October 2022 - openSUSE Security Announce

SUSE-SU-2022:3800-1: important: Security update for MozillaThunderbird
by opensuse-security＠opensuse.org 27 Oct '22

27 Oct '22

SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3800-1 Rating: important References: #1203477 #1204411 #1204421 Cross-References: CVE-2022-3155 CVE-2022-3266 CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251 CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 CVSS scores: CVE-2022-39236 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-39236 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39249 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39249 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39250 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39250 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39251 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-39251 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 102.4.0 (bsc#1204421) * changed: Thunderbird will automatically detect and repair OpenPGP key storage corruption caused by using the profile import tool in Thunderbird 102 * fixed: POP message download into a large folder (~13000 messages) caused Thunderbird to temporarily freeze * fixed: Forwarding messages with special characters in Subject failed on Windows * fixed: Links for FileLink attachments were not added when attachment filename contained Unicode characters * fixed: Address Book display pane continued to show contacts after deletion * fixed: Printing address book did not include all contact details * fixed: CardDAV contacts without a Name property did not save to Google Contacts * fixed: "Publish Calendar" did not work * fixed: Calendar database storage improvements * fixed: Incorrectly handled error responses from CalDAV servers sometimes caused events to disappear from calendar * fixed: Various visual and UX improvements - Mozilla Thunderbird 102.3.3 * new: Option added to show containing address book for a contact when using `All Address Books` in vertical mode (bmo#1778871) * changed: Thunderbird will try to use POP NTLM authentication even if not advertised by server (bmo#1793349) * changed: Task List and Today Pane sidebars will no longer load when not visible (bmo#1788549) * fixed: Sending a message while a recipient pill was being modified did not save changes (bmo#1779785) * fixed: Nickname column was not available in horizontal view of Address Book (bmo#1778000) * fixed: Multiline organization values were displayed across two columns in horizontal view of Address Book (bmo#1777780) * fixed: Contact vCard fields with multiple values such as Categories were truncated when saved (bmo#1792399) * fixed: ICS calendar files with a `FREEBUSY` property could not be imported (bmo#1783441) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999) - Mozilla Thunderbird 102.3.2 * changed: Thunderbird will try to use POP CRAM-MD5 authentication even if not advertised by server (bmo#1789975) * fixed: Checking messages on POP3 accounts caused POP folder to lock if mail server was slow or non-responsive (bmo#1792451) * fixed: Newsgroups named with consecutive dots would not appear when refreshing list of newsgroups (bmo#1787789) * fixed: Sending news articles containing lines starting with dot were sometimes clipped (bmo#1787955) * fixed: CardDAV server sync silently failed if sync token expired (bmo#1791183) * fixed: Contacts from LDAP on macOS address books were not displayed (bmo#1791347) * fixed: Chat account input now accepts URIs for supported chat protocols (bmo#1776706) * fixed: Chat ScreenName field was not migrated to new address book (bmo#1789990) * fixed: Creating a New Event from the Today Pane used the currently selected day from the main calendar instead of from the Today Pane (bmo#1791203) * fixed: `New Event` button in Today Pane was incorrectly disabled sometimes (bmo#1792058) * fixed: Event reminder windows did not close after being dismissed or snoozed (bmo#1791228) * fixed: Improved performance of recurring event date calculation (bmo#1787677) * fixed: Quarterly calendar events on the last day of the month repeated one month early (bmo#1789362) * fixed: Thunderbird would hang if calendar event exceeded the year 2035 (bmo#1789999) * fixed: Whitespace in calendar events was incorrectly handled when upgrading from Thunderbird 91 to 102 (bmo#1790339) * fixed: Various visual and UX improvements (bmo#1755623,bmo#17 83903,bmo#1785851,bmo#1786434,bmo#1787286,bmo#1788151,bmo#178 9728,bmo#1790499) - Mozilla Thunderbird 102.3.1 * changed: Compose window encryption options now only appear for encryption technologies that have already been configured (bmo#1788988) * changed: Number of contacts in currently selected address book now displayed at bottom of Address Book list column (bmo#1745571) * fixed: Password prompt did not include server hostname for POP servers (bmo#1786920) * fixed: `Edit Contact` was missing from Contacts sidebar context menus (bmo#1771795) * fixed: Address Book contact lists cut off display of some characters, the result being unreadable (bmo#1780909) * fixed: Menu items for dark-themed alarm dialog were invisible on Windows 7 (bmo#1791738) * fixed: Various security fixes MFSA 2022-43 (bsc#1204411) * CVE-2022-39249 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * CVE-2022-39250 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a device verification attack * CVE-2022-39251 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack * CVE-2022-39236 (bmo#1791765) Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue - Mozilla Thunderbird 102.3 * changed: Thunderbird will no longer attempt to import account passwords when importing from another Thunderbird profile in order to prevent profile corruption and permanent data loss. (bmo#1790605) * changed: Devtools performance profile will use Thunderbird presets instead of Web Developer presets (bmo#1785954) * fixed: Thunderbird startup performance improvements (bmo#1785967) * fixed: Saving email source and images failed (bmo#1777323,bmo#1778804) * fixed: Error message was shown repeatedly when temporary disk space was full (bmo#1788580) * fixed: Attaching OpenPGP keys without a set size to non- encrypted messages briefly displayed a size of zero bytes (bmo#1788952) * fixed: Global Search entry box initially contained "undefined" (bmo#1780963) * fixed: Delete from POP Server mail filter rule intermittently failed to trigger (bmo#1789418) * fixed: Connections to POP3 servers without UIDL support failed (bmo#1789314) * fixed: Pop accounts with "Fetch headers only" set downloaded complete messages if server did not advertise TOP capability (bmo#1789356) * fixed: "File -> New -> Address Book Contact" from Compose window did not work (bmo#1782418) * fixed: Attach "My vCard" option in compose window was not available (bmo#1787614) * fixed: Improved performance of matching a contact to an email address (bmo#1782725) * fixed: Address book only recognized a contact's first two email addresses (bmo#1777156) * fixed: Address book search and autocomplete failed if a contact vCard could not be parsed (bmo#1789793) * fixed: Downloading NNTP messages for offline use failed (bmo#1785773) * fixed: NNTP client became stuck when connecting to Public- Inbox servers (bmo#1786203) * fixed: Various visual and UX improvements (bmo#1782235,bmo#1787448,bmo#1788725,bmo#1790324) * fixed: Various security fixes * unresolved: No dedicated "Department" field in address book (bmo#1777780) MFSA 2022-42 (bsc#1203477) * CVE-2022-3266 (bmo#1767360) Out of bounds read when decoding H264 * CVE-2022-40959 (bmo#1782211) Bypassing FeaturePolicy restrictions on transient pages * CVE-2022-40960 (bmo#1787633) Data-race when parsing non-UTF-8 URLs in threads * CVE-2022-40958 (bmo#1779993) Bypassing Secure Context restriction for cookies with __Host and __Secure prefix * CVE-2022-40956 (bmo#1770094) Content-Security-Policy base-uri bypass * CVE-2022-40957 (bmo#1777604) Incoherent instruction cache when building WASM on ARM64 * CVE-2022-3155 (bmo#1789061) Attachment files saved to disk on macOS could be executed without warning * CVE-2022-40962 (bmo#1776655, bmo#1777574, bmo#1784835, bmo#1785109, bmo#1786502, bmo#1789440) Memory safety bugs fixed in Thunderbird 102.3 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3800=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3800=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3800=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3800=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3800=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3800=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-102.4.0-150200.8.85.1 MozillaThunderbird-debuginfo-102.4.0-150200.8.85.1 MozillaThunderbird-debugsource-102.4.0-150200.8.85.1 MozillaThunderbird-translations-common-102.4.0-150200.8.85.1 MozillaThunderbird-translations-other-102.4.0-150200.8.85.1 References: https://www.suse.com/security/cve/CVE-2022-3155.html https://www.suse.com/security/cve/CVE-2022-3266.html https://www.suse.com/security/cve/CVE-2022-39236.html https://www.suse.com/security/cve/CVE-2022-39249.html https://www.suse.com/security/cve/CVE-2022-39250.html https://www.suse.com/security/cve/CVE-2022-39251.html https://www.suse.com/security/cve/CVE-2022-40956.html https://www.suse.com/security/cve/CVE-2022-40957.html https://www.suse.com/security/cve/CVE-2022-40958.html https://www.suse.com/security/cve/CVE-2022-40959.html https://www.suse.com/security/cve/CVE-2022-40960.html https://www.suse.com/security/cve/CVE-2022-40962.html https://bugzilla.suse.com/1203477 https://bugzilla.suse.com/1204411 https://bugzilla.suse.com/1204421

1 0

SUSE-SU-2022:3785-1: important: Security update for curl
by opensuse-security＠opensuse.org 26 Oct '22

26 Oct '22

SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3785-1 Rating: important References: #1204383 #1204386 Cross-References: CVE-2022-32221 CVE-2022-42916 CVSS scores: CVE-2022-32221 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-42916 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3785=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3785=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3785=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.9.1 curl-debuginfo-7.79.1-150400.5.9.1 curl-debugsource-7.79.1-150400.5.9.1 libcurl-devel-7.79.1-150400.5.9.1 libcurl4-7.79.1-150400.5.9.1 libcurl4-debuginfo-7.79.1-150400.5.9.1 - openSUSE Leap 15.4 (x86_64): libcurl-devel-32bit-7.79.1-150400.5.9.1 libcurl4-32bit-7.79.1-150400.5.9.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.9.1 curl-debuginfo-7.79.1-150400.5.9.1 curl-debugsource-7.79.1-150400.5.9.1 libcurl-devel-7.79.1-150400.5.9.1 libcurl4-7.79.1-150400.5.9.1 libcurl4-debuginfo-7.79.1-150400.5.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libcurl4-32bit-7.79.1-150400.5.9.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.9.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): curl-7.79.1-150400.5.9.1 curl-debuginfo-7.79.1-150400.5.9.1 curl-debugsource-7.79.1-150400.5.9.1 libcurl4-7.79.1-150400.5.9.1 libcurl4-debuginfo-7.79.1-150400.5.9.1 References: https://www.suse.com/security/cve/CVE-2022-32221.html https://www.suse.com/security/cve/CVE-2022-42916.html https://bugzilla.suse.com/1204383 https://bugzilla.suse.com/1204386

1 0

SUSE-SU-2022:3782-1: important: Security update for libmad
by opensuse-security＠opensuse.org 26 Oct '22

26 Oct '22

SUSE Security Update: Security update for libmad ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3782-1 Rating: important References: #1036968 #1036969 Cross-References: CVE-2017-8372 CVE-2017-8373 CVSS scores: CVE-2017-8372 (NVD) : 4.7 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-8372 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-8373 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-8373 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libmad fixes the following issues: - CVE-2017-8373: Fixed heap-based buffer overflow in mad_layer_III (bsc#1036968). - CVE-2017-8372: Fixed assertion failure in layer3.c (bsc#1036969). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3782=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3782=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3782=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3782=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3782=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3782=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3782=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3782=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3782=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3782=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3782=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3782=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3782=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3782=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3782=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3782=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3782=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3782=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - openSUSE Leap 15.4 (x86_64): libmad0-32bit-0.15.1b-150000.5.3.1 libmad0-32bit-debuginfo-0.15.1b-150000.5.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - openSUSE Leap 15.3 (x86_64): libmad0-32bit-0.15.1b-150000.5.3.1 libmad0-32bit-debuginfo-0.15.1b-150000.5.3.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Manager Proxy 4.1 (x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 - SUSE CaaS Platform 4.0 (x86_64): libmad-debugsource-0.15.1b-150000.5.3.1 libmad-devel-0.15.1b-150000.5.3.1 libmad0-0.15.1b-150000.5.3.1 libmad0-debuginfo-0.15.1b-150000.5.3.1 References: https://www.suse.com/security/cve/CVE-2017-8372.html https://www.suse.com/security/cve/CVE-2017-8373.html https://bugzilla.suse.com/1036968 https://bugzilla.suse.com/1036969

1 0

SUSE-SU-2022:3781-1: moderate: Security update for container-suseconnect
by opensuse-security＠opensuse.org 26 Oct '22

26 Oct '22

SUSE Security Update: Security update for container-suseconnect ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3781-1 Rating: moderate References: #1204397 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3781=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3781=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3781=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.3.0-150000.4.19.2 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.3.0-150000.4.19.2 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.3.0-150000.4.19.2 References: https://bugzilla.suse.com/1204397

1 0

SUSE-SU-2022:3784-1: critical: Security update for libtasn1
by opensuse-security＠opensuse.org 26 Oct '22

26 Oct '22

SUSE Security Update: Security update for libtasn1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3784-1 Rating: critical References: #1204690 Cross-References: CVE-2021-46848 CVSS scores: CVE-2021-46848 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-46848 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3784=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3784=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3784=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3784=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3784=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3784=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3784=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3784=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3784=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3784=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3784=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3784=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3784=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3784=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3784=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3784=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-3784=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3784=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3784=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3784=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3784=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3784=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - openSUSE Leap 15.4 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-devel-32bit-4.13-150000.4.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - openSUSE Leap 15.3 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-devel-32bit-4.13-150000.4.8.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Manager Server 4.1 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Manager Proxy 4.1 (x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Enterprise Storage 7 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 - SUSE Enterprise Storage 6 (x86_64): libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 - SUSE CaaS Platform 4.0 (x86_64): libtasn1-4.13-150000.4.8.1 libtasn1-6-32bit-4.13-150000.4.8.1 libtasn1-6-32bit-debuginfo-4.13-150000.4.8.1 libtasn1-6-4.13-150000.4.8.1 libtasn1-6-debuginfo-4.13-150000.4.8.1 libtasn1-debuginfo-4.13-150000.4.8.1 libtasn1-debugsource-4.13-150000.4.8.1 libtasn1-devel-4.13-150000.4.8.1 References: https://www.suse.com/security/cve/CVE-2021-46848.html https://bugzilla.suse.com/1204690

1 0

SUSE-SU-2022:3783-1: important: Security update for telnet
by opensuse-security＠opensuse.org 26 Oct '22

26 Oct '22

SUSE Security Update: Security update for telnet ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3783-1 Rating: important References: #1203759 Cross-References: CVE-2022-39028 CVSS scores: CVE-2022-39028 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-39028 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for telnet fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3783=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3783=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3783=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3783=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3783=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3783=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3783=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3783=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3783=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3783=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3783=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3783=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3783=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3783=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3783=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3783=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3783=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3783=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3783=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3783=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Manager Proxy 4.1 (x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 - SUSE CaaS Platform 4.0 (x86_64): telnet-1.2-150000.3.6.1 telnet-debuginfo-1.2-150000.3.6.1 telnet-debugsource-1.2-150000.3.6.1 telnet-server-1.2-150000.3.6.1 telnet-server-debuginfo-1.2-150000.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-39028.html https://bugzilla.suse.com/1203759

1 0

SUSE-SU-2022:3775-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 26 Oct '22

26 Oct '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3775-1 Rating: important References: #1177471 #1185032 #1194023 #1196444 #1197659 #1199564 #1200313 #1200622 #1201309 #1201310 #1201489 #1201645 #1201865 #1201990 #1202095 #1202341 #1202385 #1202677 #1202960 #1202984 #1203159 #1203290 #1203313 #1203389 #1203410 #1203424 #1203514 #1203552 #1203622 #1203737 #1203769 #1203770 #1203906 #1203909 #1203935 #1203939 #1203987 #1203992 #1204051 #1204059 #1204060 #1204125 #1204289 #1204290 #1204291 #1204292 PED-529 Cross-References: CVE-2020-16119 CVE-2022-20008 CVE-2022-2503 CVE-2022-2586 CVE-2022-3169 CVE-2022-3239 CVE-2022-3303 CVE-2022-40768 CVE-2022-41218 CVE-2022-41222 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVSS scores: CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20008 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20008 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2503 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2503 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41222 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41222 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 17 vulnerabilities, contains one feature and has 29 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514) - CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290) - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622). - CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677). - CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564) - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471) The following non-security bugs were fixed: - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: fix spelling mistakes (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes) - arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes) - arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341) - arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes) - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes) - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes) - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes) - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes) - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes) - arm64: mm: fix p?d_leaf() (git-fixes) - arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes) - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes) - arm64: tegra: Remove non existent Tegra194 reset (git-fixes) - arm64: tlb: fix the TTL value of tlb_get_level (git-fixes) - arm64/mm: Validate hotplug range before creating linear mapping (git-fixes) - bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes) - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - JFS: fix GPF in diFree (bsc#1203389). - JFS: fix memleak in jfs_mount (git-fixes). - JFS: more checks for invalid superblock (git-fixes). - JFS: prevent NULL deref in diFree (bsc#1203389). - kABI: x86: kexec: hide new include from genksyms (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737). - kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: KEYS: s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990). - mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvmet: Expose max queues to configfs (bsc#1201865). - of: device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544). - powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909). - regulator: core: Clean up on enable failure (git-fixes). - s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607). - s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607). - s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607). - s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607). - s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607). - s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607). - s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: smartpqi: Update LUN reset handler (bsc#1200622). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - squashfs: fix divide error in calculate_skip() (git-fixes). - struct ehci_hcd: hide new member (git-fixes). - struct otg_fsm: hide new boolean member in gap (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix misplaced barrier in call_decode (git-fixes). - SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes). - USB: otg-fsm: Fix hrtimer list corruption (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: ch341: name prescaler, divisor registers (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - vt: Clear selection before changing the font (git-fixes). - vt: selection, introduce vc_is_sel (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled. - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xprtrdma: Fix cwnd update ordering (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3775=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3775=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3775=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3775=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3775=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3775=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3775=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3775=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3775=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3775=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3775=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): kernel-default-5.3.18-150300.59.98.1 kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.98.1 dtb-zte-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.98.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.98.1 dlm-kmp-default-5.3.18-150300.59.98.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.98.1 gfs2-kmp-default-5.3.18-150300.59.98.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-5.3.18-150300.59.98.1 kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-base-rebuild-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 kernel-default-devel-5.3.18-150300.59.98.1 kernel-default-devel-debuginfo-5.3.18-150300.59.98.1 kernel-default-extra-5.3.18-150300.59.98.1 kernel-default-extra-debuginfo-5.3.18-150300.59.98.1 kernel-default-livepatch-5.3.18-150300.59.98.1 kernel-default-livepatch-devel-5.3.18-150300.59.98.1 kernel-default-optional-5.3.18-150300.59.98.1 kernel-default-optional-debuginfo-5.3.18-150300.59.98.1 kernel-obs-build-5.3.18-150300.59.98.1 kernel-obs-build-debugsource-5.3.18-150300.59.98.1 kernel-obs-qa-5.3.18-150300.59.98.1 kernel-syms-5.3.18-150300.59.98.1 kselftests-kmp-default-5.3.18-150300.59.98.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.98.1 ocfs2-kmp-default-5.3.18-150300.59.98.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1 reiserfs-kmp-default-5.3.18-150300.59.98.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.98.1 kernel-debug-debuginfo-5.3.18-150300.59.98.1 kernel-debug-debugsource-5.3.18-150300.59.98.1 kernel-debug-devel-5.3.18-150300.59.98.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.98.1 kernel-debug-livepatch-devel-5.3.18-150300.59.98.1 kernel-kvmsmall-5.3.18-150300.59.98.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.98.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.98.1 kernel-kvmsmall-devel-5.3.18-150300.59.98.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.98.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.98.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 dlm-kmp-preempt-5.3.18-150300.59.98.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 gfs2-kmp-preempt-5.3.18-150300.59.98.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-5.3.18-150300.59.98.1 kernel-preempt-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-debugsource-5.3.18-150300.59.98.1 kernel-preempt-devel-5.3.18-150300.59.98.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-extra-5.3.18-150300.59.98.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.98.1 kernel-preempt-optional-5.3.18-150300.59.98.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.98.1 kselftests-kmp-preempt-5.3.18-150300.59.98.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 ocfs2-kmp-preempt-5.3.18-150300.59.98.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 reiserfs-kmp-preempt-5.3.18-150300.59.98.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.98.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 dlm-kmp-64kb-5.3.18-150300.59.98.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 dtb-al-5.3.18-150300.59.98.1 dtb-allwinner-5.3.18-150300.59.98.1 dtb-altera-5.3.18-150300.59.98.1 dtb-amd-5.3.18-150300.59.98.1 dtb-amlogic-5.3.18-150300.59.98.1 dtb-apm-5.3.18-150300.59.98.1 dtb-arm-5.3.18-150300.59.98.1 dtb-broadcom-5.3.18-150300.59.98.1 dtb-cavium-5.3.18-150300.59.98.1 dtb-exynos-5.3.18-150300.59.98.1 dtb-freescale-5.3.18-150300.59.98.1 dtb-hisilicon-5.3.18-150300.59.98.1 dtb-lg-5.3.18-150300.59.98.1 dtb-marvell-5.3.18-150300.59.98.1 dtb-mediatek-5.3.18-150300.59.98.1 dtb-nvidia-5.3.18-150300.59.98.1 dtb-qcom-5.3.18-150300.59.98.1 dtb-renesas-5.3.18-150300.59.98.1 dtb-rockchip-5.3.18-150300.59.98.1 dtb-socionext-5.3.18-150300.59.98.1 dtb-sprd-5.3.18-150300.59.98.1 dtb-xilinx-5.3.18-150300.59.98.1 dtb-zte-5.3.18-150300.59.98.1 gfs2-kmp-64kb-5.3.18-150300.59.98.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 kernel-64kb-5.3.18-150300.59.98.1 kernel-64kb-debuginfo-5.3.18-150300.59.98.1 kernel-64kb-debugsource-5.3.18-150300.59.98.1 kernel-64kb-devel-5.3.18-150300.59.98.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.98.1 kernel-64kb-extra-5.3.18-150300.59.98.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.98.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.98.1 kernel-64kb-optional-5.3.18-150300.59.98.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.98.1 kselftests-kmp-64kb-5.3.18-150300.59.98.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 ocfs2-kmp-64kb-5.3.18-150300.59.98.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 reiserfs-kmp-64kb-5.3.18-150300.59.98.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.98.1 kernel-docs-5.3.18-150300.59.98.1 kernel-docs-html-5.3.18-150300.59.98.1 kernel-macros-5.3.18-150300.59.98.1 kernel-source-5.3.18-150300.59.98.1 kernel-source-vanilla-5.3.18-150300.59.98.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.98.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.98.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 kernel-default-extra-5.3.18-150300.59.98.1 kernel-default-extra-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-debugsource-5.3.18-150300.59.98.1 kernel-preempt-extra-5.3.18-150300.59.98.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 kernel-default-livepatch-5.3.18-150300.59.98.1 kernel-default-livepatch-devel-5.3.18-150300.59.98.1 kernel-livepatch-5_3_18-150300_59_98-default-1-150300.7.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 reiserfs-kmp-default-5.3.18-150300.59.98.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.98.1 kernel-obs-build-debugsource-5.3.18-150300.59.98.1 kernel-syms-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-debugsource-5.3.18-150300.59.98.1 kernel-preempt-devel-5.3.18-150300.59.98.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.98.1 kernel-source-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.98.1 kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 kernel-default-devel-5.3.18-150300.59.98.1 kernel-default-devel-debuginfo-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.98.1 kernel-preempt-debuginfo-5.3.18-150300.59.98.1 kernel-preempt-debugsource-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.98.1 kernel-64kb-debuginfo-5.3.18-150300.59.98.1 kernel-64kb-debugsource-5.3.18-150300.59.98.1 kernel-64kb-devel-5.3.18-150300.59.98.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.98.1 kernel-macros-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.98.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.98.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.98.1 kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.98.1 kernel-default-base-5.3.18-150300.59.98.1.150300.18.56.3 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.98.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.98.1 dlm-kmp-default-5.3.18-150300.59.98.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.98.1 gfs2-kmp-default-5.3.18-150300.59.98.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debuginfo-5.3.18-150300.59.98.1 kernel-default-debugsource-5.3.18-150300.59.98.1 ocfs2-kmp-default-5.3.18-150300.59.98.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.98.1 References: https://www.suse.com/security/cve/CVE-2020-16119.html https://www.suse.com/security/cve/CVE-2022-20008.html https://www.suse.com/security/cve/CVE-2022-2503.html https://www.suse.com/security/cve/CVE-2022-2586.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-41222.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41849.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://www.suse.com/security/cve/CVE-2022-42722.html https://bugzilla.suse.com/1177471 https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1194023 https://bugzilla.suse.com/1196444 https://bugzilla.suse.com/1197659 https://bugzilla.suse.com/1199564 https://bugzilla.suse.com/1200313 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1201310 https://bugzilla.suse.com/1201489 https://bugzilla.suse.com/1201645 https://bugzilla.suse.com/1201865 https://bugzilla.suse.com/1201990 https://bugzilla.suse.com/1202095 https://bugzilla.suse.com/1202341 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202677 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1202984 https://bugzilla.suse.com/1203159 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203313 https://bugzilla.suse.com/1203389 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203424 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203622 https://bugzilla.suse.com/1203737 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203906 https://bugzilla.suse.com/1203909 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203939 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1203992 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 https://bugzilla.suse.com/1204125 https://bugzilla.suse.com/1204289 https://bugzilla.suse.com/1204290 https://bugzilla.suse.com/1204291 https://bugzilla.suse.com/1204292

1 0

SUSE-SU-2022:3768-1: important: Security update for qemu
by opensuse-security＠opensuse.org 26 Oct '22

26 Oct '22

SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3768-1 Rating: important References: #1175144 #1182282 #1185000 #1192463 #1198035 #1198037 #1198038 #1201367 Cross-References: CVE-2020-17380 CVE-2021-3409 CVE-2021-3507 CVE-2021-4206 CVE-2021-4207 CVE-2022-0216 CVE-2022-35414 CVSS scores: CVE-2020-17380 (NVD) : 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2020-17380 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2021-3409 (NVD) : 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3409 (SUSE): 5.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3507 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2021-3507 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-0216 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-0216 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-35414 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-35414 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for qemu fixes the following issues: - CVE-2021-3409: Fixed an incomplete fix for CVE-2020-17380 and CVE-2020-25085 in sdhi controller. (bsc#1182282) - CVE-2021-4206: Fixed an integer overflow in cursor_alloc which can lead to heap buffer overflow. (bsc#1198035) - CVE-2021-4207: Fixed a double fetch in qxl_cursor ehich can lead to heap buffer overflow. (bsc#1198037) - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038) - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367) - CVE-2021-3507: Fixed a heap buffer overflow in DMA read data transfers. (bsc#1185000) - CVE-2020-17380: Fixed a heap buffer overflow in sdhci_sdma_transfer_multi_blocks. (bsc#1175144) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3768=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3768=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3768=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3768=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3768=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3768=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-3768=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 x86_64): qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le): qemu-ppc-3.1.1.1-150100.80.43.2 qemu-ppc-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x x86_64): qemu-kvm-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le): qemu-ppc-3.1.1.1-150100.80.43.2 qemu-ppc-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64): qemu-arm-3.1.1.1-150100.80.43.2 qemu-arm-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): qemu-s390-3.1.1.1-150100.80.43.2 qemu-s390-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64): qemu-arm-3.1.1.1-150100.80.43.2 qemu-arm-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64): qemu-arm-3.1.1.1-150100.80.43.2 qemu-arm-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Enterprise Storage 6 (aarch64): qemu-arm-3.1.1.1-150100.80.43.2 qemu-arm-debuginfo-3.1.1.1-150100.80.43.2 - SUSE Enterprise Storage 6 (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE Enterprise Storage 6 (x86_64): qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 - SUSE CaaS Platform 4.0 (noarch): qemu-ipxe-1.0.0+-150100.80.43.2 qemu-seabios-1.12.0_0_ga698c89-150100.80.43.2 qemu-sgabios-8-150100.80.43.2 qemu-vgabios-1.12.0_0_ga698c89-150100.80.43.2 - SUSE CaaS Platform 4.0 (x86_64): qemu-3.1.1.1-150100.80.43.2 qemu-audio-alsa-3.1.1.1-150100.80.43.2 qemu-audio-alsa-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-oss-3.1.1.1-150100.80.43.2 qemu-audio-oss-debuginfo-3.1.1.1-150100.80.43.2 qemu-audio-pa-3.1.1.1-150100.80.43.2 qemu-audio-pa-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-curl-3.1.1.1-150100.80.43.2 qemu-block-curl-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-iscsi-3.1.1.1-150100.80.43.2 qemu-block-iscsi-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-rbd-3.1.1.1-150100.80.43.2 qemu-block-rbd-debuginfo-3.1.1.1-150100.80.43.2 qemu-block-ssh-3.1.1.1-150100.80.43.2 qemu-block-ssh-debuginfo-3.1.1.1-150100.80.43.2 qemu-debuginfo-3.1.1.1-150100.80.43.2 qemu-debugsource-3.1.1.1-150100.80.43.2 qemu-guest-agent-3.1.1.1-150100.80.43.2 qemu-guest-agent-debuginfo-3.1.1.1-150100.80.43.2 qemu-kvm-3.1.1.1-150100.80.43.2 qemu-lang-3.1.1.1-150100.80.43.2 qemu-tools-3.1.1.1-150100.80.43.2 qemu-tools-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-curses-3.1.1.1-150100.80.43.2 qemu-ui-curses-debuginfo-3.1.1.1-150100.80.43.2 qemu-ui-gtk-3.1.1.1-150100.80.43.2 qemu-ui-gtk-debuginfo-3.1.1.1-150100.80.43.2 qemu-x86-3.1.1.1-150100.80.43.2 qemu-x86-debuginfo-3.1.1.1-150100.80.43.2 References: https://www.suse.com/security/cve/CVE-2020-17380.html https://www.suse.com/security/cve/CVE-2021-3409.html https://www.suse.com/security/cve/CVE-2021-3507.html https://www.suse.com/security/cve/CVE-2021-4206.html https://www.suse.com/security/cve/CVE-2021-4207.html https://www.suse.com/security/cve/CVE-2022-0216.html https://www.suse.com/security/cve/CVE-2022-35414.html https://bugzilla.suse.com/1175144 https://bugzilla.suse.com/1182282 https://bugzilla.suse.com/1185000 https://bugzilla.suse.com/1192463 https://bugzilla.suse.com/1198035 https://bugzilla.suse.com/1198037 https://bugzilla.suse.com/1198038 https://bugzilla.suse.com/1201367

1 0

SUSE-SU-2022:3751-1: moderate: Security update for SUSE Manager Client Tools
by opensuse-security＠opensuse.org 26 Oct '22

26 Oct '22

SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3751-1 Rating: moderate References: #1198903 #1201535 #1201539 SLE-23422 SLE-23439 SLE-24565 SLE-24791 Cross-References: CVE-2022-31097 CVE-2022-31107 CVSS scores: CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 SUSE Manager Tools 15 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities, contains four features and has one errata is now available. Description: This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Move image services to dracut-saltboot package * Use salt bundle golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file grafana: - Update to version 8.3.10 + Security: * CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535) * CVE-2022-31107: Fixes OAuth account takeover vulnerability (bsc#1201539) - Update to version 8.3.9 + Bug fixes: * Geomap: Display legend * Prometheus: Fix timestamp truncation - Update to version 8.3.7 + Bug fix: * Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted. - Update to version 8.3.6 + Features and enhancements: * Cloud Monitoring: Reduce request size when listing labels. * Explore: Show scalar data result in a table instead of graph. * Snapshots: Updates the default external snapshot server URL. * Table: Makes footer not overlap table content. * Tempo: Add request histogram to service graph datalink. * Tempo: Add time range to tempo search query behind a feature flag. * Tempo: Auto-clear results when changing query type. * Tempo: Display start time in search results as relative time. * CloudMonitoring: Fix resource labels in query editor. * Cursor sync: Apply the settings without saving the dashboard. * LibraryPanels: Fix for Error while cleaning library panels. * Logs Panel: Fix timestamp parsing for string dates without timezone. * Prometheus: Fix some of the alerting queries that use reduce/math operation. * TablePanel: Fix ad-hoc variables not working on default datasources. * Text Panel: Fix alignment of elements. * Variables: Fix for constant variables in self referencing links. - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565) mgr-daemon: - Version 4.3.6-1 * Update translation strings spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3751=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3751=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3751=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3751=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3751=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3751=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3751=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3751=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3751=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3751=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3751=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - openSUSE Leap 15.4 (noarch): dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1 spacecmd-4.3.15-150000.3.86.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - openSUSE Leap 15.3 (noarch): dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1 spacecmd-4.3.15-150000.3.86.1 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 grafana-8.3.10-150000.1.33.1 grafana-debuginfo-8.3.10-150000.1.33.1 python3-uyuni-common-libs-4.3.6-150000.1.27.2 - SUSE Manager Tools 15 (noarch): dracut-saltboot-0.1.1661440542.6cbe0da-150000.1.38.1 mgr-daemon-4.3.6-150000.1.38.1 python3-spacewalk-check-4.3.12-150000.3.68.2 python3-spacewalk-client-setup-4.3.12-150000.3.68.2 python3-spacewalk-client-tools-4.3.12-150000.3.68.2 spacecmd-4.3.15-150000.3.86.1 spacewalk-check-4.3.12-150000.3.68.2 spacewalk-client-setup-4.3.12-150000.3.68.2 spacewalk-client-tools-4.3.12-150000.3.68.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-lusitaniae-apache_exporter-0.11.0-150000.1.12.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.11.0-150000.1.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): golang-github-prometheus-node_exporter-1.3.0-150000.3.18.1 References: https://www.suse.com/security/cve/CVE-2022-31097.html https://www.suse.com/security/cve/CVE-2022-31107.html https://bugzilla.suse.com/1198903 https://bugzilla.suse.com/1201535 https://bugzilla.suse.com/1201539

1 0

SUSE-SU-2022:3773-1: important: Security update for curl
by opensuse-security＠opensuse.org 26 Oct '22

26 Oct '22

SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3773-1 Rating: important References: #1204383 Cross-References: CVE-2022-32221 CVSS scores: CVE-2022-32221 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3773=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3773=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3773=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3773=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3773=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3773=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3773=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3773=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3773=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3773=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3773=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3773=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3773=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-3773=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - openSUSE Leap 15.3 (x86_64): libcurl-devel-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Manager Server 4.1 (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Manager Proxy 4.1 (x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): curl-7.66.0-150200.4.42.1 curl-debuginfo-7.66.0-150200.4.42.1 curl-debugsource-7.66.0-150200.4.42.1 libcurl-devel-7.66.0-150200.4.42.1 libcurl4-7.66.0-150200.4.42.1 libcurl4-debuginfo-7.66.0-150200.4.42.1 - SUSE Enterprise Storage 7 (x86_64): libcurl4-32bit-7.66.0-150200.4.42.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.42.1 References: https://www.suse.com/security/cve/CVE-2022-32221.html https://bugzilla.suse.com/1204383

1 0