rating: moderate References: #1181050 #1203651 Cross-References: CVE-2021-32000 CVSS scores: CVE-2021-32000 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2021-32000 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for clone-master-clean-up fixes the following issues: - CVE-2021-32000: Fixed some potentially dangerous file system operations (bsc#1181050). Bugfixes: - Fixed clone-master-clean-up failing to remove btrfs snapshots (bsc#1203651). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3667=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3667=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3667=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3667=1 Package List: - openSUSE Leap 15.4 (noarch): clone-master-clean-up-1.8-150100.3.14.1 - openSUSE Leap 15.3 (noarch): clone-master-clean-up-1.8-150100.3.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): clone-master-clean-up-1.8-150100.3.14.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): clone-master-clean-up-1.8-150100.3.14.1 References: https://www.suse.com/security/cve/CVE-2021-32000.html https://bugzilla.suse.com/1181050 https://bugzilla.suse.com/1203651

1 0

SUSE-SU-2022:3668-1: important: Security update for go1.18
by opensuse-security＠opensuse.org 20 Oct '22

20 Oct '22

SUSE Security Update: Security update for go1.18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3668-1 Rating: important References: #1193742 #1204023 #1204024 #1204025 Cross-References: CVE-2022-2879 CVE-2022-2880 CVE-2022-41715 CVSS scores: CVE-2022-2879 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2879 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2880 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41715 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41715 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for go1.18 fixes the following issues: Updated to version 1.18.7 (bsc#1193742): - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3668=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3668=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3668=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3668=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.7-150000.1.34.1 go1.18-doc-1.18.7-150000.1.34.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.18-race-1.18.7-150000.1.34.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.7-150000.1.34.1 go1.18-doc-1.18.7-150000.1.34.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.18-race-1.18.7-150000.1.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.7-150000.1.34.1 go1.18-doc-1.18.7-150000.1.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.18-race-1.18.7-150000.1.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.7-150000.1.34.1 go1.18-doc-1.18.7-150000.1.34.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.18-race-1.18.7-150000.1.34.1 References: https://www.suse.com/security/cve/CVE-2022-2879.html https://www.suse.com/security/cve/CVE-2022-2880.html https://www.suse.com/security/cve/CVE-2022-41715.html https://bugzilla.suse.com/1193742 https://bugzilla.suse.com/1204023 https://bugzilla.suse.com/1204024 https://bugzilla.suse.com/1204025

1 0

SUSE-SU-2022:3669-1: important: Security update for go1.19
by opensuse-security＠opensuse.org 20 Oct '22

20 Oct '22

SUSE Security Update: Security update for go1.19 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3669-1 Rating: important References: #1200441 #1204023 #1204024 #1204025 Cross-References: CVE-2022-2879 CVE-2022-2880 CVE-2022-41715 CVSS scores: CVE-2022-2879 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2879 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2880 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41715 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41715 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for go1.19 fixes the following issues: Updated to version 1.19.2 (bsc#1200441): - CVE-2022-41715: Fixed memory exhaustion in regexp/syntax (bsc#1204023). - CVE-2022-2879: Fixed unbounded memory consumption when reading headers in archive/tar (bsc#1204024). - CVE-2022-2880: Fixed ReverseProxy forwarding unparseable query parameters (bsc#1204025). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3669=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3669=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3669=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3669=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.19-1.19.2-150000.1.12.1 go1.19-doc-1.19.2-150000.1.12.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.19-race-1.19.2-150000.1.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.19-1.19.2-150000.1.12.1 go1.19-doc-1.19.2-150000.1.12.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.19-race-1.19.2-150000.1.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.19-1.19.2-150000.1.12.1 go1.19-doc-1.19.2-150000.1.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.19-race-1.19.2-150000.1.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.19-1.19.2-150000.1.12.1 go1.19-doc-1.19.2-150000.1.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.19-race-1.19.2-150000.1.12.1 References: https://www.suse.com/security/cve/CVE-2022-2879.html https://www.suse.com/security/cve/CVE-2022-2880.html https://www.suse.com/security/cve/CVE-2022-41715.html https://bugzilla.suse.com/1200441 https://bugzilla.suse.com/1204023 https://bugzilla.suse.com/1204024 https://bugzilla.suse.com/1204025

1 0

SUSE-SU-2022:3666-1: important: Security update for helm
by opensuse-security＠opensuse.org 19 Oct '22

19 Oct '22

SUSE Security Update: Security update for helm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3666-1 Rating: important References: #1200528 #1203054 Cross-References: CVE-2022-1996 CVE-2022-36055 CVSS scores: CVE-2022-1996 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-1996 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-36055 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-36055 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for helm fixes the following issues: helm was updated to version 3.9.4: * CVE-2022-36055: Fixed denial of service through string value parsing (bsc#1203054). * Updating the certificates used for testing * Updating index handling helm was updated to version 3.9.3: - CVE-2022-1996: Updated kube-openapi to fix an issue that could result in a CORS protection bypass (bsc#1200528). * Fix missing array length check on release helm was updated to version 3.9.2: * Update of the circleci image helm was updated to version 3.9.1: * Update to support Kubernetes 1.24.2 * Improve logging and safety of statefulSetReady * Make token caching an opt-in feature * Bump github.com/lib/pq from 1.10.5 to 1.10.6 * Bump github.com/Masterminds/squirrel from 1.5.2 to 1.5.3 helm was updated to version 3.9.0: * Added a --quiet flag to helm lint * Added a --post-renderer-args flag to support arguments being passed to the post renderer * Added more checks during the signing process * Updated to add Kubernetes 1.24 support helm was updated to version 3.8.2: * Bump oras.land/oras-go from 1.1.0 to 1.1.1 * Fixing downloader plugin error handling * Simplify testdata charts * Simplify testdata charts * Add tests for multi-level dependencies. * Fix value precedence * Bumping Kubernetes package versions * Updating vcs to latest version * Dont modify provided transport * Pass http getter as pointer in tests * Add docs block * Add transport option and tests * Reuse http transport * Updating Kubernetes libs to 0.23.4 (latest) * fix: remove deadcode * fix: helm package tests * fix: helm package with dependency update for charts with OCI dependencies * Fix typo Unset the env var before func return in Unit Test * add legal name check * maint: fix syntax error in deploy.sh * linting issue fixed * only apply overwrite if version is canary * overwrite flag added to az storage blob upload-batch * Avoid querying for OCI tags can explicit version provided in chart dependencies * Management of bearer tokens for tag listing * Updating Kubernetes packages to 1.23.3 * refactor: use `os.ReadDir` for lightweight directory reading * Add IngressClass to manifests to be (un)installed * feat(comp): Shell completion for OCI * Fix install memory/goroutine leak Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3666=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3666=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3666=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3666=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3666=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3666=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): helm-3.9.4-150000.1.10.3 helm-debuginfo-3.9.4-150000.1.10.3 - openSUSE Leap 15.4 (noarch): helm-bash-completion-3.9.4-150000.1.10.3 helm-fish-completion-3.9.4-150000.1.10.3 helm-zsh-completion-3.9.4-150000.1.10.3 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): helm-3.9.4-150000.1.10.3 helm-debuginfo-3.9.4-150000.1.10.3 - openSUSE Leap 15.3 (noarch): helm-bash-completion-3.9.4-150000.1.10.3 helm-zsh-completion-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): helm-fish-completion-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): helm-fish-completion-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): helm-3.9.4-150000.1.10.3 helm-debuginfo-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Containers 15-SP4 (noarch): helm-bash-completion-3.9.4-150000.1.10.3 helm-zsh-completion-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): helm-3.9.4-150000.1.10.3 helm-debuginfo-3.9.4-150000.1.10.3 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): helm-bash-completion-3.9.4-150000.1.10.3 helm-zsh-completion-3.9.4-150000.1.10.3 References: https://www.suse.com/security/cve/CVE-2022-1996.html https://www.suse.com/security/cve/CVE-2022-36055.html https://bugzilla.suse.com/1200528 https://bugzilla.suse.com/1203054

1 0

SUSE-SU-2022:3665-1: important: Security update for xen
by opensuse-security＠opensuse.org 19 Oct '22

19 Oct '22

SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3665-1 Rating: important References: #1027519 #1167608 #1185104 #1197081 #1200762 #1201394 #1201631 #1203806 #1203807 Cross-References: CVE-2021-28689 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33745 CVE-2022-33746 CVE-2022-33748 CVSS scores: CVE-2021-28689 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-28689 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33745 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-33746 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33746 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-33748 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762). - CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762). - CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394). - CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104). Bugfixes: - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). - Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081). - Included upstream bugfixes (bsc#1027519). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3665=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3665=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3665=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3665=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3665=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3665=1 Package List: - openSUSE Leap Micro 5.2 (x86_64): xen-debugsource-4.14.5_06-150300.3.35.1 xen-libs-4.14.5_06-150300.3.35.1 xen-libs-debuginfo-4.14.5_06-150300.3.35.1 - openSUSE Leap 15.3 (aarch64 x86_64): xen-4.14.5_06-150300.3.35.1 xen-debugsource-4.14.5_06-150300.3.35.1 xen-devel-4.14.5_06-150300.3.35.1 xen-doc-html-4.14.5_06-150300.3.35.1 xen-libs-4.14.5_06-150300.3.35.1 xen-libs-debuginfo-4.14.5_06-150300.3.35.1 xen-tools-4.14.5_06-150300.3.35.1 xen-tools-debuginfo-4.14.5_06-150300.3.35.1 xen-tools-domU-4.14.5_06-150300.3.35.1 xen-tools-domU-debuginfo-4.14.5_06-150300.3.35.1 - openSUSE Leap 15.3 (x86_64): xen-libs-32bit-4.14.5_06-150300.3.35.1 xen-libs-32bit-debuginfo-4.14.5_06-150300.3.35.1 - openSUSE Leap 15.3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_06-150300.3.35.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.5_06-150300.3.35.1 xen-debugsource-4.14.5_06-150300.3.35.1 xen-devel-4.14.5_06-150300.3.35.1 xen-tools-4.14.5_06-150300.3.35.1 xen-tools-debuginfo-4.14.5_06-150300.3.35.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_06-150300.3.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.5_06-150300.3.35.1 xen-libs-4.14.5_06-150300.3.35.1 xen-libs-debuginfo-4.14.5_06-150300.3.35.1 xen-tools-domU-4.14.5_06-150300.3.35.1 xen-tools-domU-debuginfo-4.14.5_06-150300.3.35.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): xen-debugsource-4.14.5_06-150300.3.35.1 xen-libs-4.14.5_06-150300.3.35.1 xen-libs-debuginfo-4.14.5_06-150300.3.35.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.5_06-150300.3.35.1 xen-libs-4.14.5_06-150300.3.35.1 xen-libs-debuginfo-4.14.5_06-150300.3.35.1 References: https://www.suse.com/security/cve/CVE-2021-28689.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33745.html https://www.suse.com/security/cve/CVE-2022-33746.html https://www.suse.com/security/cve/CVE-2022-33748.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1167608 https://bugzilla.suse.com/1185104 https://bugzilla.suse.com/1197081 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201631 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1203807

1 0

SUSE-SU-2022:3656-1: important: Security update for nodejs16
by opensuse-security＠opensuse.org 19 Oct '22

19 Oct '22

SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3656-1 Rating: important References: #1201325 #1201327 #1203831 #1203832 Cross-References: CVE-2022-32213 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32215 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-35255 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding (bsc#1201327). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). - CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3656=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-3656=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack16-16.17.1-150400.3.9.1 nodejs16-16.17.1-150400.3.9.1 nodejs16-debuginfo-16.17.1-150400.3.9.1 nodejs16-debugsource-16.17.1-150400.3.9.1 nodejs16-devel-16.17.1-150400.3.9.1 npm16-16.17.1-150400.3.9.1 - openSUSE Leap 15.4 (noarch): nodejs16-docs-16.17.1-150400.3.9.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): nodejs16-16.17.1-150400.3.9.1 nodejs16-debuginfo-16.17.1-150400.3.9.1 nodejs16-debugsource-16.17.1-150400.3.9.1 nodejs16-devel-16.17.1-150400.3.9.1 npm16-16.17.1-150400.3.9.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): nodejs16-docs-16.17.1-150400.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32215.html https://www.suse.com/security/cve/CVE-2022-35255.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1203831 https://bugzilla.suse.com/1203832

1 0

SUSE-SU-2022:3655-1: important: Security update for buildah
by opensuse-security＠opensuse.org 19 Oct '22

19 Oct '22

SUSE Security Update: Security update for buildah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3655-1 Rating: important References: #1167864 #1181961 #1202812 Cross-References: CVE-2020-10696 CVE-2021-20206 CVE-2022-2990 CVSS scores: CVE-2020-10696 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-10696 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2990 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-2990 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for buildah fixes the following issues: Buildah was updated to version 1.27.1: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961). - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864). - CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3655=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3655=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): buildah-1.27.1-150400.3.8.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): buildah-1.27.1-150400.3.8.1 References: https://www.suse.com/security/cve/CVE-2020-10696.html https://www.suse.com/security/cve/CVE-2021-20206.html https://www.suse.com/security/cve/CVE-2022-2990.html https://bugzilla.suse.com/1167864 https://bugzilla.suse.com/1181961 https://bugzilla.suse.com/1202812

1 0

SUSE-SU-2022:3660-1: moderate: Security update for qemu
by opensuse-security＠opensuse.org 19 Oct '22

19 Oct '22

SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3660-1 Rating: moderate References: #1192115 #1198038 #1201367 Cross-References: CVE-2022-0216 CVE-2022-35414 CVSS scores: CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3660=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3660=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3660=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3660=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3660=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3660=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): qemu-5.2.0-150300.118.3 qemu-audio-spice-5.2.0-150300.118.3 qemu-audio-spice-debuginfo-5.2.0-150300.118.3 qemu-chardev-spice-5.2.0-150300.118.3 qemu-chardev-spice-debuginfo-5.2.0-150300.118.3 qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-guest-agent-5.2.0-150300.118.3 qemu-guest-agent-debuginfo-5.2.0-150300.118.3 qemu-hw-display-qxl-5.2.0-150300.118.3 qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3 qemu-hw-usb-redirect-5.2.0-150300.118.3 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3 qemu-tools-5.2.0-150300.118.3 qemu-tools-debuginfo-5.2.0-150300.118.3 qemu-ui-opengl-5.2.0-150300.118.3 qemu-ui-opengl-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-core-5.2.0-150300.118.3 qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3 - openSUSE Leap Micro 5.2 (aarch64): qemu-arm-5.2.0-150300.118.3 qemu-arm-debuginfo-5.2.0-150300.118.3 - openSUSE Leap Micro 5.2 (noarch): qemu-ipxe-1.0.0+-150300.118.3 qemu-seabios-1.14.0_0_g155821a-150300.118.3 qemu-sgabios-8-150300.118.3 qemu-vgabios-1.14.0_0_g155821a-150300.118.3 - openSUSE Leap Micro 5.2 (x86_64): qemu-x86-5.2.0-150300.118.3 qemu-x86-debuginfo-5.2.0-150300.118.3 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): qemu-5.2.0-150300.118.3 qemu-arm-5.2.0-150300.118.3 qemu-arm-debuginfo-5.2.0-150300.118.3 qemu-audio-alsa-5.2.0-150300.118.3 qemu-audio-alsa-debuginfo-5.2.0-150300.118.3 qemu-audio-pa-5.2.0-150300.118.3 qemu-audio-pa-debuginfo-5.2.0-150300.118.3 qemu-audio-spice-5.2.0-150300.118.3 qemu-audio-spice-debuginfo-5.2.0-150300.118.3 qemu-block-curl-5.2.0-150300.118.3 qemu-block-curl-debuginfo-5.2.0-150300.118.3 qemu-block-dmg-5.2.0-150300.118.3 qemu-block-dmg-debuginfo-5.2.0-150300.118.3 qemu-block-gluster-5.2.0-150300.118.3 qemu-block-gluster-debuginfo-5.2.0-150300.118.3 qemu-block-iscsi-5.2.0-150300.118.3 qemu-block-iscsi-debuginfo-5.2.0-150300.118.3 qemu-block-nfs-5.2.0-150300.118.3 qemu-block-nfs-debuginfo-5.2.0-150300.118.3 qemu-block-rbd-5.2.0-150300.118.3 qemu-block-rbd-debuginfo-5.2.0-150300.118.3 qemu-block-ssh-5.2.0-150300.118.3 qemu-block-ssh-debuginfo-5.2.0-150300.118.3 qemu-chardev-baum-5.2.0-150300.118.3 qemu-chardev-baum-debuginfo-5.2.0-150300.118.3 qemu-chardev-spice-5.2.0-150300.118.3 qemu-chardev-spice-debuginfo-5.2.0-150300.118.3 qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-extra-5.2.0-150300.118.3 qemu-extra-debuginfo-5.2.0-150300.118.3 qemu-guest-agent-5.2.0-150300.118.3 qemu-guest-agent-debuginfo-5.2.0-150300.118.3 qemu-hw-display-qxl-5.2.0-150300.118.3 qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-pci-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3 qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.118.3 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.118.3 qemu-hw-usb-redirect-5.2.0-150300.118.3 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3 qemu-hw-usb-smartcard-5.2.0-150300.118.3 qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.118.3 qemu-ivshmem-tools-5.2.0-150300.118.3 qemu-ivshmem-tools-debuginfo-5.2.0-150300.118.3 qemu-ksm-5.2.0-150300.118.3 qemu-lang-5.2.0-150300.118.3 qemu-linux-user-5.2.0-150300.118.2 qemu-linux-user-debuginfo-5.2.0-150300.118.2 qemu-linux-user-debugsource-5.2.0-150300.118.2 qemu-ppc-5.2.0-150300.118.3 qemu-ppc-debuginfo-5.2.0-150300.118.3 qemu-s390x-5.2.0-150300.118.3 qemu-s390x-debuginfo-5.2.0-150300.118.3 qemu-testsuite-5.2.0-150300.118.5 qemu-tools-5.2.0-150300.118.3 qemu-tools-debuginfo-5.2.0-150300.118.3 qemu-ui-curses-5.2.0-150300.118.3 qemu-ui-curses-debuginfo-5.2.0-150300.118.3 qemu-ui-gtk-5.2.0-150300.118.3 qemu-ui-gtk-debuginfo-5.2.0-150300.118.3 qemu-ui-opengl-5.2.0-150300.118.3 qemu-ui-opengl-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-app-5.2.0-150300.118.3 qemu-ui-spice-app-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-core-5.2.0-150300.118.3 qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3 qemu-vhost-user-gpu-5.2.0-150300.118.3 qemu-vhost-user-gpu-debuginfo-5.2.0-150300.118.3 qemu-x86-5.2.0-150300.118.3 qemu-x86-debuginfo-5.2.0-150300.118.3 - openSUSE Leap 15.3 (s390x x86_64): qemu-kvm-5.2.0-150300.118.3 - openSUSE Leap 15.3 (noarch): qemu-SLOF-5.2.0-150300.118.3 qemu-ipxe-1.0.0+-150300.118.3 qemu-microvm-5.2.0-150300.118.3 qemu-seabios-1.14.0_0_g155821a-150300.118.3 qemu-sgabios-8-150300.118.3 qemu-skiboot-5.2.0-150300.118.3 qemu-vgabios-1.14.0_0_g155821a-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): qemu-5.2.0-150300.118.3 qemu-block-curl-5.2.0-150300.118.3 qemu-block-curl-debuginfo-5.2.0-150300.118.3 qemu-block-iscsi-5.2.0-150300.118.3 qemu-block-iscsi-debuginfo-5.2.0-150300.118.3 qemu-block-rbd-5.2.0-150300.118.3 qemu-block-rbd-debuginfo-5.2.0-150300.118.3 qemu-block-ssh-5.2.0-150300.118.3 qemu-block-ssh-debuginfo-5.2.0-150300.118.3 qemu-chardev-baum-5.2.0-150300.118.3 qemu-chardev-baum-debuginfo-5.2.0-150300.118.3 qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-guest-agent-5.2.0-150300.118.3 qemu-guest-agent-debuginfo-5.2.0-150300.118.3 qemu-ksm-5.2.0-150300.118.3 qemu-lang-5.2.0-150300.118.3 qemu-ui-curses-5.2.0-150300.118.3 qemu-ui-curses-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le x86_64): qemu-audio-spice-5.2.0-150300.118.3 qemu-audio-spice-debuginfo-5.2.0-150300.118.3 qemu-chardev-spice-5.2.0-150300.118.3 qemu-chardev-spice-debuginfo-5.2.0-150300.118.3 qemu-hw-display-qxl-5.2.0-150300.118.3 qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3 qemu-hw-usb-redirect-5.2.0-150300.118.3 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3 qemu-ui-gtk-5.2.0-150300.118.3 qemu-ui-gtk-debuginfo-5.2.0-150300.118.3 qemu-ui-opengl-5.2.0-150300.118.3 qemu-ui-opengl-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-app-5.2.0-150300.118.3 qemu-ui-spice-app-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-core-5.2.0-150300.118.3 qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x x86_64): qemu-hw-display-virtio-gpu-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-pci-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.118.3 qemu-kvm-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64): qemu-arm-5.2.0-150300.118.3 qemu-arm-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le): qemu-ppc-5.2.0-150300.118.3 qemu-ppc-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): qemu-SLOF-5.2.0-150300.118.3 qemu-ipxe-1.0.0+-150300.118.3 qemu-seabios-1.14.0_0_g155821a-150300.118.3 qemu-sgabios-8-150300.118.3 qemu-skiboot-5.2.0-150300.118.3 qemu-vgabios-1.14.0_0_g155821a-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): qemu-audio-alsa-5.2.0-150300.118.3 qemu-audio-alsa-debuginfo-5.2.0-150300.118.3 qemu-audio-pa-5.2.0-150300.118.3 qemu-audio-pa-debuginfo-5.2.0-150300.118.3 qemu-x86-5.2.0-150300.118.3 qemu-x86-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x): qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.118.3 qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.118.3 qemu-s390x-5.2.0-150300.118.3 qemu-s390x-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-tools-5.2.0-150300.118.3 qemu-tools-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): qemu-5.2.0-150300.118.3 qemu-audio-spice-5.2.0-150300.118.3 qemu-audio-spice-debuginfo-5.2.0-150300.118.3 qemu-chardev-spice-5.2.0-150300.118.3 qemu-chardev-spice-debuginfo-5.2.0-150300.118.3 qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-guest-agent-5.2.0-150300.118.3 qemu-guest-agent-debuginfo-5.2.0-150300.118.3 qemu-hw-display-qxl-5.2.0-150300.118.3 qemu-hw-display-qxl-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-5.2.0-150300.118.3 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-5.2.0-150300.118.3 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.118.3 qemu-hw-usb-redirect-5.2.0-150300.118.3 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.118.3 qemu-tools-5.2.0-150300.118.3 qemu-tools-debuginfo-5.2.0-150300.118.3 qemu-ui-opengl-5.2.0-150300.118.3 qemu-ui-opengl-debuginfo-5.2.0-150300.118.3 qemu-ui-spice-core-5.2.0-150300.118.3 qemu-ui-spice-core-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.2 (aarch64): qemu-arm-5.2.0-150300.118.3 qemu-arm-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.2 (noarch): qemu-ipxe-1.0.0+-150300.118.3 qemu-seabios-1.14.0_0_g155821a-150300.118.3 qemu-sgabios-8-150300.118.3 qemu-vgabios-1.14.0_0_g155821a-150300.118.3 - SUSE Linux Enterprise Micro 5.2 (x86_64): qemu-x86-5.2.0-150300.118.3 qemu-x86-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.2 (s390x): qemu-s390x-5.2.0-150300.118.3 qemu-s390x-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): qemu-5.2.0-150300.118.3 qemu-debuginfo-5.2.0-150300.118.3 qemu-debugsource-5.2.0-150300.118.3 qemu-tools-5.2.0-150300.118.3 qemu-tools-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.1 (aarch64): qemu-arm-5.2.0-150300.118.3 qemu-arm-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.1 (x86_64): qemu-x86-5.2.0-150300.118.3 qemu-x86-debuginfo-5.2.0-150300.118.3 - SUSE Linux Enterprise Micro 5.1 (noarch): qemu-ipxe-1.0.0+-150300.118.3 qemu-seabios-1.14.0_0_g155821a-150300.118.3 qemu-sgabios-8-150300.118.3 qemu-vgabios-1.14.0_0_g155821a-150300.118.3 - SUSE Linux Enterprise Micro 5.1 (s390x): qemu-s390x-5.2.0-150300.118.3 qemu-s390x-debuginfo-5.2.0-150300.118.3 References: https://www.suse.com/security/cve/CVE-2022-0216.html https://www.suse.com/security/cve/CVE-2022-35414.html https://bugzilla.suse.com/1192115 https://bugzilla.suse.com/1198038 https://bugzilla.suse.com/1201367

1 0

SUSE-SU-2022:3661-1: important: Security update for php8
by opensuse-security＠opensuse.org 19 Oct '22

19 Oct '22

SUSE Security Update: Security update for php8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3661-1 Rating: important References: #1192050 #1200772 #1203867 #1203870 SLE-23639 SLE-24723 Cross-References: CVE-2021-21703 CVE-2022-31628 CVE-2022-31629 CVSS scores: CVE-2021-21703 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-21703 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-31628 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-31629 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities, contains two features and has one errata is now available. Description: This update for php8 fixes the following issues: - php8 was updated to version 8.0.24 - php8 was updated to version 8.0.23 (jsc#SLE-23639). - CVE-2021-21703: Fixed a local privilege escalation via PHP-FPM. (bsc#1192050) - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing "quines" gzip files. (bsc#1203867) - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870) - Fixed missing devel package requires pear and pecl extensions (jsc#SLE-24723, bsc#1200772). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3661=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-3661=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.24-150400.4.14.1 apache2-mod_php8-debuginfo-8.0.24-150400.4.14.1 apache2-mod_php8-debugsource-8.0.24-150400.4.14.1 php8-8.0.24-150400.4.14.1 php8-bcmath-8.0.24-150400.4.14.1 php8-bcmath-debuginfo-8.0.24-150400.4.14.1 php8-bz2-8.0.24-150400.4.14.1 php8-bz2-debuginfo-8.0.24-150400.4.14.1 php8-calendar-8.0.24-150400.4.14.1 php8-calendar-debuginfo-8.0.24-150400.4.14.1 php8-cli-8.0.24-150400.4.14.1 php8-cli-debuginfo-8.0.24-150400.4.14.1 php8-ctype-8.0.24-150400.4.14.1 php8-ctype-debuginfo-8.0.24-150400.4.14.1 php8-curl-8.0.24-150400.4.14.1 php8-curl-debuginfo-8.0.24-150400.4.14.1 php8-dba-8.0.24-150400.4.14.1 php8-dba-debuginfo-8.0.24-150400.4.14.1 php8-debuginfo-8.0.24-150400.4.14.1 php8-debugsource-8.0.24-150400.4.14.1 php8-devel-8.0.24-150400.4.14.1 php8-dom-8.0.24-150400.4.14.1 php8-dom-debuginfo-8.0.24-150400.4.14.1 php8-embed-8.0.24-150400.4.14.1 php8-embed-debuginfo-8.0.24-150400.4.14.1 php8-embed-debugsource-8.0.24-150400.4.14.1 php8-enchant-8.0.24-150400.4.14.1 php8-enchant-debuginfo-8.0.24-150400.4.14.1 php8-exif-8.0.24-150400.4.14.1 php8-exif-debuginfo-8.0.24-150400.4.14.1 php8-fastcgi-8.0.24-150400.4.14.1 php8-fastcgi-debuginfo-8.0.24-150400.4.14.1 php8-fastcgi-debugsource-8.0.24-150400.4.14.1 php8-fileinfo-8.0.24-150400.4.14.1 php8-fileinfo-debuginfo-8.0.24-150400.4.14.1 php8-fpm-8.0.24-150400.4.14.1 php8-fpm-debuginfo-8.0.24-150400.4.14.1 php8-fpm-debugsource-8.0.24-150400.4.14.1 php8-ftp-8.0.24-150400.4.14.1 php8-ftp-debuginfo-8.0.24-150400.4.14.1 php8-gd-8.0.24-150400.4.14.1 php8-gd-debuginfo-8.0.24-150400.4.14.1 php8-gettext-8.0.24-150400.4.14.1 php8-gettext-debuginfo-8.0.24-150400.4.14.1 php8-gmp-8.0.24-150400.4.14.1 php8-gmp-debuginfo-8.0.24-150400.4.14.1 php8-iconv-8.0.24-150400.4.14.1 php8-iconv-debuginfo-8.0.24-150400.4.14.1 php8-intl-8.0.24-150400.4.14.1 php8-intl-debuginfo-8.0.24-150400.4.14.1 php8-ldap-8.0.24-150400.4.14.1 php8-ldap-debuginfo-8.0.24-150400.4.14.1 php8-mbstring-8.0.24-150400.4.14.1 php8-mbstring-debuginfo-8.0.24-150400.4.14.1 php8-mysql-8.0.24-150400.4.14.1 php8-mysql-debuginfo-8.0.24-150400.4.14.1 php8-odbc-8.0.24-150400.4.14.1 php8-odbc-debuginfo-8.0.24-150400.4.14.1 php8-opcache-8.0.24-150400.4.14.1 php8-opcache-debuginfo-8.0.24-150400.4.14.1 php8-openssl-8.0.24-150400.4.14.1 php8-openssl-debuginfo-8.0.24-150400.4.14.1 php8-pcntl-8.0.24-150400.4.14.1 php8-pcntl-debuginfo-8.0.24-150400.4.14.1 php8-pdo-8.0.24-150400.4.14.1 php8-pdo-debuginfo-8.0.24-150400.4.14.1 php8-pgsql-8.0.24-150400.4.14.1 php8-pgsql-debuginfo-8.0.24-150400.4.14.1 php8-phar-8.0.24-150400.4.14.1 php8-phar-debuginfo-8.0.24-150400.4.14.1 php8-posix-8.0.24-150400.4.14.1 php8-posix-debuginfo-8.0.24-150400.4.14.1 php8-readline-8.0.24-150400.4.14.1 php8-readline-debuginfo-8.0.24-150400.4.14.1 php8-shmop-8.0.24-150400.4.14.1 php8-shmop-debuginfo-8.0.24-150400.4.14.1 php8-snmp-8.0.24-150400.4.14.1 php8-snmp-debuginfo-8.0.24-150400.4.14.1 php8-soap-8.0.24-150400.4.14.1 php8-soap-debuginfo-8.0.24-150400.4.14.1 php8-sockets-8.0.24-150400.4.14.1 php8-sockets-debuginfo-8.0.24-150400.4.14.1 php8-sodium-8.0.24-150400.4.14.1 php8-sodium-debuginfo-8.0.24-150400.4.14.1 php8-sqlite-8.0.24-150400.4.14.1 php8-sqlite-debuginfo-8.0.24-150400.4.14.1 php8-sysvmsg-8.0.24-150400.4.14.1 php8-sysvmsg-debuginfo-8.0.24-150400.4.14.1 php8-sysvsem-8.0.24-150400.4.14.1 php8-sysvsem-debuginfo-8.0.24-150400.4.14.1 php8-sysvshm-8.0.24-150400.4.14.1 php8-sysvshm-debuginfo-8.0.24-150400.4.14.1 php8-test-8.0.24-150400.4.14.1 php8-tidy-8.0.24-150400.4.14.1 php8-tidy-debuginfo-8.0.24-150400.4.14.1 php8-tokenizer-8.0.24-150400.4.14.1 php8-tokenizer-debuginfo-8.0.24-150400.4.14.1 php8-xmlreader-8.0.24-150400.4.14.1 php8-xmlreader-debuginfo-8.0.24-150400.4.14.1 php8-xmlwriter-8.0.24-150400.4.14.1 php8-xmlwriter-debuginfo-8.0.24-150400.4.14.1 php8-xsl-8.0.24-150400.4.14.1 php8-xsl-debuginfo-8.0.24-150400.4.14.1 php8-zip-8.0.24-150400.4.14.1 php8-zip-debuginfo-8.0.24-150400.4.14.1 php8-zlib-8.0.24-150400.4.14.1 php8-zlib-debuginfo-8.0.24-150400.4.14.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.24-150400.4.14.1 apache2-mod_php8-debuginfo-8.0.24-150400.4.14.1 apache2-mod_php8-debugsource-8.0.24-150400.4.14.1 php8-8.0.24-150400.4.14.1 php8-bcmath-8.0.24-150400.4.14.1 php8-bcmath-debuginfo-8.0.24-150400.4.14.1 php8-bz2-8.0.24-150400.4.14.1 php8-bz2-debuginfo-8.0.24-150400.4.14.1 php8-calendar-8.0.24-150400.4.14.1 php8-calendar-debuginfo-8.0.24-150400.4.14.1 php8-cli-8.0.24-150400.4.14.1 php8-cli-debuginfo-8.0.24-150400.4.14.1 php8-ctype-8.0.24-150400.4.14.1 php8-ctype-debuginfo-8.0.24-150400.4.14.1 php8-curl-8.0.24-150400.4.14.1 php8-curl-debuginfo-8.0.24-150400.4.14.1 php8-dba-8.0.24-150400.4.14.1 php8-dba-debuginfo-8.0.24-150400.4.14.1 php8-debuginfo-8.0.24-150400.4.14.1 php8-debugsource-8.0.24-150400.4.14.1 php8-devel-8.0.24-150400.4.14.1 php8-dom-8.0.24-150400.4.14.1 php8-dom-debuginfo-8.0.24-150400.4.14.1 php8-embed-8.0.24-150400.4.14.1 php8-embed-debuginfo-8.0.24-150400.4.14.1 php8-embed-debugsource-8.0.24-150400.4.14.1 php8-enchant-8.0.24-150400.4.14.1 php8-enchant-debuginfo-8.0.24-150400.4.14.1 php8-exif-8.0.24-150400.4.14.1 php8-exif-debuginfo-8.0.24-150400.4.14.1 php8-fastcgi-8.0.24-150400.4.14.1 php8-fastcgi-debuginfo-8.0.24-150400.4.14.1 php8-fastcgi-debugsource-8.0.24-150400.4.14.1 php8-fileinfo-8.0.24-150400.4.14.1 php8-fileinfo-debuginfo-8.0.24-150400.4.14.1 php8-fpm-8.0.24-150400.4.14.1 php8-fpm-debuginfo-8.0.24-150400.4.14.1 php8-fpm-debugsource-8.0.24-150400.4.14.1 php8-ftp-8.0.24-150400.4.14.1 php8-ftp-debuginfo-8.0.24-150400.4.14.1 php8-gd-8.0.24-150400.4.14.1 php8-gd-debuginfo-8.0.24-150400.4.14.1 php8-gettext-8.0.24-150400.4.14.1 php8-gettext-debuginfo-8.0.24-150400.4.14.1 php8-gmp-8.0.24-150400.4.14.1 php8-gmp-debuginfo-8.0.24-150400.4.14.1 php8-iconv-8.0.24-150400.4.14.1 php8-iconv-debuginfo-8.0.24-150400.4.14.1 php8-intl-8.0.24-150400.4.14.1 php8-intl-debuginfo-8.0.24-150400.4.14.1 php8-ldap-8.0.24-150400.4.14.1 php8-ldap-debuginfo-8.0.24-150400.4.14.1 php8-mbstring-8.0.24-150400.4.14.1 php8-mbstring-debuginfo-8.0.24-150400.4.14.1 php8-mysql-8.0.24-150400.4.14.1 php8-mysql-debuginfo-8.0.24-150400.4.14.1 php8-odbc-8.0.24-150400.4.14.1 php8-odbc-debuginfo-8.0.24-150400.4.14.1 php8-opcache-8.0.24-150400.4.14.1 php8-opcache-debuginfo-8.0.24-150400.4.14.1 php8-openssl-8.0.24-150400.4.14.1 php8-openssl-debuginfo-8.0.24-150400.4.14.1 php8-pcntl-8.0.24-150400.4.14.1 php8-pcntl-debuginfo-8.0.24-150400.4.14.1 php8-pdo-8.0.24-150400.4.14.1 php8-pdo-debuginfo-8.0.24-150400.4.14.1 php8-pgsql-8.0.24-150400.4.14.1 php8-pgsql-debuginfo-8.0.24-150400.4.14.1 php8-phar-8.0.24-150400.4.14.1 php8-phar-debuginfo-8.0.24-150400.4.14.1 php8-posix-8.0.24-150400.4.14.1 php8-posix-debuginfo-8.0.24-150400.4.14.1 php8-readline-8.0.24-150400.4.14.1 php8-readline-debuginfo-8.0.24-150400.4.14.1 php8-shmop-8.0.24-150400.4.14.1 php8-shmop-debuginfo-8.0.24-150400.4.14.1 php8-snmp-8.0.24-150400.4.14.1 php8-snmp-debuginfo-8.0.24-150400.4.14.1 php8-soap-8.0.24-150400.4.14.1 php8-soap-debuginfo-8.0.24-150400.4.14.1 php8-sockets-8.0.24-150400.4.14.1 php8-sockets-debuginfo-8.0.24-150400.4.14.1 php8-sodium-8.0.24-150400.4.14.1 php8-sodium-debuginfo-8.0.24-150400.4.14.1 php8-sqlite-8.0.24-150400.4.14.1 php8-sqlite-debuginfo-8.0.24-150400.4.14.1 php8-sysvmsg-8.0.24-150400.4.14.1 php8-sysvmsg-debuginfo-8.0.24-150400.4.14.1 php8-sysvsem-8.0.24-150400.4.14.1 php8-sysvsem-debuginfo-8.0.24-150400.4.14.1 php8-sysvshm-8.0.24-150400.4.14.1 php8-sysvshm-debuginfo-8.0.24-150400.4.14.1 php8-test-8.0.24-150400.4.14.1 php8-tidy-8.0.24-150400.4.14.1 php8-tidy-debuginfo-8.0.24-150400.4.14.1 php8-tokenizer-8.0.24-150400.4.14.1 php8-tokenizer-debuginfo-8.0.24-150400.4.14.1 php8-xmlreader-8.0.24-150400.4.14.1 php8-xmlreader-debuginfo-8.0.24-150400.4.14.1 php8-xmlwriter-8.0.24-150400.4.14.1 php8-xmlwriter-debuginfo-8.0.24-150400.4.14.1 php8-xsl-8.0.24-150400.4.14.1 php8-xsl-debuginfo-8.0.24-150400.4.14.1 php8-zip-8.0.24-150400.4.14.1 php8-zip-debuginfo-8.0.24-150400.4.14.1 php8-zlib-8.0.24-150400.4.14.1 php8-zlib-debuginfo-8.0.24-150400.4.14.1 References: https://www.suse.com/security/cve/CVE-2021-21703.html https://www.suse.com/security/cve/CVE-2022-31628.html https://www.suse.com/security/cve/CVE-2022-31629.html https://bugzilla.suse.com/1192050 https://bugzilla.suse.com/1200772 https://bugzilla.suse.com/1203867 https://bugzilla.suse.com/1203870

1 0

openSUSE-SU-2022:10154-1: moderate: Security update for pngcheck
by opensuse-security＠opensuse.org 19 Oct '22

19 Oct '22

openSUSE Security Update: Security update for pngcheck ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10154-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for pngcheck fixes the following issues: pngcheck was updated to 3.0.3: Version 3.0.1: * fixed a crash bug (and probable vulnerability) in large (MNG) LOOP chunks Version 3.0.2: * fixed a divide-by-zero crash bug (and probable vulnerability) in interlaced images with extra compressed data beyond the nominal end of the image data (found by "chiba of topsec alpha lab") Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10154=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): pngcheck-3.0.3-bp154.2.3.1 References:

1 0

openSUSE-SU-2022:10153-1: important: Security update for enlightenment
by opensuse-security＠opensuse.org 19 Oct '22

19 Oct '22

openSUSE Security Update: Security update for enlightenment ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10153-1 Rating: important References: #1203631 Cross-References: CVE-2022-37706 Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for enlightenment fixes the following issues: Update to 0.25.4 Bugfix release * Fix shape handling in various cases that affected apps with shaped input * Fix procstats popup and dangling icon for fullscreen windows * Fix a vianishing pointer in some cases * Workaround Qt issue where it does not remove WM_STATE on withdraw * Fix fullscreen focus toggle flicker * Fix pointer sticking case * Fix tap-to-click props * Fix gadgcon disabled items * Fix config fallback handling that means no fallback happened * Fix gtk frame prop handling * Fix first map handling that affected energyxt * Fix CVE-2022-37706 (boo#1203631) * Harden enlightenment_sys when mis-packaged without sysactions.conf Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10153=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64): enlightenment-0.25.4-bp154.4.3.1 enlightenment-branding-upstream-0.25.4-bp154.4.3.1 enlightenment-devel-0.25.4-bp154.4.3.1 References: https://www.suse.com/security/cve/CVE-2022-37706.html https://bugzilla.suse.com/1203631

1 0

SUSE-SU-2022:3650-1: important: Security update for libreoffice
by opensuse-security＠opensuse.org 19 Oct '22

19 Oct '22

SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3650-1 Rating: important References: #1201868 #1201872 #1203209 SLE-23447 Cross-References: CVE-2022-26305 CVE-2022-26307 CVE-2022-3140 CVSS scores: CVE-2022-26305 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26305 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26307 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26307 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-3140 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities, contains one feature is now available. Description: This update for libreoffice fixes the following issues: Updated to version 7.3.6.2 (jsc#SLE-23447): - CVE-2022-3140: Fixed macro URL arbitrary script execution (bsc#1203209). - CVE-2022-26305: Fixed execution of untrusted Macros due to improper certificate validation (bsc#1201868). - CVE-2022-26307: Fixed weak Master Keys in password storage (bsc#1201872). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3650=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3650=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3650=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3650=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3650=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3650=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-librelogo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 libreofficekit-devel-7.3.6.2-150300.14.22.24.2 - openSUSE Leap 15.4 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2 libreoffice-glade-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-librelogo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 libreofficekit-devel-7.3.6.2-150300.14.22.24.2 - openSUSE Leap 15.3 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2 libreoffice-glade-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-librelogo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 libreofficekit-devel-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2 libreoffice-glade-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le): libreoffice-7.3.6.2-150300.14.22.24.2 libreoffice-base-7.3.6.2-150300.14.22.24.2 libreoffice-base-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-7.3.6.2-150300.14.22.24.2 libreoffice-base-drivers-postgresql-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-7.3.6.2-150300.14.22.24.2 libreoffice-calc-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-calc-extensions-7.3.6.2-150300.14.22.24.2 libreoffice-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-debugsource-7.3.6.2-150300.14.22.24.2 libreoffice-draw-7.3.6.2-150300.14.22.24.2 libreoffice-draw-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-filters-optional-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-7.3.6.2-150300.14.22.24.2 libreoffice-gnome-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-7.3.6.2-150300.14.22.24.2 libreoffice-gtk3-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-impress-7.3.6.2-150300.14.22.24.2 libreoffice-impress-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-librelogo-7.3.6.2-150300.14.22.24.2 libreoffice-mailmerge-7.3.6.2-150300.14.22.24.2 libreoffice-math-7.3.6.2-150300.14.22.24.2 libreoffice-math-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-7.3.6.2-150300.14.22.24.2 libreoffice-officebean-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-7.3.6.2-150300.14.22.24.2 libreoffice-pyuno-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-7.3.6.2-150300.14.22.24.2 libreoffice-qt5-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-sdk-doc-7.3.6.2-150300.14.22.24.2 libreoffice-writer-7.3.6.2-150300.14.22.24.2 libreoffice-writer-debuginfo-7.3.6.2-150300.14.22.24.2 libreoffice-writer-extensions-7.3.6.2-150300.14.22.24.2 libreofficekit-7.3.6.2-150300.14.22.24.2 libreofficekit-devel-7.3.6.2-150300.14.22.24.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): libreoffice-branding-upstream-7.3.6.2-150300.14.22.24.2 libreoffice-gdb-pretty-printers-7.3.6.2-150300.14.22.24.2 libreoffice-glade-7.3.6.2-150300.14.22.24.2 libreoffice-icon-themes-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-af-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-am-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ar-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-as-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ast-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-be-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bn_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-br-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-brx-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-bs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ca_valencia-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ckb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cs-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-cy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-da-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-de-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dgo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-dz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-el-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_GB-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-en_ZA-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-es-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-et-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-eu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fur-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-fy-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ga-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-gug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-he-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hsb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-hu-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-id-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-is-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-it-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ja-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ka-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kab-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-km-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kmr_Latn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ko-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-kok-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ks-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lo-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-lv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mai-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ml-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mni-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-mr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-my-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nb-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ne-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-nso-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-oc-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-om-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-or-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pa-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_BR-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-pt_PT-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ro-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ru-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-rw-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sa_IN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sat-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sd-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-si-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sid-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sq-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ss-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-st-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sv-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-sw_TZ-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-szl-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ta-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-te-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tg-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-th-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tn-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tr-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ts-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-tt-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ug-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uk-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-uz-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-ve-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vec-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-vi-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-xh-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_CN-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zh_TW-7.3.6.2-150300.14.22.24.2 libreoffice-l10n-zu-7.3.6.2-150300.14.22.24.2 References: https://www.suse.com/security/cve/CVE-2022-26305.html https://www.suse.com/security/cve/CVE-2022-26307.html https://www.suse.com/security/cve/CVE-2022-3140.html https://bugzilla.suse.com/1201868 https://bugzilla.suse.com/1201872 https://bugzilla.suse.com/1203209

1 0

SUSE-SU-2022:3616-1: moderate: Security update for nodejs12
by opensuse-security＠opensuse.org 18 Oct '22

18 Oct '22

SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3616-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3616=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3616=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3616=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.38.1 nodejs12-debuginfo-12.22.12-150200.4.38.1 nodejs12-debugsource-12.22.12-150200.4.38.1 nodejs12-devel-12.22.12-150200.4.38.1 npm12-12.22.12-150200.4.38.1 - openSUSE Leap 15.4 (noarch): nodejs12-docs-12.22.12-150200.4.38.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.38.1 nodejs12-debuginfo-12.22.12-150200.4.38.1 nodejs12-debugsource-12.22.12-150200.4.38.1 nodejs12-devel-12.22.12-150200.4.38.1 npm12-12.22.12-150200.4.38.1 - openSUSE Leap 15.3 (noarch): nodejs12-docs-12.22.12-150200.4.38.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.38.1 nodejs12-debuginfo-12.22.12-150200.4.38.1 nodejs12-debugsource-12.22.12-150200.4.38.1 nodejs12-devel-12.22.12-150200.4.38.1 npm12-12.22.12-150200.4.38.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.12-150200.4.38.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832

1 0

SUSE-SU-2022:3621-1: moderate: Security update for rubygem-activesupport-5_1
by opensuse-security＠opensuse.org 18 Oct '22

18 Oct '22

SUSE Security Update: Security update for rubygem-activesupport-5_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3621-1 Rating: moderate References: #1199060 Cross-References: CVE-2022-27777 CVSS scores: CVE-2022-27777 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-27777 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-activesupport-5_1 fixes the following issues: - CVE-2022-27777: Fixed cross-site scripting vulnerability in Action View tag helper (bsc#1199060). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3621=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3621=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3621=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3621=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3621=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3621=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-3621=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-27777.html https://bugzilla.suse.com/1199060

1 0

SUSE-SU-2022:3615-1: important: Security update for nodejs16
by opensuse-security＠opensuse.org 18 Oct '22

18 Oct '22

SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3615-1 Rating: important References: #1201325 #1201327 #1203831 #1203832 Cross-References: CVE-2022-32213 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32215 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-35255 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding (bsc#1201327). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). - CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3615=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3615=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs16-16.17.1-150300.7.12.1 nodejs16-debuginfo-16.17.1-150300.7.12.1 nodejs16-debugsource-16.17.1-150300.7.12.1 nodejs16-devel-16.17.1-150300.7.12.1 npm16-16.17.1-150300.7.12.1 - openSUSE Leap 15.3 (noarch): nodejs16-docs-16.17.1-150300.7.12.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs16-16.17.1-150300.7.12.1 nodejs16-debuginfo-16.17.1-150300.7.12.1 nodejs16-debugsource-16.17.1-150300.7.12.1 nodejs16-devel-16.17.1-150300.7.12.1 npm16-16.17.1-150300.7.12.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs16-docs-16.17.1-150300.7.12.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32215.html https://www.suse.com/security/cve/CVE-2022-35255.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1203831 https://bugzilla.suse.com/1203832

1 0

SUSE-SU-2022:3613-1: important: Security update for postgresql-jdbc
by opensuse-security＠opensuse.org 18 Oct '22

18 Oct '22

SUSE Security Update: Security update for postgresql-jdbc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3613-1 Rating: important References: #1202170 Cross-References: CVE-2022-31197 CVSS scores: CVE-2022-31197 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-31197 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability (bsc#1202170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3613=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3613=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3613=1 Package List: - openSUSE Leap 15.3 (noarch): postgresql-jdbc-42.2.25-150300.3.8.1 postgresql-jdbc-javadoc-42.2.25-150300.3.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): postgresql-jdbc-42.2.25-150300.3.8.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): postgresql-jdbc-42.2.25-150300.3.8.1 References: https://www.suse.com/security/cve/CVE-2022-31197.html https://bugzilla.suse.com/1202170

1 0

SUSE-SU-2022:3614-1: moderate: Security update for nodejs14
by opensuse-security＠opensuse.org 18 Oct '22

18 Oct '22

SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3614-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: Updated to version 14.20.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). - CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3614=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3614=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3614=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack14-14.20.1-150200.15.37.1 nodejs14-14.20.1-150200.15.37.1 nodejs14-debuginfo-14.20.1-150200.15.37.1 nodejs14-debugsource-14.20.1-150200.15.37.1 nodejs14-devel-14.20.1-150200.15.37.1 npm14-14.20.1-150200.15.37.1 - openSUSE Leap 15.4 (noarch): nodejs14-docs-14.20.1-150200.15.37.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs14-14.20.1-150200.15.37.1 nodejs14-debuginfo-14.20.1-150200.15.37.1 nodejs14-debugsource-14.20.1-150200.15.37.1 nodejs14-devel-14.20.1-150200.15.37.1 npm14-14.20.1-150200.15.37.1 - openSUSE Leap 15.3 (noarch): nodejs14-docs-14.20.1-150200.15.37.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs14-14.20.1-150200.15.37.1 nodejs14-debuginfo-14.20.1-150200.15.37.1 nodejs14-debugsource-14.20.1-150200.15.37.1 nodejs14-devel-14.20.1-150200.15.37.1 npm14-14.20.1-150200.15.37.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs14-docs-14.20.1-150200.15.37.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832

1 0

SUSE-SU-2022:3609-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 18 Oct '22

18 Oct '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3609-1 Rating: important References: #1023051 #1065729 #1156395 #1177471 #1179722 #1179723 #1181862 #1185032 #1191662 #1191667 #1191881 #1192594 #1194023 #1194272 #1194535 #1196444 #1196616 #1196867 #1197158 #1197659 #1197755 #1197756 #1197757 #1197760 #1197763 #1197920 #1198971 #1199255 #1199291 #1200084 #1200313 #1200431 #1200622 #1200845 #1200868 #1200869 #1200870 #1200871 #1200872 #1200873 #1201019 #1201309 #1201310 #1201420 #1201442 #1201489 #1201610 #1201645 #1201705 #1201726 #1201865 #1201948 #1201990 #1202095 #1202096 #1202097 #1202154 #1202341 #1202346 #1202347 #1202385 #1202393 #1202396 #1202447 #1202577 #1202636 #1202672 #1202677 #1202701 #1202708 #1202709 #1202710 #1202711 #1202712 #1202713 #1202714 #1202715 #1202716 #1202717 #1202718 #1202720 #1202722 #1202745 #1202756 #1202810 #1202811 #1202860 #1202895 #1202898 #1202960 #1202984 #1203063 #1203098 #1203107 #1203116 #1203117 #1203135 #1203136 #1203137 #1203159 #1203313 #1203389 #1203410 #1203424 #1203552 #1203622 #1203737 #1203769 #1203906 #1203909 #1203933 #1203935 #1203939 #1203987 #1203992 PED-529 SLE-24635 Cross-References: CVE-2016-3695 CVE-2020-16119 CVE-2020-27784 CVE-2020-36516 CVE-2021-4155 CVE-2021-4203 CVE-2022-20368 CVE-2022-20369 CVE-2022-2503 CVE-2022-2586 CVE-2022-2588 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-2905 CVE-2022-2977 CVE-2022-3028 CVE-2022-3239 CVE-2022-3303 CVE-2022-36879 CVE-2022-39188 CVE-2022-39190 CVE-2022-41218 CVE-2022-41222 CVE-2022-41848 CVE-2022-41849 CVSS scores: CVE-2016-3695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-3695 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-27784 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27784 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2021-4155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2905 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2905 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39190 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39190 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 26 vulnerabilities, contains two features and has 89 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948). - CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860). - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097). - CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154). - CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535). - CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272). - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616). - CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes). - ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes). - ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes). - ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: mm: Validate hotplug range before creating linear mapping (git-fixes) - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - asm-generic: sections: refactor memory_intersects (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722). - blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720). - blk-iocost: fix weight updates of inner active iocgs (bsc#1202717). - blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722). - blktrace: fix blk_rq_merge documentation (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: m_can: process interrupt only when not runtime suspended (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810). - ceph: do not truncate file in atomic_open (bsc#1202811). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Trace event cgroup id fields should be u64 (git-fixes). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes). - coresight: cti: Correct the parameter for pm_runtime_put (git-fixes). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - devlink: Fix use-after-free after a failed reload (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - enetc: Fix endianness issues for enetc_qos (git-fixes). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling code in add_new_gdb (bsc#1179722). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix invalid inode checksum (bsc#1179723). - ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: ioctl: translate ENOSYS (bsc#1203136). - fuse: limit nsec (bsc#1203135). - fuse: Remove the control interface for virtio-fs (bsc#1203137). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ice: report supported and advertised autoneg using PHY capabilities (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: ssif: initialize ssif_info->client early (git-fixes). - ixgbevf: add correct exception tracing for XDP (git-fixes). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - jfs: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - jfs: prevent NULL deref in diFree (bsc#1203389). - kABI: cgroup: Restore KABI of css_set (bsc#1201610). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kabi/severities: add stmmac driver local sumbols - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kfifo: fix kfifo_to_user() return type (git-fixes). - kfifo: fix ternary sign extension bugs (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes). - KVM: x86: accept userspace interrupt only if no event is injected (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325). - list: add "list_del_init_careful()" to go with "list_empty_careful()" (bsc#1202745). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - mmap locking API: add mmap_lock_is_contended() (bsc#1201990). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes). - net: dsa: b53: fix an off by one in checking "vlan->vid" (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: mt7530: fix VLAN traffic leaks (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: enetc: unmap DMA in enetc_send_cmd() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: ezchip: fix error handling (git-fixes). - net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes). - net: ethernet: ezchip: remove redundant check (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: ftgmac100: Fix crash when removing driver (git-fixes). - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes). - net: hns: Fix kernel-doc (git-fixes). - net: lantiq: fix memory corruption in RX ring (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes). - net: netcp: Fix an error message (git-fixes). - net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: stmicro: handle clk_prepare() failure during init (git-fixes). - net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: stmmac: Modify configuration method of EEE timers (git-fixes). - net: stmmac: Use resolved link config in mac_link_up() (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net/mlx5e: Check for needed capability for cvlan matching (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix nfs_path in case of a rename retry (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix second deadlock in nfs4_evict_inode() (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes). - NFSD: Add missing NFSv2 .pc_func methods (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: fix use-after-free due to delegation race (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvmet: Expose max queues to configfs (bsc#1201865). - objtool: Add support for intra-function calls (bsc#1202396). - objtool: Make handle_insn_ops() unconditional (bsc#1202396). - objtool: Remove INSN_STACK (bsc#1202396). - objtool: Rework allocating stack_ops on decode (bsc#1202396). - objtool: Support multiple stack_op per instruction (bsc#1202396). - ocfs2: drop acl cache for directories too (bsc#1191667). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: qcom: Fix pipe clock imbalance (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - perf bench: Share some global variables to fix build with gcc 10 (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - pinctrl/rockchip: fix gpio device creation (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - powerpc: define get_cycles macro for arch-override (bsc#1065729). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - profiling: fix shift too large makes kernel panic (git-fixes). - profiling: fix shift-out-of-bounds bugs (git fixes). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - qlcnic: Add null check after calling netdev_alloc_skb (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes). - random: remove useless header comment (git fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - regulator: core: Clean up on enable failure (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: fix 2KB pgtable release race (git-fixes). - s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - selftests: futex: Use variable MAKE instead of make (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion") (git-fixes). - SUNRPC: Clean up scheduling of autoclose (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tee: optee: Fix incorrect page free bug (git-fixes). - thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - tools/thermal: Fix possible path truncations (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - USB: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: ep0: Fix delay status handling (git-fixes). - USB: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes). - USB: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - USB: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes). - USB: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes). - USB: dwc3: gadget: Remove unnecessary checks (git-fixes). - USB: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - USB: dwc3: gadget: Store resource index of start cmd (git-fixes). - USB: dwc3: qcom: fix missing optional irq warnings. - USB: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - USB: gadget: u_audio: fix race condition on endpoint stop (git-fixes). - USB: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - USB: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - USB: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - USB: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - USB: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - USB: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - USB: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: renesas: Fix refcount leak bug (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - USB: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - USB: xhci: tegra: Fix error check (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - vboxguest: Do not use devm for irq (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577). - xfs: Fix assert failure in xfs_setattr_size() (git-fixes). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: mark a data structure sick if there are cross-referencing errors (git-fixes). - xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). - xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3609=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-3609=1 Package List: - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.80.1 kernel-source-azure-5.3.18-150300.38.80.1 - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.80.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.80.1 dlm-kmp-azure-5.3.18-150300.38.80.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.80.1 gfs2-kmp-azure-5.3.18-150300.38.80.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.80.1 kernel-azure-5.3.18-150300.38.80.1 kernel-azure-debuginfo-5.3.18-150300.38.80.1 kernel-azure-debugsource-5.3.18-150300.38.80.1 kernel-azure-devel-5.3.18-150300.38.80.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.80.1 kernel-azure-extra-5.3.18-150300.38.80.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.80.1 kernel-azure-livepatch-devel-5.3.18-150300.38.80.1 kernel-azure-optional-5.3.18-150300.38.80.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.80.1 kernel-syms-azure-5.3.18-150300.38.80.1 kselftests-kmp-azure-5.3.18-150300.38.80.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.80.1 ocfs2-kmp-azure-5.3.18-150300.38.80.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.80.1 reiserfs-kmp-azure-5.3.18-150300.38.80.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.80.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.80.1 kernel-source-azure-5.3.18-150300.38.80.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.80.1 kernel-azure-debuginfo-5.3.18-150300.38.80.1 kernel-azure-debugsource-5.3.18-150300.38.80.1 kernel-azure-devel-5.3.18-150300.38.80.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.80.1 kernel-syms-azure-5.3.18-150300.38.80.1 References: https://www.suse.com/security/cve/CVE-2016-3695.html https://www.suse.com/security/cve/CVE-2020-16119.html https://www.suse.com/security/cve/CVE-2020-27784.html https://www.suse.com/security/cve/CVE-2020-36516.html https://www.suse.com/security/cve/CVE-2021-4155.html https://www.suse.com/security/cve/CVE-2021-4203.html https://www.suse.com/security/cve/CVE-2022-20368.html https://www.suse.com/security/cve/CVE-2022-20369.html https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-2586.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-26373.html https://www.suse.com/security/cve/CVE-2022-2639.html https://www.suse.com/security/cve/CVE-2022-2663.html https://www.suse.com/security/cve/CVE-2022-2905.html https://www.suse.com/security/cve/CVE-2022-2977.html https://www.suse.com/security/cve/CVE-2022-3028.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-36879.html https://www.suse.com/security/cve/CVE-2022-39188.html https://www.suse.com/security/cve/CVE-2022-39190.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41222.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41849.html https://bugzilla.suse.com/1023051 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1177471 https://bugzilla.suse.com/1179722 https://bugzilla.suse.com/1179723 https://bugzilla.suse.com/1181862 https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1191662 https://bugzilla.suse.com/1191667 https://bugzilla.suse.com/1191881 https://bugzilla.suse.com/1192594 https://bugzilla.suse.com/1194023 https://bugzilla.suse.com/1194272 https://bugzilla.suse.com/1194535 https://bugzilla.suse.com/1196444 https://bugzilla.suse.com/1196616 https://bugzilla.suse.com/1196867 https://bugzilla.suse.com/1197158 https://bugzilla.suse.com/1197659 https://bugzilla.suse.com/1197755 https://bugzilla.suse.com/1197756 https://bugzilla.suse.com/1197757 https://bugzilla.suse.com/1197760 https://bugzilla.suse.com/1197763 https://bugzilla.suse.com/1197920 https://bugzilla.suse.com/1198971 https://bugzilla.suse.com/1199255 https://bugzilla.suse.com/1199291 https://bugzilla.suse.com/1200084 https://bugzilla.suse.com/1200313 https://bugzilla.suse.com/1200431 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1200868 https://bugzilla.suse.com/1200869 https://bugzilla.suse.com/1200870 https://bugzilla.suse.com/1200871 https://bugzilla.suse.com/1200872 https://bugzilla.suse.com/1200873 https://bugzilla.suse.com/1201019 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1201310 https://bugzilla.suse.com/1201420 https://bugzilla.suse.com/1201442 https://bugzilla.suse.com/1201489 https://bugzilla.suse.com/1201610 https://bugzilla.suse.com/1201645 https://bugzilla.suse.com/1201705 https://bugzilla.suse.com/1201726 https://bugzilla.suse.com/1201865 https://bugzilla.suse.com/1201948 https://bugzilla.suse.com/1201990 https://bugzilla.suse.com/1202095 https://bugzilla.suse.com/1202096 https://bugzilla.suse.com/1202097 https://bugzilla.suse.com/1202154 https://bugzilla.suse.com/1202341 https://bugzilla.suse.com/1202346 https://bugzilla.suse.com/1202347 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202393 https://bugzilla.suse.com/1202396 https://bugzilla.suse.com/1202447 https://bugzilla.suse.com/1202577 https://bugzilla.suse.com/1202636 https://bugzilla.suse.com/1202672 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202701 https://bugzilla.suse.com/1202708 https://bugzilla.suse.com/1202709 https://bugzilla.suse.com/1202710 https://bugzilla.suse.com/1202711 https://bugzilla.suse.com/1202712 https://bugzilla.suse.com/1202713 https://bugzilla.suse.com/1202714 https://bugzilla.suse.com/1202715 https://bugzilla.suse.com/1202716 https://bugzilla.suse.com/1202717 https://bugzilla.suse.com/1202718 https://bugzilla.suse.com/1202720 https://bugzilla.suse.com/1202722 https://bugzilla.suse.com/1202745 https://bugzilla.suse.com/1202756 https://bugzilla.suse.com/1202810 https://bugzilla.suse.com/1202811 https://bugzilla.suse.com/1202860 https://bugzilla.suse.com/1202895 https://bugzilla.suse.com/1202898 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1202984 https://bugzilla.suse.com/1203063 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203107 https://bugzilla.suse.com/1203116 https://bugzilla.suse.com/1203117 https://bugzilla.suse.com/1203135 https://bugzilla.suse.com/1203136 https://bugzilla.suse.com/1203137 https://bugzilla.suse.com/1203159 https://bugzilla.suse.com/1203313 https://bugzilla.suse.com/1203389 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203424 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203622 https://bugzilla.suse.com/1203737 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203906 https://bugzilla.suse.com/1203909 https://bugzilla.suse.com/1203933 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203939 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1203992

1 0

openSUSE-SU-2022:10152-1: important: Security update for virtualbox
by opensuse-security＠opensuse.org 17 Oct '22

17 Oct '22

openSUSE Security Update: Security update for virtualbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10152-1 Rating: important References: #1201720 #1203086 #1203306 #1203370 #1203735 #1204019 Cross-References: CVE-2022-21554 CVE-2022-21571 CVSS scores: CVE-2022-21554 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21554 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21571 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-21571 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for virtualbox fixes the following issues: - Version bump to 6.1.38r86 released by Oracle September 02 2022 This is a maintenance release. The following items were fixed and/or added: - GUI: Improvements in Native Language Support area - Main: OVF Export: Added support for exporting VMs containing Virtio-SCSI controllers - Recording settings: Fixed a regression which could cause not starting the COM server (VBoxSVC) under certain circumstances (bug #21034) - Recording: More deterministic naming for recorded files (will now overwrite old .webm files if present) - Linux Host and Guest Additions installer: Improved check for systemd presence in the system (bug #19033) - Linux Guest Additions: Introduced initial support for kernel 6.0 - Linux Guest Additions: Additional fixes for kernel RHEL 9.1 (bug #21065) - Windows Guest Additions: Improvements in Drag and Drop area Fixes permission problem with /dev/vboxuser (boo#1203370) Fixes missing firewall opening (boo#1203086) - Fixes boo#1201720 CVE items for CVE-2022-21571, CVE-2022-21554 - Add a "Provides: virtualbox-guest-x11" to virtualbox-guest-tools. (boo#1203735) - Fixed VBoxClient: VbglR3InitUser failed: VERR_ACCESS_DENIED (boo#1204019) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-2022-10152=1 Package List: - openSUSE Leap 15.4 (x86_64): python3-virtualbox-6.1.38-lp154.2.15.1 python3-virtualbox-debuginfo-6.1.38-lp154.2.15.1 virtualbox-6.1.38-lp154.2.15.1 virtualbox-debuginfo-6.1.38-lp154.2.15.1 virtualbox-debugsource-6.1.38-lp154.2.15.1 virtualbox-devel-6.1.38-lp154.2.15.1 virtualbox-guest-tools-6.1.38-lp154.2.15.1 virtualbox-guest-tools-debuginfo-6.1.38-lp154.2.15.1 virtualbox-kmp-debugsource-6.1.38-lp154.2.15.1 virtualbox-kmp-default-6.1.38_k5.14.21_150400.24.21-lp154.2.15.1 virtualbox-kmp-default-debuginfo-6.1.38_k5.14.21_150400.24.21-lp154.2.15.1 virtualbox-qt-6.1.38-lp154.2.15.1 virtualbox-qt-debuginfo-6.1.38-lp154.2.15.1 virtualbox-vnc-6.1.38-lp154.2.15.1 virtualbox-websrv-6.1.38-lp154.2.15.1 virtualbox-websrv-debuginfo-6.1.38-lp154.2.15.1 - openSUSE Leap 15.4 (noarch): virtualbox-guest-desktop-icons-6.1.38-lp154.2.15.1 virtualbox-guest-source-6.1.38-lp154.2.15.1 virtualbox-host-source-6.1.38-lp154.2.15.1 References: https://www.suse.com/security/cve/CVE-2022-21554.html https://www.suse.com/security/cve/CVE-2022-21571.html https://bugzilla.suse.com/1201720 https://bugzilla.suse.com/1203086 https://bugzilla.suse.com/1203306 https://bugzilla.suse.com/1203370 https://bugzilla.suse.com/1203735 https://bugzilla.suse.com/1204019

1 0

SUSE-SU-2022:3598-1: important: Security update for exiv2
by opensuse-security＠opensuse.org 17 Oct '22

17 Oct '22

SUSE Security Update: Security update for exiv2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3598-1 Rating: important References: #1076579 #1086798 #1086810 #1092096 #1114690 #1185447 #1186192 #1188733 #1188756 #1189330 #1189331 #1189332 #1189333 #1189636 #1189780 Cross-References: CVE-2018-10772 CVE-2018-18915 CVE-2018-5772 CVE-2018-8976 CVE-2018-8977 CVE-2020-18898 CVE-2020-18899 CVE-2021-29470 CVE-2021-31291 CVE-2021-31292 CVE-2021-32617 CVE-2021-37618 CVE-2021-37619 CVE-2021-37620 CVE-2021-37621 CVSS scores: CVE-2018-10772 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-10772 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18915 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18915 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-5772 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-5772 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-8976 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-8976 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-8977 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-8977 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-18898 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-18898 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-18899 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-18899 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29470 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29470 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31291 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31292 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-31292 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-32617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37618 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37618 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-37619 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37619 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-37620 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37620 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-37621 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37621 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: This update for exiv2 fixes the following issues: - CVE-2021-37621: Fixed denial of service due to infinite loop in Image:printIFDStructure (bsc#1189333). - CVE-2021-37620: Fixed out-of-bounds read in XmpTextValue:read() (bsc#1189332). - CVE-2021-37619: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1189331). - CVE-2021-37618: Fixed out-of-bounds read in Exiv2:Jp2Image:printStructure (bsc#1189330). - CVE-2021-32617: Fixed denial of service inside inefficient algorithm (quadratic complexity) (bsc#1186192). - CVE-2021-31292: Fixed integer overflow in CrwMap:encode0x1810 (bsc#1188756). - CVE-2021-31291: Fixed heap-based buffer overflow vulnerability in jp2image.cpp may lead to a denial of service (bsc#1188733). - CVE-2021-29470: Fixed out-of-bounds read in Exiv2:Jp2Image:encodeJp2Header (bsc#1185447). - CVE-2020-18899: Fixed uncontrolled memory allocation (bsc#1189636). - CVE-2020-18898: Fixed remote denial of service in printIFDStructure function (bsc#1189780). - CVE-2018-8977: Fixed remote denial of service in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (bsc#1086798). - CVE-2018-8976: Fixed remote denial of service in image.cpp Exiv2::Internal::stringFormat via out-of-bounds read (bsc#1086810). - CVE-2018-5772: Fixed segmentation fault caused by uncontrolled recursion inthe Exiv2::Image::printIFDStructure (bsc#1076579). - CVE-2018-18915: Fixed an infinite loop in the Exiv2:Image:printIFDStructure function (bsc#1114690). - CVE-2018-10772: Fixed segmentation fault when the function Exiv2::tEXtToDataBuf() is finished (bsc#1092096). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3598=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3598=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3598=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3598=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3598=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3598=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3598=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3598=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3598=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3598=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3598=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3598=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3598=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3598=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3598=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3598=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3598=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3598=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): exiv2-0.26-150000.6.16.1 exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 libexiv2-doc-0.26-150000.6.16.1 - openSUSE Leap 15.4 (x86_64): libexiv2-26-32bit-0.26-150000.6.16.1 libexiv2-26-32bit-debuginfo-0.26-150000.6.16.1 - openSUSE Leap 15.4 (noarch): exiv2-lang-0.26-150000.6.16.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): exiv2-0.26-150000.6.16.1 exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 libexiv2-doc-0.26-150000.6.16.1 - openSUSE Leap 15.3 (noarch): exiv2-lang-0.26-150000.6.16.1 - openSUSE Leap 15.3 (x86_64): libexiv2-26-32bit-0.26-150000.6.16.1 libexiv2-26-32bit-debuginfo-0.26-150000.6.16.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Manager Proxy 4.1 (x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 - SUSE CaaS Platform 4.0 (x86_64): exiv2-debuginfo-0.26-150000.6.16.1 exiv2-debugsource-0.26-150000.6.16.1 libexiv2-26-0.26-150000.6.16.1 libexiv2-26-debuginfo-0.26-150000.6.16.1 libexiv2-devel-0.26-150000.6.16.1 References: https://www.suse.com/security/cve/CVE-2018-10772.html https://www.suse.com/security/cve/CVE-2018-18915.html https://www.suse.com/security/cve/CVE-2018-5772.html https://www.suse.com/security/cve/CVE-2018-8976.html https://www.suse.com/security/cve/CVE-2018-8977.html https://www.suse.com/security/cve/CVE-2020-18898.html https://www.suse.com/security/cve/CVE-2020-18899.html https://www.suse.com/security/cve/CVE-2021-29470.html https://www.suse.com/security/cve/CVE-2021-31291.html https://www.suse.com/security/cve/CVE-2021-31292.html https://www.suse.com/security/cve/CVE-2021-32617.html https://www.suse.com/security/cve/CVE-2021-37618.html https://www.suse.com/security/cve/CVE-2021-37619.html https://www.suse.com/security/cve/CVE-2021-37620.html https://www.suse.com/security/cve/CVE-2021-37621.html https://bugzilla.suse.com/1076579 https://bugzilla.suse.com/1086798 https://bugzilla.suse.com/1086810 https://bugzilla.suse.com/1092096 https://bugzilla.suse.com/1114690 https://bugzilla.suse.com/1185447 https://bugzilla.suse.com/1186192 https://bugzilla.suse.com/1188733 https://bugzilla.suse.com/1188756 https://bugzilla.suse.com/1189330 https://bugzilla.suse.com/1189331 https://bugzilla.suse.com/1189332 https://bugzilla.suse.com/1189333 https://bugzilla.suse.com/1189636 https://bugzilla.suse.com/1189780

1 0

SUSE-SU-2022:3596-1: important: Security update for squid
by opensuse-security＠opensuse.org 17 Oct '22

17 Oct '22

SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3596-1 Rating: important References: #1203677 #1203680 Cross-References: CVE-2022-41317 CVE-2022-41318 CVSS scores: CVE-2022-41317 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41318 (SUSE): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for squid fixes the following issues: - CVE-2022-41317: Fixed exposure of sensitive information in cache manager (bsc#1203677). - CVE-2022-41318: Fixed buffer overread in SSPI and SMB Authentication (bsc#1203680). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3596=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3596=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3596=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3596=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3596=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3596=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3596=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3596=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3596=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3596=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3596=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3596=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3596=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3596=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3596=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3596=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Manager Proxy 4.1 (x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 - SUSE CaaS Platform 4.0 (x86_64): squid-4.17-150000.5.35.1 squid-debuginfo-4.17-150000.5.35.1 squid-debugsource-4.17-150000.5.35.1 References: https://www.suse.com/security/cve/CVE-2022-41317.html https://www.suse.com/security/cve/CVE-2022-41318.html https://bugzilla.suse.com/1203677 https://bugzilla.suse.com/1203680

1 0

SUSE-SU-2022:3597-1: important: Security update for expat
by opensuse-security＠opensuse.org 17 Oct '22

17 Oct '22

SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3597-1 Rating: important References: #1203438 Cross-References: CVE-2022-40674 CVSS scores: CVE-2022-40674 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-40674 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3597=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3597=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3597=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3597=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3597=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3597=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3597=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3597=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3597=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3597=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3597=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3597=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3597=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3597=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3597=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3597=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3597=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3597=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3597=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - openSUSE Leap 15.3 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat-devel-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Manager Server 4.1 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): expat-2.2.5-150000.3.22.1 expat-32bit-debuginfo-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Manager Proxy 4.1 (x86_64): expat-2.2.5-150000.3.22.1 expat-32bit-debuginfo-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): expat-2.2.5-150000.3.22.1 expat-32bit-debuginfo-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): expat-2.2.5-150000.3.22.1 expat-32bit-debuginfo-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Enterprise Storage 7 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): expat-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 - SUSE Enterprise Storage 6 (x86_64): expat-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 - SUSE CaaS Platform 4.0 (x86_64): expat-2.2.5-150000.3.22.1 expat-32bit-debuginfo-2.2.5-150000.3.22.1 expat-debuginfo-2.2.5-150000.3.22.1 expat-debugsource-2.2.5-150000.3.22.1 libexpat-devel-2.2.5-150000.3.22.1 libexpat1-2.2.5-150000.3.22.1 libexpat1-32bit-2.2.5-150000.3.22.1 libexpat1-32bit-debuginfo-2.2.5-150000.3.22.1 libexpat1-debuginfo-2.2.5-150000.3.22.1 References: https://www.suse.com/security/cve/CVE-2022-40674.html https://bugzilla.suse.com/1203438

1 0

openSUSE-SU-2022:10151-1: important: Security update for chromium
by opensuse-security＠opensuse.org 17 Oct '22

17 Oct '22

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10151-1 Rating: important References: #1204223 Cross-References: CVE-2022-3445 CVE-2022-3446 CVE-2022-3447 CVE-2022-3448 CVE-2022-3449 CVE-2022-3450 Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 106.0.5249.119 (boo#1204223): * CVE-2022-3445: Use after free in Skia * CVE-2022-3446: Heap buffer overflow in WebSQL * CVE-2022-3447: Inappropriate implementation in Custom Tabs * CVE-2022-3448: Use after free in Permissions API * CVE-2022-3449: Use after free in Safe Browsing * CVE-2022-3450: Use after free in Peer Connection Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10151=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): chromedriver-106.0.5249.119-bp153.2.128.1 chromium-106.0.5249.119-bp153.2.128.1 References: https://www.suse.com/security/cve/CVE-2022-3445.html https://www.suse.com/security/cve/CVE-2022-3446.html https://www.suse.com/security/cve/CVE-2022-3447.html https://www.suse.com/security/cve/CVE-2022-3448.html https://www.suse.com/security/cve/CVE-2022-3449.html https://www.suse.com/security/cve/CVE-2022-3450.html https://bugzilla.suse.com/1204223

1 0

SUSE-SU-2022:3594-1: important: Security update for qemu
by opensuse-security＠opensuse.org 17 Oct '22

17 Oct '22

SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3594-1 Rating: important References: #1175144 #1182282 #1192115 #1198035 #1198037 #1198038 Cross-References: CVE-2021-3409 CVE-2021-4206 CVE-2021-4207 CVE-2022-0216 CVE-2022-35414 CVSS scores: CVE-2021-3409 (NVD) : 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3409 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282) - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035) - CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037) - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3594=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3594=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3594=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3594=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3594=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3594=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3594=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3594=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3594=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3594=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3594=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (s390x x86_64): qemu-kvm-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (ppc64le): qemu-ppc-4.2.1-150200.69.1 qemu-ppc-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Manager Server 4.1 (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Manager Server 4.1 (s390x): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): qemu-4.2.1-150200.69.1 qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Manager Retail Branch Server 4.1 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Manager Proxy 4.1 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Manager Proxy 4.1 (x86_64): qemu-4.2.1-150200.69.1 qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le): qemu-ppc-4.2.1-150200.69.1 qemu-ppc-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (s390x x86_64): qemu-kvm-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le): qemu-ppc-4.2.1-150200.69.1 qemu-ppc-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (s390x): qemu-s390-4.2.1-150200.69.1 qemu-s390-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): qemu-4.2.1-150200.69.1 qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): qemu-4.2.1-150200.69.1 qemu-block-curl-4.2.1-150200.69.1 qemu-block-curl-debuginfo-4.2.1-150200.69.1 qemu-block-iscsi-4.2.1-150200.69.1 qemu-block-iscsi-debuginfo-4.2.1-150200.69.1 qemu-block-rbd-4.2.1-150200.69.1 qemu-block-rbd-debuginfo-4.2.1-150200.69.1 qemu-block-ssh-4.2.1-150200.69.1 qemu-block-ssh-debuginfo-4.2.1-150200.69.1 qemu-debuginfo-4.2.1-150200.69.1 qemu-debugsource-4.2.1-150200.69.1 qemu-guest-agent-4.2.1-150200.69.1 qemu-guest-agent-debuginfo-4.2.1-150200.69.1 qemu-lang-4.2.1-150200.69.1 qemu-tools-4.2.1-150200.69.1 qemu-tools-debuginfo-4.2.1-150200.69.1 qemu-ui-spice-app-4.2.1-150200.69.1 qemu-ui-spice-app-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (aarch64): qemu-arm-4.2.1-150200.69.1 qemu-arm-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (x86_64): qemu-audio-alsa-4.2.1-150200.69.1 qemu-audio-alsa-debuginfo-4.2.1-150200.69.1 qemu-audio-pa-4.2.1-150200.69.1 qemu-audio-pa-debuginfo-4.2.1-150200.69.1 qemu-kvm-4.2.1-150200.69.1 qemu-ui-curses-4.2.1-150200.69.1 qemu-ui-curses-debuginfo-4.2.1-150200.69.1 qemu-ui-gtk-4.2.1-150200.69.1 qemu-ui-gtk-debuginfo-4.2.1-150200.69.1 qemu-x86-4.2.1-150200.69.1 qemu-x86-debuginfo-4.2.1-150200.69.1 - SUSE Enterprise Storage 7 (noarch): qemu-ipxe-1.0.0+-150200.69.1 qemu-microvm-4.2.1-150200.69.1 qemu-seabios-1.12.1+-150200.69.1 qemu-sgabios-8-150200.69.1 qemu-vgabios-1.12.1+-150200.69.1 References: https://www.suse.com/security/cve/CVE-2021-3409.html https://www.suse.com/security/cve/CVE-2021-4206.html https://www.suse.com/security/cve/CVE-2021-4207.html https://www.suse.com/security/cve/CVE-2022-0216.html https://www.suse.com/security/cve/CVE-2022-35414.html https://bugzilla.suse.com/1175144 https://bugzilla.suse.com/1182282 https://bugzilla.suse.com/1192115 https://bugzilla.suse.com/1198035 https://bugzilla.suse.com/1198037 https://bugzilla.suse.com/1198038

1 0

openSUSE-SU-2022:10148-1: important: Security update for roundcubemail
by opensuse-security＠opensuse.org 16 Oct '22

16 Oct '22

openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10148-1 Rating: important References: #1180132 #1180399 Cross-References: CVE-2019-10740 CVE-2020-12641 CVE-2020-16145 CVE-2020-35730 CVSS scores: CVE-2019-10740 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2020-12641 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-16145 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-35730 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP3 openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for roundcubemail fixes the following issues: roundcubemail was updated to 1.5.3 * Enigma: Fix initial synchronization of private keys * Enigma: Fix double quoted-printable encoding of pgp-signed messages with no attachments (#8413) * Fix various PHP8 warnings (#8392) * Fix mail headers injection via the subject field on mail compose (#8404) * Fix bug where small message/rfc822 parts could not be decoded (#8408) * Fix setting HTML mode on reply/forward of a signed message (#8405) * Fix handling of RFC2231-encoded attachment names inside of a message/rfc822 part (#8418) * Fix bug where some mail parts (images) could have not be listed as attachments (#8425) * Fix bug where attachment icons were stuck at the top of the messages list in Safari (#8433) * Fix handling of message/rfc822 parts that are small and are multipart structures with a single part (#8458) * Fix bug where session could time out if DB and PHP timezone were different (#8303) * Fix bug where DSN flag state wasn't stored with a draft (#8371) * Fix broken encoding of HTML content encapsulated in a RTF attachment (#8444) * Fix problem with aria-hidden=true on toolbar menus in the Elastic skin (#8517) * Fix bug where title tag content was displayed in the body if it contained HTML tags (#8540) * Fix support for DSN specification without host e.g. pgsql:///dbname (#8558) update to 1.5.2 * OAuth: pass 'id_token' to 'oauth_login' plugin hook (#8214) * OAuth: fix expiration of short-lived oauth tokens (#8147) * OAuth: fix relative path to assets if /index.php/foo/bar url is used (#8144) * OAuth: no auto-redirect on imap login failures (#8370) * OAuth: refresh access token in 'refresh' plugin hook (#8224) * Fix so folder search parameters are honored by subscriptions_option plugin (#8312) * Fix password change with Directadmin driver (#8322, #8329) * Fix so css files in plugins/jqueryui/themes will be minified too (#8337) * Fix handling of unicode/special characters in custom From input (#8357) * Fix some PHP8 compatibility issues (#8363) * Fix chpass-wrapper.py helper compatibility with Python 3 (#8324) * Fix scrolling and missing Close button in the Select image dialog in Elastic/mobile (#8367) * Security: fix cross-site scripting (XSS) via HTML messages with malicious CSS content - added Suggests: php-sqlite - use the virtual provides from each PHP module, to allow the installation of roundcubemail with various PHP versions. The only problem, we are currently facing is the automatic enablement of the PHP apache module during post-installation: Trying to evaluate the correct PHP module now during post as well, which should eleminate the pre-definition of the required PHP-Version during build completely. See https://build.opensuse.org/request/show/940859 for the initial discussion. update to 1.5.1 * Fix importing contacts with no email address (#8227) * Fix so session's search scope is not used if search is not active (#8199) * Fix some PHP8 warnings (#8239) * Fix so dark mode state is retained after closing the browser (#8237) * Fix bug where new messages were not added to the list on refresh if skip_deleted=true (#8234) * Fix colors on "Show source" page in dark mode (#8246) * Fix handling of dark_mode_support:false setting in skins meta.json - also when devel_mode=false (#8249) * Fix database initialization if db_prefix is a schema prefix (#8221) * Fix undefined constant error in Installer on Windows (#8258) * Fix installation/upgrade on MySQL 5.5 - Index column size too large (#8231) * Fix regression in setting of contact listing name (#8260) * Fix bug in Larry skin where headers toggle state was reset on full page preview (#8203) * Fix bug where \u200b characters were added into the recipient input preventing mail delivery (#8269) * Fix charset conversion errors on PHP < 8 for charsets not supported by mbstring (#8252) * Fix bug where adding a contact to trusted senders via "Always allow from..." button didn't work (#8264, #8268) * Fix bug with show_images setting where option 1 and 3 were swapped (#8268) * Fix PHP fatal error on an undefined constant in contacts import action (#8277) * Fix fetching headers of multiple message parts at once in rcube_imap_generic::fetchMIMEHeaders() (#8282) * Fix bug where attachment download could sometimes fail with a CSRF check error (#8283) * Fix an infinite loop when parsing environment variables with float/integer values (#8293) * Fix so 'small-dark' logo has more priority than the 'small' logo (#8298) update to 1.5.0 + full PHP8 support + Dark mode for Elastic skin + OAuth2/XOauth support (with plugin hooks) + Collected recipients and trusted senders + Moving recipients between inputs with drag & drop + Full unicode support with MySQL database + Support of IMAP LITERAL- extension RFC 7888 <https://datatracker.ietf.org/doc/html/rfc7888> + Support of RFC 2231 <https://datatracker.ietf.org/doc/html/rfc2231> encoded names + Cache refactoring More at https://github.com/roundcube/roundcubemail/releases/tag/1.5.0 + added SECURITY.md to documentation + mark the whole documentation directory as documentation instead of listing some files and others not (avoid duplicate entries in RPM-DB) + adjust requirements: php-intl is now required update to 1.4.11 with security fix: - Fix cross-site scripting (XSS) via HTML messages with malicious CSS content - add PHP version to Requires: and Recommends: to make sure the same version is installed as used during packaging - drop Requires: http_daemon (fixes boo#1180132) and Suggests: apache2 (which is already required though mod_php_any) update to 1.4.10: * Stored cross-site scripting (XSS) via HTML or plain text messages with malicious content ( CVE-2020-35730 boo#1180399 ) * Fix extra angle brackets in In-Reply-To header derived from mailto: params (#7655) * Fix folder list issue when special folder is a subfolder (#7647) * Fix Elastic's folder subscription toggle in search result (#7653) * Fix state of subscription toggle on folders list after changing folder state from the search result (#7653) * Security: Fix cross-site scripting (XSS) via HTML or plain text messages with malicious content update to 1.4.9: * Fix HTML editor in latest Chrome 85.0.4183.102, update to TinyMCE 4.9.11 (#7615) * Add missing localization for some label/legend elements in userinfo plugin (#7478) * Fix importing birthday dates from Gmail vCards (BDAY:YYYYMMDD) * Fix restoring Cc/Bcc fields from local storage (#7554) * Fix jstz.min.js installation, bump version to 1.0.7 * Fix incorrect PDO::lastInsertId() use in sqlsrv driver (#7564) * Fix link to closure compiler in bin/jsshrink.sh script (#7567) * Fix bug where some parts of a message could have been missing in a reply/forward body (#7568) * Fix empty space on mail printouts in Chrome (#7604) * Fix empty output from HTML5 parser when content contains XML tag (#7624) * Fix scroll jump on key press in plain text mode of the HTML editor (#7622) * Fix so autocompletion list does not hide on scroll inside it (#7592) update to 1.4.8 with security fixes: * Fix cross-site scripting (XSS) via HTML messages with malicious svg content (CVE-2020-16145) * Fix cross-site scripting (XSS) via HTML messages with malicious math content update to 1.4.7 with security fix: * Fix bug where subfolders of special folders could have been duplicated on folder list * Increase maximum size of contact jobtitle and department fields to 128 characters * Fix missing newline after the logged line when writing to stdout (#7418) * Elastic: Fix context menu (paste) on the recipient input (#7431) * Fix problem with forwarding inline images attached to messages with no HTML part (#7414) * Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455) - add http.inc file * include one file for php5/php7 admin flags/values update to 1.4.5 Security fixes * Fix XSS issue in template object 'username' (#7406) * Fix cross-site scripting (XSS) via malicious XML attachment * Fix a couple of XSS issues in Installer (#7406) * Better fix for CVE-2020-12641 Other changes * Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364) * Fix so the database setup description is compatible with MySQL 8 (#7340) * Markasjunk: Fix regression in jsevent driver (#7361) * Fix missing flag indication on collapsed thread in Larry and Elastic (#7366) * Fix default keyservers (use keys.openpgp.org), add note about CORS (#7373, #7367) * Password: Fix issue with Modoboa driver (#7372) * Mailvelope: Use sender's address to find pubkeys to check signatures (#7348) * Mailvelope: Fix Encrypt button hidden in Elastic (#7353) * Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392) * Fix error when user-configured skin does not exist anymore (#7271) * Elastic: Fix aspect ratio of a contact photo in mail preview (#7339) * Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382) * Security: Fix a couple of XSS issues in Installer (#7406) * Security: Better fix for CVE-2020-12641 update to 1.4.4 * Fix bug where attachments with Content-Id were attached to the message on reply (#7122) * Fix identity selection on reply when both sender and recipient addresses are included in identities (#7211) * Elastic: Fix text selection with Shift+PageUp and Shift+PageDown in plain text editor when using Chrome (#7230) * Elastic: Fix recipient input bug when using click to select a contact from autocomplete list (#7231) * Elastic: Fix color of a folder with recent messages (#7281) * Elastic: Restrict logo size in print view (#7275) * Fix invalid Content-Type for messages with only html part and inline images * Mail_Mime-1.10.7 (#7261) * Fix missing contact display name in QR Code data (#7257) * Fix so button label in Select image/media dialogs is "Close" not "Cancel" (#7246) * Fix regression in testing database schema on MSSQL (#7227) * Fix cursor position after inserting a group to a recipient input using autocompletion (#7267) * Fix string literals handling in IMAP STATUS (and various other) responses (#7290) * Fix bug where multiple images in a message were replaced by the first one on forward/reply/edit (#7293) * Fix handling keyservers configured with protocol prefix (#7295) * Markasjunk: Fix marking as spam/ham on moving messages with Move menu (#7189) * Markasjunk: Fix bug where moving to Junk was failing on messages selected with Select > All (#7206) * Fix so imap error message is displayed to the user on folder create/update (#7245) * Fix bug where a special folder couldn't be created if a special-use flag is not supported (#7147) * Mailvelope: Fix bug where recipients with name were not handled properly in mail compose (#7312) * Fix characters encoding in group rename input after group creation/rename (#7330) * Fix bug where some message/rfc822 parts could not be attached on forward (#7323) * Make install-jsdeps.sh script working without the 'file' program installed (#7325) * Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) * Fix so Print button for PDF attachments works on Firefox >= 75 (#5125) update to 1.4.3 * Enigma: Fix so key list selection is reset when opening key creation form (#7154) * Enigma: Fix so using list checkbox selection does not load the key preview frame * Enigma: Fix generation of key pairs for identities with IDN domains (#7181) * Enigma: Display IDN domains of key users and identities in UTF8 * Enigma: Fix bug where "Send unencrypted" button didn't work in Elastic skin (#7205) * Managesieve: Fix bug where it wasn't possible to save flag actions (#7188) * Markasjunk: Fix bug where marking as spam/ham didn't work on moving messages with drag-and-drop (#7137) * Password: Make chpass-wrapper.py Python 3 compatible (#7135) * Elastic: Fix disappearing sidebar in mail compose after clicking Mail button * Elastic: Fix incorrect aria-disabled attribute on Mail taskmenu button in mail compose * Elastic: Fix bug where it was possible to switch editor mode when 'htmleditor' was in 'dont_override' (#7143) * Elastic: Fix text selection in recipient inputs (#7129) * Elastic: Fix missing Close button in "more recipients" dialog * Elastic: Fix non-working folder subscription checkbox for newly added folders (#7174) * Fix regression where "Open in new window" action didn't work (#7155) * Fix PHP Warning: array_filter() expects parameter 1 to be array, null given in subscriptions_option plugin (#7165) * Fix unexpected error message when mail refresh involves folder auto-unsubscribe (#6923) * Fix recipient duplicates in print-view when the recipient list has been expanded (#7169) * Fix bug where files in skins/ directory were listed on skins list (#7180) * Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117) * Fix display issues with mail subject that contains line-breaks (#7191) * Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170) * Fix regression where using an absolute path to SQLite database file on Windows didn't work (#7196) * Fix using unix:///path/to/socket.file in memcached driver (#7210) - prefer brotli over gzip if brotli is available: + enable mod_brotli in roundcubemail-httpd.conf (after deflate) + enable brotli via a2enmod for new installations update to 1.4.2: * Plugin API: Make actionbefore, before, actionafter and after events working with plugin actions (#7106) * Managesieve: Replace "Filter disabled" with "Filter enabled" (#7028) * Managesieve: Fix so modifier type select wasn't hidden after hiding modifier select on header change * Managesieve: Fix filter selection after removing a first filter (#7079) * Markasjunk: Fix marking more than one message as spam/ham with email_learn driver (#7121) * Password: Fix kpasswd and smb drivers' double-escaping bug (#7092) * Enigma: Add script to import keys from filesystem to the db storage (for multihost) * Installer: Fix DB Write test on SQLite database ("database is locked" error) (#7064) * Installer: Fix so SQLite DSN with a relative path to the database file works in Installer * Elastic: Fix contrast of warning toasts (#7058) * Elastic: Simple search in pretty selects (#7072) * Elastic: Fix hidden list widget on mobile/tablet when selecting folder while search menu is open (#7120) * Fix so type attribute on script tags is not used on HTML5 pages (#6975) * Fix unread count after purge on a folder that is not currently selected (#7051) * Fix bug where Enter key didn't work on messages list in "List" layout (#7052) * Fix bug where deleting a saved search in addressbook caused display issue on sources/groups list (#7061) * Fix bug where a new saved search added after removing all searches wasn't added to the list (#7061) * Fix bug where a new contact group added after removing all groups from addressbook wasn't added to the list * Fix so install-jsdeps.sh removes Bootstrap's sourceMappingURL (#7035) * Fix so use of Ctrl+A does not scroll the list (#7020) * Fix/remove useless keyup event handler on username input in logon form (#6970) * Fix bug where cancelling switching from HTML to plain text didn't set the flag properly (#7077) * Fix bug where HTML reply could add an empty line with extra indentation above the original message (#7088) * Fix matching multiple X-Forwarded-For addresses with 'proxy_whitelist' (#7107) * Fix so displayed maximum attachment size depends also on 'max_message_size' (#7105) * Fix bug where 'skins_allowed' option didn't enforce user skin preference (#7080) * Fix so contact's organization field accepts up to 128 characters (it was 50) * Fix bug where listing tables in PostgreSQL database with db_prefix didn't work (#7093) * Fix bug where 'text' attribute on body tag was ignored when displaying HTML message (#7109) * Fix bug where next message wasn't displayed after delete in List mode (#7096) * Fix so number of contacts in a group is not limited to 200 when redirecting to mail composer from Contacts (#6972) * Fix malformed characters in HTML message with charset meta tag not in head (#7116) - php documentor is not needed on a productive system -> remove - also fix /usr/bin/env calls for two vendor scripts - skins now have some configurable files in their directories: move those files over to /etc/roundcubemail/skins/ - move other text files (incl. vendor ones) out of the root directory (and handle the LICENSE file a bit different) - enable mod_filter and add AddOutputFilterByType for common media types like html, javascript or xml - enable php7 on newer openSUSE versions - enable deflate, expires, filter, headers and setenvif on a new installation - do not enable any module in case of an update - recommend php-imagick for additional features - fixed most of the shell scripts to contain /usr/bin/php Upgrade to version 1.4.1: * new defaults for smtp_* config options * changed default password_charset to UTF-8 * login page returning 401 Unauthorized status Upgrade to version 1.4.0: * Update to jQuery 3.4.1 * Update to TinyMCE 4.8.2 * Update to jQuery-MiniColors 2.3.4 * Clarified 'address_book_type' option behavior (#6680) * Added cookie mismatch detection, display an error message informing the user to clear cookies * Renamed 'log_session' option to 'session_debug' * Removed 'delete_always' option (#6782) * Don't log full session identifiers in userlogins log (#6625) * Support $HasAttachment/$HasNoAttachment keywords (#6201) * Support PECL memcached extension as a session and cache storage driver (experimental) * Switch to IDNA2008 variant (#6806) * installto.sh: Add possibility to run the update even on the up-to-date installation (#6533) * Plugin API: Add 'render_folder_selector' hook * Added 'keyservers' option to define list of HKP servers for Enigma/Mailvelope (#6326) * Added flag to disable server certificate validation via Mysql DSN argument (#6848) * Select all records on the current list page with CTRL + A (#6813) * Use Left/Right Arrow keys to faster move over threaded messages list (#6399) * Changes in display_next setting (#6795): * * Move it to Preferences > User Interface > Main Options * * Make it apply to Contacts interface too * * Make it apply only if deleting/moving a previewed message/contact * Redis: Support connection to unix socket * Put charset meta specification before a title tag, add page title automatically (#6811) * Elastic: Various internal refactorings * Elastic: Add Prev/Next buttons on message page toolbar (#6648) * Elastic: Close search options on Enter key press in quick-search input (#6660) * Elastic: Changed some icons (#6852) * Elastic: Changed read/unread icons (#6636) * Elastic: Changed "Move to..." icon (#6637) * Elastic: Add hide/show for advanced preferences (#6632) * Elastic: Add default icon on Settings/Preferences lists for external plugins (#6814) * Elastic: Add indicator for popover menu items that open a submenu (#6868) * Elastic: Move compose attachments/options to the right side (#6839) * Elastic: Add border/background to attachments list widget (#6842) * Elastic: Add "Show unread messages" button to the search bar (#6587) * Elastic: Fix bug where toolbar disappears on attachment menu use in Chrome (#6677) * Elastic: Fix folders list scrolling on touch devices (#6706) * Elastic: Fix non-working pretty selects in Chrome browser (#6705) * Elastic: Fix issue with absolute positioned mail content (#6739) * Elastic: Fix bug where some menu actions could cause a browser popup warning * Elastic: Fix handling mailto: URL parameters in contact menu (#6751) * Elastic: Fix keyboard navigation in some menus, e.g. the contact menu * Elastic: Fix visual issue with long buttons in .boxwarning (#6797) * Elastic: Fix handling new-line in text pasted to a recipient input * Elastic: Fix so search is not reset when returning from the message preview page (#6847) * Larry: Fix regression where menu actions didn't work with keyboard (#6740) * ACL: Display user/group names (from ldap) instead of acl identifier * Password: Added ldap_exop driver (#4992) * Password: Added support for SSHA512 password algorithm (#6805) * Managesieve: Fix bug where global includes were requested for vacation (#6716) * Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686) * Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723) * Enigma: For verified signatures, display the user id associated with the sender address (#5958) * Enigma: Fix bug where revoked users/keys were not greyed out in key info * Enigma: Fix error message when trying to encrypt with a revoked key (#6607) * Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638) * Enigma: Fix bug where signature verification could have been skipped for some message structures (#6838) * Fix language selection for spellchecker in html mode (#6915) * Fix css styles leak from replied/forwarded message to the rest of the composed text (#6831) * Fix invalid path to "add contact" icon when using assets_path setting * Fix invalid path to blocked.gif when using assets_path setting (#6752) * Fix so advanced search dialog is not automatically displayed on searchonly addressbooks (#6679) * Fix so an error is logged when more than one attachment plugin has been enabled, initialize the first one (#6735) * Fix bug where flag change could have been passed to a preview frame when not expected * Fix bug in HTML parser that could cause missing text fragments when there was no head/body tag (#6713) * Fix bug where HTML messages with a xml:namespace tag were not rendered (#6697) * Fix TinyMCE download location (#6694) * Fix so "Open in new window" consistently displays "external window" interface (#6659) * Fix bug where next row wasn't selected after deleting a collapsed thread (#6655) * Fix bug where external content (e.g. mail body) was passed to templates parsing code (#6640) * Fix bug where attachment preview didn't work with x_frame_options=deny (#6688) * Fix so bin/install-jsdeps.sh returns error code on error (#6704) * Fix bug where bmp images couldn't be displayed on some systems (#6728) * Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744) * Fix bug where bold/strong text was converted to upper-case on html-to-text conversion (6758) * Fix bug in rcube_utils::parse_hosts() where %t, %d, %z could return only tld (#6746) * Fix bug where Next/Prev button in mail view didn't work with multi-folder search result (#6793) * Fix bug where selection of columns on messages list wasn't working * Fix bug in converting multi-page Tiff images to Jpeg (#6824) * Fix bug where handling multiple messages from multi-folder search result could not work (#6845) * Fix bug where unread count wasn't updated after moving multi-folder result (#6846) * Fix wrong messages order after returning to a multi-folder search result (#6836) * Fix some PHP 7.4 compat. issues (#6884, #6866) * Fix bug where it was possible to bypass the position:fixed CSS check in received messages (#6898) * Fix bug where some strict remote URIs in url() style were unintentionally blocked (#6899) * Fix bug where it was possible to bypass the CSS jail in HTML messages using :root pseudo-class (#6897) * Fix bug where it was possible to bypass href URI check with data:application/xhtml+xml URIs (#6896) * Changed 'password_charset' default to 'UTF-8' (#6522) * Add skins_allowed option (#6483) * SMTP GSSAPI support via krb_authentication plugin (#6417) * Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385) * Removed 'referer_check' option (#6440) * Use constant prefix for temp file names, don't remove temp files from other apps (#6511) * Ignore 'Sender' header on Reply-All action (#6506) * deluser.sh: Add option to delete users who have not logged in for more than X days (#6340) * HTML5 Upload Progress - as a replacement for the old server-side solution (#6177) * Prevent from using deprecated timezone names from jsTimezoneDetect * Force session.gc_probability=1 when using custom session handlers (#6560) * Support simple field labels (e.g. LetterHub examples) in csv imports (#6541) * Add cache busters also to images used by templates (#6610) * Plugin API: Added 'raise_error' hook (#6199) * Plugin API: Added 'common_headers' hook (#6385) * Plugin API: Added 'ldap_connected' hook * Enigma: Update to OpenPGPjs 4.2.1 - fixes user name encoding issues in key generation (#6524) * Enigma: Fixed multi-host synchronization of private and deleted keys and pubring.kbx file * Managesieve: Added support for 'editheader' extension - RFC5293 (#5954) * Managesieve: Fix bug where custom header or variable could be lost on form submission (#6594) * Markasjunk: Integrate markasjunk2 features into markasjunk - marking as non-junk + learning engine (#6504) * Password: Added 'modoboa' driver (#6361) * Password: Fix bug where password_dovecotpw_with_method setting could be ignored (#6436) * Password: Fix bug where new users could skip forced password change (#6434) * Password: Allow drivers to override default password comparisons (eg new is not same as current) (#6473) * Password: Allow drivers to override default strength checks (eg allow for 'not the same as last x passwords') (#246) * Passowrd: Allow drivers to define password strength rules displayed to the user * Password: Allow separate password saving and strength drivers for use of strength checking services (#5040) * Password: Add zxcvbn driver for checking password strength (#6479) * Password: Disallow control characters in passwords * Password: Add support for Plesk >= 17.8 (#6526) * Elastic: Improved datepicker displayed always in parent window * Elastic: On touch devices display attachment icons on messages list (#6296) * Elastic: Make menu button inactive if all subactions are inactive (#6444) * Elastic: On mobile/tablet jump to the list on folder selection (#6415) * Elastic: Various improvements on mail compose screen (#6413) * Elastic: Support new-line char as a separator for pasted recipients (#6460) * Elastic: Improved UX of search dialogs (#6416) * Elastic: Fix unwanted thread expanding when selecting a collapsed thread in non-mobile mode (#6445) * Elastic: Fix too small height of mailvelope mail preview frame (#6600) * Elastic: Add "status bar" for mobile in mail composer * Elastic: Add selection options on contacts list (#6595) * Elastic: Fix unintentional layout preference overwrite (#6613) * Elastic: Fix bug where Enigma options in mail compose could sometimes be ignored (#6515) * Log errors caused by low pcre.backtrack_limit when sending a mail message (#6433) * Fix regression where drafts were not deleted after sending the message (#6756) * Fix so max_message_size limit is checked also when forwarding messages as attachments (#6580) * Fix so performance stats are logged to the main console log also when per_user_logging=true * Fix malformed message saved into Sent folder when using big attachments and low memory limit (#6498) * Fix incorrect IMAP SASL GSSAPI negotiation (#6308) * Fix so unicode in local part of the email address is also supported in recipient inputs (#6490) * Fix bug where autocomplete list could be displayed out of screen (#6469) * Fix style/navigation on error page depending on authentication state (#6362) * Fix so invalid smtp_helo_host is never used, fallback to localhost (#6408) * Fix custom logo size in Elastic (#6424) * Fix listing the same attachment multiple times on forwarded messages * Fix bug where a message/rfc822 part without a filename wasn't listed on the attachments list (#6494) * Fix inconsistent offset for various time zones - always display Standard Time offset (#6531) * Fix dummy Message-Id when resuming a draft without Message-Id header (#6548) * Fix handling of empty entries in vCard import (#6564) * Fix bug in parsing some IMAP command responses that include unsolicited replies (#6577) * Fix PHP 7.2 compatibility in debug_logger plugin (#6586) * Fix so ANY record is not used for email domain validation, use A, MX, CNAME, AAAA instead (#6581) * Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) * Fix missing CSRF token on a link to download too-big message part (#6621) * Fix bug when aborting dragging with ESC key didn't stop the move action (#6623) * Improved Mailvelope integration * * Added private key listing and generating to identity settings * * Enable encrypt & sign option if Mailvelope supports it * Allow contacts without an email address (#5079) * Support SMTPUTF8 and relax email address validation to support unicode in local part (#5120) * Support for IMAP folders that cannot contain both folders and messages (#5057) * Remove sample PHP configuration from .htaccess and .user.ini files (#5850) * Extend skin_logo setting to allow per skin logos (#6272) * Use Masterminds/HTML5 parser for better HTML5 support (#5761) * Add More actions button in Contacts toolbar with Copy/Move actions (#6081) * Display an error when clicking disabled link to register protocol handler (#6079) * Add option trusted_host_patterns (#6009, #5752) * Support additional connect parameters in PostgreSQL database wrapper * Use UI dialogs instead of confirm() and alert() where possible * Display value of the SMTP message size limit in the error message (#6032) * Show message flagged status in message view (#5080) * Skip redundant INSERT query on successful logon when using PHP7 * Replace display_version with display_product_version (#5904) * Extend disabled_actions config so it accepts also button names (#5903) * Handle remote stylesheets the same as remote images, ask the user to allow them (#5994) * Add Message-ID to the sendmail log (#5871) * Add option to hide folders in share/other-user namespace or outside of the personal namespace root (#5073) * Archive: Fix archiving by sender address on cyrus-imap * Archive: Style Archive folder also on folder selector and folder manager lists * Archive: Add Thunderbird compatible Month option (#5623) * Archive: Create archive folder automatically if it's configured, but does not exist (#6076) * Enigma: Add button to send mail unencrypted if no key was found (#5913) * Enigma: Add options to set PGP cipher/digest algorithms (#5645) * Enigma: Multi-host support * Managesieve: Add ability to disable filter sets and other actions (#5496, #5898) * Managesieve: Add option managesieve_forward to enable settings dialog for simple forwarding (#6021) * Managesieve: Support filter action with custom IMAP flags (#6011) * Managesieve: Support 'mime' extension tests - RFC5703 (#5832) * Managesieve: Support GSSAPI authentication with krb_authentication plugin (#5779) * Managesieve: Support enabling the plugin for specified hosts only (#6292) * Password: Support host variables in password_db_dsn option (#5955) * Password: Automatic virtualmin domain setting, removed password_virtualmin_format option (#5759) * Password: Added password_username_format option (#5766) * subscriptions_option: show \Noselect folders greyed out (#5621) * zipdownload: Added option to define size limit for multiple messages download (#5696) * vcard_attachments: Add possibility to send contact vCard from Contacts toolbar (#6080) * Changed defaults for smtp_user (%u), smtp_pass (%p) and smtp_port (587) * Composer: Fix certificate validation errors by using packagist only (#5148) * Add --get and --extract arguments and CACHEDIR env-variable support to install-jsdeps.sh (#5882) * Support _filter and _scope as GET arguments for opening mail UI (#5825) * Various improvements for templating engine and skin behaviours * * Support conditional include * * Support for 'link' objects * * Support including files with path relative to templates directory * * Use instead of for submit button on logon screen * Support skin localization (#5853) * Reset onerror on images if placeholder does not exist to prevent from requests storm * Unified and simplified code for loading content frame for responses and identities * Display contact import and advanced search in popup dialogs * Display a dialog for mail import with supported format description and upload size hint * Make possible to set (some) config options from a skin * Added optional checkbox selection for the list widget * Make 'compose' command always enabled * Add .log suffix to all log file names, add option log_file_ext to control this (#313) * Return "401 Unauthorized" status when login fails (#5663) * Support both comma and semicolon as recipient separator, drop recipients_separator option (#5092) * Plugin API: Added 'show_bytes' hook (#5001) * Add option to not indent quoted text on top-posting reply (#5105) * Removed global $CONFIG variable * Removed debug_level setting * Support AUTHENTICATE LOGIN for IMAP connections (#5563) * Support LDAP GSSAPI authentication (#5703) * Localized timezone selector (#4983) * Use 7bit encoding for ISO-2022-* charsets in sent mail (#5640) * Handle inline images also inside multipart/mixed messages (#5905) * Allow style tags in HTML editor on composed/reply messages (#5751) * Use Github API as a fallback to fetch js dependencies to workaround throttling issues (#6248) * Show confirm dialog when moving folders using drag and drop (#6119) * Fix bug where new_user_dialog email check could have been circumvented by deleting / abandoning session (#5929) * Fix skin extending for assets (#5115) * Fix handling of forwarded messages inside of a TNEF message (#5632) * Fix bug where attachment size wasn't visible when the filename was too long (#6033) * Fix checking table columns when there's more schemas/databases in postgres/mysql (#6047) * Fix css conflicts in user interface and e-mail content (#5891) * Fix duplicated signature when using Back button in Chrome (#5809) * Fix touch event issue on messages list in IE/Edge (#5781) * Fix so links over images are not removed in plain text signatures converted from HTML (#4473) * Fix various issues when downloading files with names containing non-ascii chars, use RFC 2231 (#5772) Upgrade to version 1.3.10: * Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638) Upgrade to version 1.3.9: * Fix TinyMCE download location(s) (#6694) * Fix so mime_content_type check in Installer uses files that should always be available (i.e. from program/resources) (#6599) Upgrade to version 1.3.8: * Fix support for "allow-from " in x_frame_options config option (#6449) - add files with .log entry to logrotate config enhance apache configuration by: + disable mbstring function overload (http://bugs.php.net/bug.php?id=30766) + do not allow to see README*, INSTALL, LICENSE or CHANGELOG files + set additional headers: + Content-Security-Policy: ask browsers to not set the referrer + Cache-Control: ask not to cache the content + Strict-Transport-Security: set HSTS rules for SSL traffic + X-XSS-Protection: configure built in reflective XSS protection adjust README.openSUSE: + db.inc.php is not used any longer + flush privileges after creating/changing users in mysql Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10148=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10148=1 Package List: - openSUSE Backports SLE-15-SP4 (noarch): roundcubemail-1.5.3-bp154.2.3.1 - openSUSE Backports SLE-15-SP3 (noarch): roundcubemail-1.5.3-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2019-10740.html https://www.suse.com/security/cve/CVE-2020-12641.html https://www.suse.com/security/cve/CVE-2020-16145.html https://www.suse.com/security/cve/CVE-2020-35730.html https://bugzilla.suse.com/1180132 https://bugzilla.suse.com/1180399

1 0