openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
November 2022
- 2 participants
- 149 discussions
openSUSE-SU-2022:10222-1: important: Security update for rxvt-unicode
by opensuse-security@opensuse.org 30 Nov '22
by opensuse-security@opensuse.org 30 Nov '22
30 Nov '22
openSUSE Security Update: Security update for rxvt-unicode
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10222-1
Rating: important
References: #1186174
Cross-References: CVE-2008-1142 CVE-2021-33477
CVSS scores:
CVE-2021-33477 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for rxvt-unicode fixes the following issues:
Update to 9.26
- ev_iouring.c was wrongly required during compilation, and wrongly not
packaged.
Update to 9.25 (boo#1186174 CVE-2021-33477)
- for the 17.5th anniversary, and because many distributions seem to
remove rxvt in favour of urxvt, this release resurrects rclock as
urclock.
- add support for systemd socket-based activation - debian bug #917105,
freebsd bug #234276.
- do not destruct perl on exit anymore: this might fail for a variety of
reasons, and takes unneccessary time.
- remove any macros from urxvtperl manpage(s), should fix debian bug
858385.
- the old bg image resources are now provided by the background extension,
and perl is thus required for bg image support. No configuration change
is needed: urxvt autoloads the background ext if any bg image
resource/option is present (for OSC sequences to work you need to enable
it explicity). The old bg image resources are also now deprecated; users
are encouraged to switch to the new bg image interface (see man
urxvt-background).
- confirm-paste now checks for any ctlchars, not just newlines.
- searchable scrollback will now ignore bracketed paste mode sequences
(prompted by Daniel Gr��ber's patch).
- drop ISO 2022 locale support. ISO 2022 encodings are not supported in
POSIX locales and clash with vt100 charset emulation (the luit program
can be used as a substitute).
- perl didn't parse rgba colours specified as an array correctly,
only allowing 0 and 100% intensity for each component (this affected
fill and tint).
- when iterating over resources, urxvt will now try to properly handle
multipart resources (such as "*background.expr"), for the benefit
of autoloading perl extensions.
- ESC G (query rxvt graphics mode) has been disabled due to security
implications. The rxvt graphics mode was removed in rxvt-unicode 1.5,
and no programs relying on being able to query the mode are known.
- work around API change breakage in perl 5.28, based on a patch by Roman
Bogorodskiy.
- improved security: rob nation's (obsolete) graphics mode queries no
longer reply with linefeed in secure/default mode.
- ISO 8613-3 direct colour SGR sequences (patch by Fengguang Wu).
- xterm focus reporting mode (patch by Daniel Hahler).
- xterm SGR mouse mode.
- implement DECRQM. Patch by P��emysl Eric Janouch.
- add missing color index parameter to OSC 4 response. Patch by P��emysl
Eric Janouch.
- in some window managers, if smart resize was enabled, urxvt erroneously
moved the window on font change - awesome bug #532, arch linux bug
##34807 (patch by Uli Schlachter).
- fix urxvtd crash when using a background expression.
- properly restore colors when using fading and reverse video is enabled
while urxvt is focused and then disabled while it is not focused, or
vice versa (patch by Daniel Hahler).
- fix high memory usage when an extension repeatedly hides and shows an
overlay (reported by Marcel Lautenbach).
- expose priv_modes member and constants to perl extensions (patch by
Rastislav Barlik).
- fix a whole slew of const sillyness, unfortunately forced upon us by ISO
C++.
- update to libecb 0x00010006.
- disable all thread support in ecb.h as we presumably don't need it.
- slightly improve Makefile source dependencies.
- work around bugs in newer Pod::Xhtml versions (flags incorrect
formatting codes in xhtml/html sections but does not interpret correct
ones).
- New file: /usr/bin/urclock
- restore the -256color binaries
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10222=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10222=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
rxvt-unicode-9.26-bp154.2.3.1
rxvt-unicode-debuginfo-9.26-bp154.2.3.1
rxvt-unicode-debugsource-9.26-bp154.2.3.1
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
rxvt-unicode-9.26-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2008-1142.html
https://www.suse.com/security/cve/CVE-2021-33477.html
https://bugzilla.suse.com/1186174
1
0
Hi,
SUSE Linux Enterprise Server 15 SP3 leaves its regular maintenance and
support phase on December 31st 2022.
As openSUSE Leap 15.3 uses the SLES 15 SP3 updates, also openSUSE Leap
15.3 support from openSUSE Maintenance and Security will end on December 31st 2022.
An upgrade to openSUSE Leap 15.4 is recommended.
Ciao, Marcus
1
0
SUSE-SU-2022:4285-1: important: Security update for webkit2gtk3
by opensuse-security@opensuse.org 29 Nov '22
by opensuse-security@opensuse.org 29 Nov '22
29 Nov '22
SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4285-1
Rating: important
References: #1205120 #1205121 #1205122 #1205123 #1205124
Cross-References: CVE-2022-32888 CVE-2022-32923 CVE-2022-42799
CVE-2022-42823 CVE-2022-42824
CVSS scores:
CVE-2022-32888 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32888 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32923 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-32923 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-42799 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-42799 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-42823 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-42823 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-42824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-42824 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products:
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
Security fixes:
- CVE-2022-32888: Fixed possible arbitrary code execution via maliciously
crafted web content (bsc#1205121).
- CVE-2022-32923: Fixed possible information leak via maliciously crafted
web content (bsc#1205122).
- CVE-2022-42799: Fixed user interface spoofing when visiting a malicious
website (bsc#1205123).
- CVE-2022-42823: Fixed possible arbitrary code execution via maliciously
crafted web content (bsc#1205120).
- CVE-2022-42824: Fixed possible sensitive user information leak via
maliciously crafted web content (bsc#1205124).
Update to version 2.38.2:
- Fix scrolling issues in some sites having fixed background.
- Fix prolonged buffering during progressive live playback.
- Fix the build with accessibility disabled.
- Fix several crashes and rendering issues.
Update to version 2.38.1:
- Make xdg-dbus-proxy work if host session bus address is an abstract
socket.
- Use a single xdg-dbus-proxy process when sandbox is enabled.
- Fix high resolution video playback due to unimplemented changeType
operation.
- Ensure GSubprocess uses posix_spawn() again and inherit file
descriptors.
- Fix player stucking in buffering (paused) state for progressive
streaming.
- Do not try to preconnect on link click when link preconnect setting is
disabled.
- Fix close status code returned when the client closes a WebSocket in
some cases.
- Fix media player duration calculation.
- Fix several crashes and rendering issues.
Update to version 2.38.0:
- New media controls UI style.
- Add new API to set WebView's Content-Security-Policy for web
extensions support.
- Make it possible to use the remote inspector from other browsers using
WEBKIT_INSPECTOR_HTTP_SERVER env var.
- MediaSession is enabled by default, allowing remote media control
using MPRIS.
- Add support for PDF documents using PDF.js.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-4285=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4285=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4285=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4285=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4285=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4285=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4285=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4285=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4285=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4285=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4285=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4285=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-4285=1
Package List:
- openSUSE Leap 15.4 (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2
typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2
webkit-jsc-4-2.38.2-150200.54.2
webkit-jsc-4-debuginfo-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
webkit2gtk3-devel-2.38.2-150200.54.2
webkit2gtk3-minibrowser-2.38.2-150200.54.2
webkit2gtk3-minibrowser-debuginfo-2.38.2-150200.54.2
- openSUSE Leap 15.3 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-32bit-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-32bit-debuginfo-2.38.2-150200.54.2
- openSUSE Leap 15.3 (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2
typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
webkit2gtk3-devel-2.38.2-150200.54.2
- SUSE Manager Server 4.1 (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
- SUSE Manager Retail Branch Server 4.1 (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2
typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
webkit2gtk3-devel-2.38.2-150200.54.2
- SUSE Manager Proxy 4.1 (x86_64):
libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2
typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
webkit2gtk3-devel-2.38.2-150200.54.2
- SUSE Manager Proxy 4.1 (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2
typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
webkit2gtk3-devel-2.38.2-150200.54.2
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2
typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
webkit2gtk3-devel-2.38.2-150200.54.2
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2
typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
webkit2gtk3-devel-2.38.2-150200.54.2
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
webkit2gtk3-devel-2.38.2-150200.54.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2
typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
webkit2gtk3-devel-2.38.2-150200.54.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2
typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
webkit2gtk3-devel-2.38.2-150200.54.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.38.2-150200.54.2
libjavascriptcoregtk-4_0-18-debuginfo-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-2.38.2-150200.54.2
libwebkit2gtk-4_0-37-debuginfo-2.38.2-150200.54.2
typelib-1_0-JavaScriptCore-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2-4_0-2.38.2-150200.54.2
typelib-1_0-WebKit2WebExtension-4_0-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-2.38.2-150200.54.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.38.2-150200.54.2
webkit2gtk3-debugsource-2.38.2-150200.54.2
webkit2gtk3-devel-2.38.2-150200.54.2
- SUSE Enterprise Storage 7 (noarch):
libwebkit2gtk3-lang-2.38.2-150200.54.2
References:
https://www.suse.com/security/cve/CVE-2022-32888.html
https://www.suse.com/security/cve/CVE-2022-32923.html
https://www.suse.com/security/cve/CVE-2022-42799.html
https://www.suse.com/security/cve/CVE-2022-42823.html
https://www.suse.com/security/cve/CVE-2022-42824.html
https://bugzilla.suse.com/1205120
https://bugzilla.suse.com/1205121
https://bugzilla.suse.com/1205122
https://bugzilla.suse.com/1205123
https://bugzilla.suse.com/1205124
1
0
SUSE-SU-2022:4292-1: moderate: Security update for freerdp
by opensuse-security@opensuse.org 29 Nov '22
by opensuse-security@opensuse.org 29 Nov '22
29 Nov '22
SUSE Security Update: Security update for freerdp
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4292-1
Rating: moderate
References: #1205563 #1205564
Cross-References: CVE-2022-39318 CVE-2022-39319
CVSS scores:
CVE-2022-39318 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39318 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-39319 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2022-39319 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for freerdp fixes the following issues:
- CVE-2022-39318: Fixed division by zero in urbdrc (bsc#1205563).
- CVE-2022-39319: Fixed missing input buffer length check in urbdrc
(bsc#1205564).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4292=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4292=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4292=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
freerdp-2.1.2-150200.15.24.1
freerdp-debuginfo-2.1.2-150200.15.24.1
freerdp-debugsource-2.1.2-150200.15.24.1
freerdp-devel-2.1.2-150200.15.24.1
freerdp-proxy-2.1.2-150200.15.24.1
freerdp-proxy-debuginfo-2.1.2-150200.15.24.1
freerdp-server-2.1.2-150200.15.24.1
freerdp-server-debuginfo-2.1.2-150200.15.24.1
freerdp-wayland-2.1.2-150200.15.24.1
freerdp-wayland-debuginfo-2.1.2-150200.15.24.1
libfreerdp2-2.1.2-150200.15.24.1
libfreerdp2-debuginfo-2.1.2-150200.15.24.1
libuwac0-0-2.1.2-150200.15.24.1
libuwac0-0-debuginfo-2.1.2-150200.15.24.1
libwinpr2-2.1.2-150200.15.24.1
libwinpr2-debuginfo-2.1.2-150200.15.24.1
uwac0-0-devel-2.1.2-150200.15.24.1
winpr2-devel-2.1.2-150200.15.24.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
freerdp-2.1.2-150200.15.24.1
freerdp-debuginfo-2.1.2-150200.15.24.1
freerdp-debugsource-2.1.2-150200.15.24.1
freerdp-devel-2.1.2-150200.15.24.1
freerdp-proxy-2.1.2-150200.15.24.1
freerdp-proxy-debuginfo-2.1.2-150200.15.24.1
libfreerdp2-2.1.2-150200.15.24.1
libfreerdp2-debuginfo-2.1.2-150200.15.24.1
libwinpr2-2.1.2-150200.15.24.1
libwinpr2-debuginfo-2.1.2-150200.15.24.1
winpr2-devel-2.1.2-150200.15.24.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x):
freerdp-2.1.2-150200.15.24.1
freerdp-debuginfo-2.1.2-150200.15.24.1
freerdp-debugsource-2.1.2-150200.15.24.1
freerdp-devel-2.1.2-150200.15.24.1
freerdp-proxy-2.1.2-150200.15.24.1
freerdp-proxy-debuginfo-2.1.2-150200.15.24.1
libfreerdp2-2.1.2-150200.15.24.1
libfreerdp2-debuginfo-2.1.2-150200.15.24.1
libwinpr2-2.1.2-150200.15.24.1
libwinpr2-debuginfo-2.1.2-150200.15.24.1
winpr2-devel-2.1.2-150200.15.24.1
References:
https://www.suse.com/security/cve/CVE-2022-39318.html
https://www.suse.com/security/cve/CVE-2022-39319.html
https://bugzilla.suse.com/1205563
https://bugzilla.suse.com/1205564
1
0
SUSE-SU-2022:4282-1: important: Security update for vim
by opensuse-security@opensuse.org 29 Nov '22
by opensuse-security@opensuse.org 29 Nov '22
29 Nov '22
SUSE Security Update: Security update for vim
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4282-1
Rating: important
References: #1192478 #1202962 #1203110 #1203152 #1203155
#1203194 #1203272 #1203508 #1203509 #1203796
#1203797 #1203799 #1203820 #1203924 #1204779
Cross-References: CVE-2021-3928 CVE-2022-2980 CVE-2022-2982
CVE-2022-3037 CVE-2022-3099 CVE-2022-3134
CVE-2022-3153 CVE-2022-3234 CVE-2022-3235
CVE-2022-3278 CVE-2022-3296 CVE-2022-3297
CVE-2022-3324 CVE-2022-3352 CVE-2022-3705
CVSS scores:
CVE-2021-3928 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3928 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
CVE-2022-2980 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2980 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2982 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2982 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-3037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3037 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-3099 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3099 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-3134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3134 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-3153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3153 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3234 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3235 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3235 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-3278 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3278 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-3296 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3296 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-3297 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3297 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-3324 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3324 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3352 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3352 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-3705 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3705 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
openSUSE Leap Micro 5.3
______________________________________________________________________________
An update that fixes 15 vulnerabilities is now available.
Description:
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0814:
- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).
- CVE-2022-3235: Fixed use-after-free (bsc#1203509).
- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).
- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the
file quickfix.c (bsc#1204779).
- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).
- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in
ex_eval.c (bsc#1203796).
- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at
insexpand.c (bsc#1203797).
- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).
- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).
- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).
- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank()
in eval.c (bsc#1203799).
- CVE-2022-3352: Fixed use-after-free (bsc#1203924).
- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse()
(bsc#1203155).
- CVE-2022-3037: Fixed use-after-free (bsc#1202962).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.3:
zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4282=1
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4282=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-4282=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4282=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4282=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4282=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4282=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4282=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4282=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4282=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4282=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4282=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4282=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4282=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4282=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4282=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4282=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4282=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4282=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-4282=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4282=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4282=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4282=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4282=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4282=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4282=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4282=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4282=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-4282=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-4282=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.3 (aarch64 x86_64):
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
vim-small-9.0.0814-150000.5.28.1
vim-small-debuginfo-9.0.0814-150000.5.28.1
- openSUSE Leap Micro 5.3 (noarch):
vim-data-common-9.0.0814-150000.5.28.1
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
vim-small-9.0.0814-150000.5.28.1
vim-small-debuginfo-9.0.0814-150000.5.28.1
- openSUSE Leap Micro 5.2 (noarch):
vim-data-common-9.0.0814-150000.5.28.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
vim-small-9.0.0814-150000.5.28.1
vim-small-debuginfo-9.0.0814-150000.5.28.1
- openSUSE Leap 15.4 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
vim-small-9.0.0814-150000.5.28.1
vim-small-debuginfo-9.0.0814-150000.5.28.1
- openSUSE Leap 15.3 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Manager Server 4.1 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Manager Proxy 4.1 (x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Manager Proxy 4.1 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
vim-small-9.0.0814-150000.5.28.1
vim-small-debuginfo-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
vim-small-9.0.0814-150000.5.28.1
vim-small-debuginfo-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
vim-small-9.0.0814-150000.5.28.1
vim-small-debuginfo-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Micro 5.3 (noarch):
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
vim-small-9.0.0814-150000.5.28.1
vim-small-debuginfo-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Micro 5.2 (noarch):
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
vim-small-9.0.0814-150000.5.28.1
vim-small-debuginfo-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise Micro 5.1 (noarch):
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Enterprise Storage 7 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE Enterprise Storage 6 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
- SUSE CaaS Platform 4.0 (x86_64):
gvim-9.0.0814-150000.5.28.1
gvim-debuginfo-9.0.0814-150000.5.28.1
vim-9.0.0814-150000.5.28.1
vim-debuginfo-9.0.0814-150000.5.28.1
vim-debugsource-9.0.0814-150000.5.28.1
- SUSE CaaS Platform 4.0 (noarch):
vim-data-9.0.0814-150000.5.28.1
vim-data-common-9.0.0814-150000.5.28.1
References:
https://www.suse.com/security/cve/CVE-2021-3928.html
https://www.suse.com/security/cve/CVE-2022-2980.html
https://www.suse.com/security/cve/CVE-2022-2982.html
https://www.suse.com/security/cve/CVE-2022-3037.html
https://www.suse.com/security/cve/CVE-2022-3099.html
https://www.suse.com/security/cve/CVE-2022-3134.html
https://www.suse.com/security/cve/CVE-2022-3153.html
https://www.suse.com/security/cve/CVE-2022-3234.html
https://www.suse.com/security/cve/CVE-2022-3235.html
https://www.suse.com/security/cve/CVE-2022-3278.html
https://www.suse.com/security/cve/CVE-2022-3296.html
https://www.suse.com/security/cve/CVE-2022-3297.html
https://www.suse.com/security/cve/CVE-2022-3324.html
https://www.suse.com/security/cve/CVE-2022-3352.html
https://www.suse.com/security/cve/CVE-2022-3705.html
https://bugzilla.suse.com/1192478
https://bugzilla.suse.com/1202962
https://bugzilla.suse.com/1203110
https://bugzilla.suse.com/1203152
https://bugzilla.suse.com/1203155
https://bugzilla.suse.com/1203194
https://bugzilla.suse.com/1203272
https://bugzilla.suse.com/1203508
https://bugzilla.suse.com/1203509
https://bugzilla.suse.com/1203796
https://bugzilla.suse.com/1203797
https://bugzilla.suse.com/1203799
https://bugzilla.suse.com/1203820
https://bugzilla.suse.com/1203924
https://bugzilla.suse.com/1204779
1
0
SUSE-SU-2022:4281-1: important: Security update for python3
by opensuse-security@opensuse.org 29 Nov '22
by opensuse-security@opensuse.org 29 Nov '22
29 Nov '22
SUSE Security Update: Security update for python3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4281-1
Rating: important
References: #1188607 #1203125 #1204577
Cross-References: CVE-2019-18348 CVE-2020-10735 CVE-2020-8492
CVE-2022-37454
CVSS scores:
CVE-2019-18348 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2019-18348 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2020-10735 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-10735 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-8492 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-8492 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-37454 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-37454 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
openSUSE Leap Micro 5.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for python3 fixes the following issues:
- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_*
implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to
int and vice vera. (bsc#1203125)
The following non-security bug was fixed:
- Fixed a crash in the garbage collection (bsc#1188607).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.3:
zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4281=1
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4281=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-4281=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4281=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4281=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4281=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4281=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4281=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-4281=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4281=1
Package List:
- openSUSE Leap Micro 5.3 (aarch64 x86_64):
libpython3_6m1_0-3.6.15-150300.10.37.2
libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2
python3-3.6.15-150300.10.37.2
python3-base-3.6.15-150300.10.37.2
python3-base-debuginfo-3.6.15-150300.10.37.2
python3-core-debugsource-3.6.15-150300.10.37.2
python3-debuginfo-3.6.15-150300.10.37.2
python3-debugsource-3.6.15-150300.10.37.2
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libpython3_6m1_0-3.6.15-150300.10.37.2
libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2
python3-3.6.15-150300.10.37.2
python3-base-3.6.15-150300.10.37.2
python3-base-debuginfo-3.6.15-150300.10.37.2
python3-core-debugsource-3.6.15-150300.10.37.2
python3-debuginfo-3.6.15-150300.10.37.2
python3-debugsource-3.6.15-150300.10.37.2
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.37.2
libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2
python3-3.6.15-150300.10.37.2
python3-base-3.6.15-150300.10.37.2
python3-base-debuginfo-3.6.15-150300.10.37.2
python3-core-debugsource-3.6.15-150300.10.37.2
python3-curses-3.6.15-150300.10.37.2
python3-curses-debuginfo-3.6.15-150300.10.37.2
python3-dbm-3.6.15-150300.10.37.2
python3-dbm-debuginfo-3.6.15-150300.10.37.2
python3-debuginfo-3.6.15-150300.10.37.2
python3-debugsource-3.6.15-150300.10.37.2
python3-devel-3.6.15-150300.10.37.2
python3-devel-debuginfo-3.6.15-150300.10.37.2
python3-doc-3.6.15-150300.10.37.1
python3-doc-devhelp-3.6.15-150300.10.37.1
python3-idle-3.6.15-150300.10.37.2
python3-testsuite-3.6.15-150300.10.37.2
python3-testsuite-debuginfo-3.6.15-150300.10.37.2
python3-tk-3.6.15-150300.10.37.2
python3-tk-debuginfo-3.6.15-150300.10.37.2
python3-tools-3.6.15-150300.10.37.2
- openSUSE Leap 15.4 (x86_64):
libpython3_6m1_0-32bit-3.6.15-150300.10.37.2
libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.37.2
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.37.2
libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2
python3-3.6.15-150300.10.37.2
python3-base-3.6.15-150300.10.37.2
python3-base-debuginfo-3.6.15-150300.10.37.2
python3-core-debugsource-3.6.15-150300.10.37.2
python3-curses-3.6.15-150300.10.37.2
python3-curses-debuginfo-3.6.15-150300.10.37.2
python3-dbm-3.6.15-150300.10.37.2
python3-dbm-debuginfo-3.6.15-150300.10.37.2
python3-debuginfo-3.6.15-150300.10.37.2
python3-debugsource-3.6.15-150300.10.37.2
python3-devel-3.6.15-150300.10.37.2
python3-devel-debuginfo-3.6.15-150300.10.37.2
python3-doc-3.6.15-150300.10.37.1
python3-doc-devhelp-3.6.15-150300.10.37.1
python3-idle-3.6.15-150300.10.37.2
python3-testsuite-3.6.15-150300.10.37.2
python3-testsuite-debuginfo-3.6.15-150300.10.37.2
python3-tk-3.6.15-150300.10.37.2
python3-tk-debuginfo-3.6.15-150300.10.37.2
python3-tools-3.6.15-150300.10.37.2
- openSUSE Leap 15.3 (x86_64):
libpython3_6m1_0-32bit-3.6.15-150300.10.37.2
libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.37.2
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
python3-core-debugsource-3.6.15-150300.10.37.2
python3-tools-3.6.15-150300.10.37.2
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
python3-core-debugsource-3.6.15-150300.10.37.2
python3-tools-3.6.15-150300.10.37.2
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.37.2
libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2
python3-3.6.15-150300.10.37.2
python3-base-3.6.15-150300.10.37.2
python3-base-debuginfo-3.6.15-150300.10.37.2
python3-core-debugsource-3.6.15-150300.10.37.2
python3-curses-3.6.15-150300.10.37.2
python3-curses-debuginfo-3.6.15-150300.10.37.2
python3-dbm-3.6.15-150300.10.37.2
python3-dbm-debuginfo-3.6.15-150300.10.37.2
python3-debuginfo-3.6.15-150300.10.37.2
python3-debugsource-3.6.15-150300.10.37.2
python3-devel-3.6.15-150300.10.37.2
python3-devel-debuginfo-3.6.15-150300.10.37.2
python3-idle-3.6.15-150300.10.37.2
python3-tk-3.6.15-150300.10.37.2
python3-tk-debuginfo-3.6.15-150300.10.37.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.37.2
libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2
python3-3.6.15-150300.10.37.2
python3-base-3.6.15-150300.10.37.2
python3-base-debuginfo-3.6.15-150300.10.37.2
python3-core-debugsource-3.6.15-150300.10.37.2
python3-curses-3.6.15-150300.10.37.2
python3-curses-debuginfo-3.6.15-150300.10.37.2
python3-dbm-3.6.15-150300.10.37.2
python3-dbm-debuginfo-3.6.15-150300.10.37.2
python3-debuginfo-3.6.15-150300.10.37.2
python3-debugsource-3.6.15-150300.10.37.2
python3-devel-3.6.15-150300.10.37.2
python3-devel-debuginfo-3.6.15-150300.10.37.2
python3-idle-3.6.15-150300.10.37.2
python3-tk-3.6.15-150300.10.37.2
python3-tk-debuginfo-3.6.15-150300.10.37.2
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.37.2
libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2
python3-3.6.15-150300.10.37.2
python3-base-3.6.15-150300.10.37.2
python3-base-debuginfo-3.6.15-150300.10.37.2
python3-core-debugsource-3.6.15-150300.10.37.2
python3-debuginfo-3.6.15-150300.10.37.2
python3-debugsource-3.6.15-150300.10.37.2
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libpython3_6m1_0-3.6.15-150300.10.37.2
libpython3_6m1_0-debuginfo-3.6.15-150300.10.37.2
python3-3.6.15-150300.10.37.2
python3-base-3.6.15-150300.10.37.2
python3-base-debuginfo-3.6.15-150300.10.37.2
python3-core-debugsource-3.6.15-150300.10.37.2
python3-debuginfo-3.6.15-150300.10.37.2
python3-debugsource-3.6.15-150300.10.37.2
References:
https://www.suse.com/security/cve/CVE-2019-18348.html
https://www.suse.com/security/cve/CVE-2020-10735.html
https://www.suse.com/security/cve/CVE-2020-8492.html
https://www.suse.com/security/cve/CVE-2022-37454.html
https://bugzilla.suse.com/1188607
https://bugzilla.suse.com/1203125
https://bugzilla.suse.com/1204577
1
0
SUSE-SU-2022:4278-1: moderate: Security update for supportutils
by opensuse-security@opensuse.org 29 Nov '22
by opensuse-security@opensuse.org 29 Nov '22
29 Nov '22
SUSE Security Update: Security update for supportutils
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4278-1
Rating: moderate
References: #1184689 #1188086 #1192252 #1192648 #1197428
#1200330 #1202269 #1202337 #1202417 #1203818
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
openSUSE Leap Micro 5.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for supportutils fixes the following issues:
Security issues fixed:
- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt
(bsc#1203818)
Bug fixes:
- Added lifecycle information
- Fixed KVM virtualization detection on bare metal (bsc#1184689)
- Added logging using journalctl (bsc#1200330)
- Get current sar data before collecting files (bsc#1192648)
- Collects everything in /etc/multipath/ (bsc#1192252)
- Collects power management information in hardware.txt (bsc#1197428)
- Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
- Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269)
- Update to nvme_info and block_info (bsc#1202417)
- Added includedir directories from /etc/sudoers (bsc#1188086)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.3:
zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4278=1
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4278=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-4278=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4278=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4278=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4278=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-4278=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4278=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4278=1
Package List:
- openSUSE Leap Micro 5.3 (noarch):
supportutils-3.1.21-150300.7.35.15.1
- openSUSE Leap Micro 5.2 (noarch):
supportutils-3.1.21-150300.7.35.15.1
- openSUSE Leap 15.4 (noarch):
supportutils-3.1.21-150300.7.35.15.1
- openSUSE Leap 15.3 (noarch):
supportutils-3.1.21-150300.7.35.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
supportutils-3.1.21-150300.7.35.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
supportutils-3.1.21-150300.7.35.15.1
- SUSE Linux Enterprise Micro 5.3 (noarch):
supportutils-3.1.21-150300.7.35.15.1
- SUSE Linux Enterprise Micro 5.2 (noarch):
supportutils-3.1.21-150300.7.35.15.1
- SUSE Linux Enterprise Micro 5.1 (noarch):
supportutils-3.1.21-150300.7.35.15.1
References:
https://bugzilla.suse.com/1184689
https://bugzilla.suse.com/1188086
https://bugzilla.suse.com/1192252
https://bugzilla.suse.com/1192648
https://bugzilla.suse.com/1197428
https://bugzilla.suse.com/1200330
https://bugzilla.suse.com/1202269
https://bugzilla.suse.com/1202337
https://bugzilla.suse.com/1202417
https://bugzilla.suse.com/1203818
1
0
SUSE-SU-2022:4276-1: important: Security update for exiv2
by opensuse-security@opensuse.org 29 Nov '22
by opensuse-security@opensuse.org 29 Nov '22
29 Nov '22
SUSE Security Update: Security update for exiv2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4276-1
Rating: important
References: #1050257 #1095070 #1110282 #1119559 #1119560
#1119562 #1142677 #1142678 #1153577 #1186231
#1189337
Cross-References: CVE-2017-11591 CVE-2018-11531 CVE-2018-17581
CVE-2018-20097 CVE-2018-20098 CVE-2018-20099
CVE-2019-13109 CVE-2019-13110 CVE-2019-17402
CVE-2021-29473 CVE-2021-32815
CVSS scores:
CVE-2017-11591 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2017-11591 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-11531 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2018-11531 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2018-17581 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-17581 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-20097 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-20097 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2018-20098 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-20098 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2018-20099 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-20099 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2019-13109 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-13109 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2019-13110 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-13110 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2019-17402 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-29473 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-29473 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-32815 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-32815 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
This update for exiv2 fixes the following issues:
- CVE-2019-13110: Fixed an integer-overflow and out-of-bounds read in
CiffDirectory:readDirectory leads to denail of service (bsc#1142678).
- CVE-2019-13109: Fixed a denial of service in PngImage:readMetadata
(bsc#1142677).
- CVE-2018-17581: Fixed an excessive stack consumption
CiffDirectory:readDirectory() at crwimage_int.cpp (bsc#1110282).
- CVE-2017-11591: Fixed a floating point exception in Exiv2::ValueType
(bsc#1050257).
- CVE-2019-17402: Fixed an improper validation of the total size to the
offset and size leads to a crash in Exiv2::getULong in types.cpp
(bsc#1153577).
- CVE-2021-32815: Fixed a deny-of-service due to assertion failure in
crwimage_int.cpp (bsc#1189337).
- CVE-2018-20097: Fixed SEGV in
Exiv2::Internal::TiffParserWorker::findPrimaryGroupsu (bsc#1119562).
- CVE-2021-29473: Fixed out-of-bounds read in
Exiv2::Jp2Image:doWriteMetadata (bsc#1186231).
- CVE-2018-20098: Fixed a heap-based buffer over-read in
Exiv2::Jp2Image::encodeJp2Header (bsc#1119560).
- CVE-2018-11531: Fixed a heap-based buffer overflow in getData in
preview.cpp (bsc#1095070).
- CVE-2018-20099: exiv2: infinite loop in Exiv2::Jp2Image::encodeJp2Header
(bsc#1119559).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4276=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4276=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4276=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4276=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4276=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4276=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4276=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4276=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4276=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4276=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4276=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4276=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4276=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4276=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4276=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4276=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4276=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4276=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4276=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-4276=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-4276=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
exiv2-0.26-150000.6.26.1
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
libexiv2-doc-0.26-150000.6.26.1
- openSUSE Leap 15.3 (noarch):
exiv2-lang-0.26-150000.6.26.1
- openSUSE Leap 15.3 (x86_64):
libexiv2-26-32bit-0.26-150000.6.26.1
libexiv2-26-32bit-debuginfo-0.26-150000.6.26.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Manager Proxy 4.1 (x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
- SUSE CaaS Platform 4.0 (x86_64):
exiv2-debuginfo-0.26-150000.6.26.1
exiv2-debugsource-0.26-150000.6.26.1
libexiv2-26-0.26-150000.6.26.1
libexiv2-26-debuginfo-0.26-150000.6.26.1
libexiv2-devel-0.26-150000.6.26.1
References:
https://www.suse.com/security/cve/CVE-2017-11591.html
https://www.suse.com/security/cve/CVE-2018-11531.html
https://www.suse.com/security/cve/CVE-2018-17581.html
https://www.suse.com/security/cve/CVE-2018-20097.html
https://www.suse.com/security/cve/CVE-2018-20098.html
https://www.suse.com/security/cve/CVE-2018-20099.html
https://www.suse.com/security/cve/CVE-2019-13109.html
https://www.suse.com/security/cve/CVE-2019-13110.html
https://www.suse.com/security/cve/CVE-2019-17402.html
https://www.suse.com/security/cve/CVE-2021-29473.html
https://www.suse.com/security/cve/CVE-2021-32815.html
https://bugzilla.suse.com/1050257
https://bugzilla.suse.com/1095070
https://bugzilla.suse.com/1110282
https://bugzilla.suse.com/1119559
https://bugzilla.suse.com/1119560
https://bugzilla.suse.com/1119562
https://bugzilla.suse.com/1142677
https://bugzilla.suse.com/1142678
https://bugzilla.suse.com/1153577
https://bugzilla.suse.com/1186231
https://bugzilla.suse.com/1189337
1
0
SUSE-SU-2022:4259-1: important: Security update for tiff
by opensuse-security@opensuse.org 28 Nov '22
by opensuse-security@opensuse.org 28 Nov '22
28 Nov '22
SUSE Security Update: Security update for tiff
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4259-1
Rating: important
References: #1204641 #1204643 #1204644 #1204645 #1205392
Cross-References: CVE-2022-3597 CVE-2022-3599 CVE-2022-3626
CVE-2022-3627 CVE-2022-3970
CVSS scores:
CVE-2022-3597 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3597 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3599 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3599 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3626 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3626 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3627 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3627 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3970 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3970 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
openSUSE Leap Micro 5.3
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for tiff fixes the following issues:
- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in
libtiff/tif_unix.c (bnc#1204641).
- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in
tools/tiffcrop.c (bnc#1204643).
- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in
libtiff/tif_unix.c (bnc#1204644)
- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in
libtiff/tif_unix.c (bnc#1204645).
- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt()
(bnc#1205392).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.3:
zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4259=1
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4259=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-4259=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4259=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4259=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4259=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4259=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4259=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4259=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4259=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4259=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4259=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4259=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4259=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4259=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4259=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4259=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4259=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4259=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4259=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-4259=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4259=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4259=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4259=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4259=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4259=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4259=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4259=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-4259=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-4259=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.3 (aarch64 x86_64):
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- openSUSE Leap 15.4 (x86_64):
libtiff-devel-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- openSUSE Leap 15.3 (x86_64):
libtiff-devel-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Manager Server 4.1 (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Manager Proxy 4.1 (x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server for SAP 15 (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64):
tiff-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
tiff-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Enterprise Storage 7 (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
- SUSE Enterprise Storage 6 (x86_64):
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
- SUSE CaaS Platform 4.0 (x86_64):
libtiff-devel-4.0.9-150000.45.19.1
libtiff5-32bit-4.0.9-150000.45.19.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.19.1
libtiff5-4.0.9-150000.45.19.1
libtiff5-debuginfo-4.0.9-150000.45.19.1
tiff-debuginfo-4.0.9-150000.45.19.1
tiff-debugsource-4.0.9-150000.45.19.1
References:
https://www.suse.com/security/cve/CVE-2022-3597.html
https://www.suse.com/security/cve/CVE-2022-3599.html
https://www.suse.com/security/cve/CVE-2022-3626.html
https://www.suse.com/security/cve/CVE-2022-3627.html
https://www.suse.com/security/cve/CVE-2022-3970.html
https://bugzilla.suse.com/1204641
https://bugzilla.suse.com/1204643
https://bugzilla.suse.com/1204644
https://bugzilla.suse.com/1204645
https://bugzilla.suse.com/1205392
1
0
SUSE-SU-2022:4260-1: important: Security update for busybox
by opensuse-security@opensuse.org 28 Nov '22
by opensuse-security@opensuse.org 28 Nov '22
28 Nov '22
SUSE Security Update: Security update for busybox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4260-1
Rating: important
References: #1099260 #914660
Cross-References: CVE-2014-9645 CVE-2018-1000517
CVSS scores:
CVE-2014-9645 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE-2018-1000517 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2018-1000517 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for busybox fixes the following issues:
- CVE-2014-9645: Fixed loading of unwanted module with / in module names
(bsc#914660).
- Enable switch_root With this change virtme --force-initramfs works as
expected.
- Enable udhcpc
Update to 1.35.0:
- awk: fix printf %%, fix read beyond end of buffer
- Adjust busybox.config for new features in find, date and cpio
- chrt: silence analyzer warning
- libarchive: remove duplicate forward declaration
- mount: "mount -o rw ...." should not fall back to RO mount
- ps: fix -o pid=PID,args interpreting entire "PID,args" as header
- tar: prevent malicious archives with long name sizes causing OOM
- udhcpc6: fix udhcp_find_option to actually find DHCP6 options
- xxd: fix -p -r
- support for new optoins added to basename, cpio, date, find, mktemp,
wget and others
- Adjust busybox.config for new features in find, date and cpio
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4260=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4260=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4260=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4260=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4260=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4260=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4260=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4260=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4260=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4260=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4260=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4260=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4260=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4260=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4260=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4260=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4260=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4260=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4260=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-4260=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-4260=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Manager Proxy 4.1 (x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
busybox-1.35.0-150000.4.14.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
busybox-1.35.0-150000.4.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
busybox-1.35.0-150000.4.14.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
busybox-1.35.0-150000.4.14.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
- SUSE CaaS Platform 4.0 (x86_64):
busybox-1.35.0-150000.4.14.1
busybox-static-1.35.0-150000.4.14.1
References:
https://www.suse.com/security/cve/CVE-2014-9645.html
https://www.suse.com/security/cve/CVE-2018-1000517.html
https://bugzilla.suse.com/1099260
https://bugzilla.suse.com/914660
1
0