openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
November 2022
- 2 participants
- 149 discussions
openSUSE-SU-2022:10207-1: moderate: Security update for tumbler
by opensuse-security@opensuse.org 20 Nov '22
by opensuse-security@opensuse.org 20 Nov '22
20 Nov '22
openSUSE Security Update: Security update for tumbler
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10207-1
Rating: moderate
References: #1203644 #1205210
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for tumbler fixes the following issues:
tumbler was updated to version 4.16.1 (boo#1205210)
* gst-thumbnailer: Add mime type check (gxo#xfce/tumbler#65)
* desktop-thumbnailer: Guard against null path
* Fix typo in gthread version (gxo#xfce/tumbler!14)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10207=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64):
libtumbler-1-0-4.16.1-bp154.3.3.1
tumbler-4.16.1-bp154.3.3.1
tumbler-devel-4.16.1-bp154.3.3.1
tumbler-folder-thumbnailer-4.16.1-bp154.3.3.1
tumbler-webp-thumbnailer-4.16.1-bp154.3.3.1
- openSUSE Backports SLE-15-SP4 (noarch):
tumbler-doc-4.16.1-bp154.3.3.1
tumbler-lang-4.16.1-bp154.3.3.1
References:
https://bugzilla.suse.com/1203644
https://bugzilla.suse.com/1205210
1
0
18 Nov '22
SUSE Security Update: Security update for 389-ds
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4124-1
Rating: low
References: #1194119 #1204493 #1204748 #1205146
Cross-References: CVE-2021-45710
CVSS scores:
CVE-2021-45710 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-45710 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves one vulnerability and has three fixes
is now available.
Description:
This update for 389-ds fixes the following issues:
- CVE-2021-45710: Fixed tokio data race with memory corruption
(bsc#1194119).
- Update to version 2.0.16~git56.d15a0a7.
- Failure to migrate from openldap if pwdPolicyChecker present
(bsc#1205146).
- Resolve issue with checklist post migration when dds is present
(bsc#1204748).
- Improve reliability of migrations from openldap when dynamic directory
services is configured (bsc#1204493).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4124=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4124=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
389-ds-1.4.4.19~git59.136fc84-150300.3.27.1
389-ds-debuginfo-1.4.4.19~git59.136fc84-150300.3.27.1
389-ds-debugsource-1.4.4.19~git59.136fc84-150300.3.27.1
389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1
389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1
389-ds-snmp-debuginfo-1.4.4.19~git59.136fc84-150300.3.27.1
lib389-1.4.4.19~git59.136fc84-150300.3.27.1
libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1
libsvrcore0-debuginfo-1.4.4.19~git59.136fc84-150300.3.27.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
389-ds-1.4.4.19~git59.136fc84-150300.3.27.1
389-ds-debuginfo-1.4.4.19~git59.136fc84-150300.3.27.1
389-ds-debugsource-1.4.4.19~git59.136fc84-150300.3.27.1
389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1
lib389-1.4.4.19~git59.136fc84-150300.3.27.1
libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1
libsvrcore0-debuginfo-1.4.4.19~git59.136fc84-150300.3.27.1
References:
https://www.suse.com/security/cve/CVE-2021-45710.html
https://bugzilla.suse.com/1194119
https://bugzilla.suse.com/1204493
https://bugzilla.suse.com/1204748
https://bugzilla.suse.com/1205146
1
0
SUSE-SU-2022:4130-1: important: Security update for frr
by opensuse-security@opensuse.org 18 Nov '22
by opensuse-security@opensuse.org 18 Nov '22
18 Nov '22
SUSE Security Update: Security update for frr
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4130-1
Rating: important
References: #1202085 #1204124
Cross-References: CVE-2022-37035 CVE-2022-42917
CVSS scores:
CVE-2022-37035 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-37035 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for frr fixes the following issues:
- CVE-2022-37035: Fixed a possible use-after-free due to a race condition
related to bgp_notify_send_with_data() and bgp_process_packet()
(bsc#1202085).
- CVE-2022-42917: Fixed a privilege escalation from frr to root in frr
config creation (bsc#1204124).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-4130=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4130=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4130=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4130=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
frr-7.4-150300.4.10.1
frr-debuginfo-7.4-150300.4.10.1
frr-debugsource-7.4-150300.4.10.1
frr-devel-7.4-150300.4.10.1
libfrr0-7.4-150300.4.10.1
libfrr0-debuginfo-7.4-150300.4.10.1
libfrr_pb0-7.4-150300.4.10.1
libfrr_pb0-debuginfo-7.4-150300.4.10.1
libfrrcares0-7.4-150300.4.10.1
libfrrcares0-debuginfo-7.4-150300.4.10.1
libfrrfpm_pb0-7.4-150300.4.10.1
libfrrfpm_pb0-debuginfo-7.4-150300.4.10.1
libfrrgrpc_pb0-7.4-150300.4.10.1
libfrrgrpc_pb0-debuginfo-7.4-150300.4.10.1
libfrrospfapiclient0-7.4-150300.4.10.1
libfrrospfapiclient0-debuginfo-7.4-150300.4.10.1
libfrrsnmp0-7.4-150300.4.10.1
libfrrsnmp0-debuginfo-7.4-150300.4.10.1
libfrrzmq0-7.4-150300.4.10.1
libfrrzmq0-debuginfo-7.4-150300.4.10.1
libmlag_pb0-7.4-150300.4.10.1
libmlag_pb0-debuginfo-7.4-150300.4.10.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
frr-7.4-150300.4.10.1
frr-debuginfo-7.4-150300.4.10.1
frr-debugsource-7.4-150300.4.10.1
frr-devel-7.4-150300.4.10.1
libfrr0-7.4-150300.4.10.1
libfrr0-debuginfo-7.4-150300.4.10.1
libfrr_pb0-7.4-150300.4.10.1
libfrr_pb0-debuginfo-7.4-150300.4.10.1
libfrrcares0-7.4-150300.4.10.1
libfrrcares0-debuginfo-7.4-150300.4.10.1
libfrrfpm_pb0-7.4-150300.4.10.1
libfrrfpm_pb0-debuginfo-7.4-150300.4.10.1
libfrrgrpc_pb0-7.4-150300.4.10.1
libfrrgrpc_pb0-debuginfo-7.4-150300.4.10.1
libfrrospfapiclient0-7.4-150300.4.10.1
libfrrospfapiclient0-debuginfo-7.4-150300.4.10.1
libfrrsnmp0-7.4-150300.4.10.1
libfrrsnmp0-debuginfo-7.4-150300.4.10.1
libfrrzmq0-7.4-150300.4.10.1
libfrrzmq0-debuginfo-7.4-150300.4.10.1
libmlag_pb0-7.4-150300.4.10.1
libmlag_pb0-debuginfo-7.4-150300.4.10.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
frr-7.4-150300.4.10.1
frr-debuginfo-7.4-150300.4.10.1
frr-debugsource-7.4-150300.4.10.1
frr-devel-7.4-150300.4.10.1
libfrr0-7.4-150300.4.10.1
libfrr0-debuginfo-7.4-150300.4.10.1
libfrr_pb0-7.4-150300.4.10.1
libfrr_pb0-debuginfo-7.4-150300.4.10.1
libfrrcares0-7.4-150300.4.10.1
libfrrcares0-debuginfo-7.4-150300.4.10.1
libfrrfpm_pb0-7.4-150300.4.10.1
libfrrfpm_pb0-debuginfo-7.4-150300.4.10.1
libfrrgrpc_pb0-7.4-150300.4.10.1
libfrrgrpc_pb0-debuginfo-7.4-150300.4.10.1
libfrrospfapiclient0-7.4-150300.4.10.1
libfrrospfapiclient0-debuginfo-7.4-150300.4.10.1
libfrrsnmp0-7.4-150300.4.10.1
libfrrsnmp0-debuginfo-7.4-150300.4.10.1
libfrrzmq0-7.4-150300.4.10.1
libfrrzmq0-debuginfo-7.4-150300.4.10.1
libmlag_pb0-7.4-150300.4.10.1
libmlag_pb0-debuginfo-7.4-150300.4.10.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
frr-7.4-150300.4.10.1
frr-debuginfo-7.4-150300.4.10.1
frr-debugsource-7.4-150300.4.10.1
frr-devel-7.4-150300.4.10.1
libfrr0-7.4-150300.4.10.1
libfrr0-debuginfo-7.4-150300.4.10.1
libfrr_pb0-7.4-150300.4.10.1
libfrr_pb0-debuginfo-7.4-150300.4.10.1
libfrrcares0-7.4-150300.4.10.1
libfrrcares0-debuginfo-7.4-150300.4.10.1
libfrrfpm_pb0-7.4-150300.4.10.1
libfrrfpm_pb0-debuginfo-7.4-150300.4.10.1
libfrrgrpc_pb0-7.4-150300.4.10.1
libfrrgrpc_pb0-debuginfo-7.4-150300.4.10.1
libfrrospfapiclient0-7.4-150300.4.10.1
libfrrospfapiclient0-debuginfo-7.4-150300.4.10.1
libfrrsnmp0-7.4-150300.4.10.1
libfrrsnmp0-debuginfo-7.4-150300.4.10.1
libfrrzmq0-7.4-150300.4.10.1
libfrrzmq0-debuginfo-7.4-150300.4.10.1
libmlag_pb0-7.4-150300.4.10.1
libmlag_pb0-debuginfo-7.4-150300.4.10.1
References:
https://www.suse.com/security/cve/CVE-2022-37035.html
https://www.suse.com/security/cve/CVE-2022-42917.html
https://bugzilla.suse.com/1202085
https://bugzilla.suse.com/1204124
1
0
SUSE-SU-2022:4084-1: important: Security update for nodejs16
by opensuse-security@opensuse.org 18 Nov '22
by opensuse-security@opensuse.org 18 Nov '22
18 Nov '22
SUSE Security Update: Security update for nodejs16
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4084-1
Rating: important
References: #1205119
Cross-References: CVE-2022-43548
CVSS scores:
CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Web Scripting 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for nodejs16 fixes the following issues:
- Update to LTS versino 16.18.1.
- CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP
address (bsc#1205119).
- Update to LTS version 16.18.0:
* http: throw error on content-length mismatch
* stream: add ReadableByteStream.tee()
* deps: npm updated to 8.19.2
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4084=1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-4084=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nodejs16-16.18.1-150300.7.15.1
nodejs16-debuginfo-16.18.1-150300.7.15.1
nodejs16-debugsource-16.18.1-150300.7.15.1
nodejs16-devel-16.18.1-150300.7.15.1
npm16-16.18.1-150300.7.15.1
- openSUSE Leap 15.3 (noarch):
nodejs16-docs-16.18.1-150300.7.15.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64):
nodejs16-16.18.1-150300.7.15.1
nodejs16-debuginfo-16.18.1-150300.7.15.1
nodejs16-debugsource-16.18.1-150300.7.15.1
nodejs16-devel-16.18.1-150300.7.15.1
npm16-16.18.1-150300.7.15.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch):
nodejs16-docs-16.18.1-150300.7.15.1
References:
https://www.suse.com/security/cve/CVE-2022-43548.html
https://bugzilla.suse.com/1205119
1
0
SUSE-SU-2022:4079-1: moderate: Security update for java-17-openjdk
by opensuse-security@opensuse.org 18 Nov '22
by opensuse-security@opensuse.org 18 Nov '22
18 Nov '22
SUSE Security Update: Security update for java-17-openjdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4079-1
Rating: moderate
References: #1203476 #1204468 #1204472 #1204473 #1204475
#1204480
Cross-References: CVE-2022-21618 CVE-2022-21619 CVE-2022-21624
CVE-2022-21628 CVE-2022-39399
CVSS scores:
CVE-2022-21618 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21618 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-39399 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-39399 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 5 vulnerabilities and has one errata
is now available.
Description:
This update for java-17-openjdk fixes the following issues:
- Update to jdk-17.0.5+8 (October 2022 CPU)
- CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480)
- CVE-2022-21628: Better HttpServer service (bsc#1204472)
- CVE-2022-21624: Enhance icon presentations (bsc#1204475)
- CVE-2022-21619: Improve NTLM support (bsc#1204473)
- CVE-2022-21618: Wider MultiByte (bsc#1204468)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-4079=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4079=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
java-17-openjdk-17.0.5.0-150400.3.6.1
java-17-openjdk-accessibility-17.0.5.0-150400.3.6.1
java-17-openjdk-accessibility-debuginfo-17.0.5.0-150400.3.6.1
java-17-openjdk-debuginfo-17.0.5.0-150400.3.6.1
java-17-openjdk-debugsource-17.0.5.0-150400.3.6.1
java-17-openjdk-demo-17.0.5.0-150400.3.6.1
java-17-openjdk-devel-17.0.5.0-150400.3.6.1
java-17-openjdk-devel-debuginfo-17.0.5.0-150400.3.6.1
java-17-openjdk-headless-17.0.5.0-150400.3.6.1
java-17-openjdk-headless-debuginfo-17.0.5.0-150400.3.6.1
java-17-openjdk-jmods-17.0.5.0-150400.3.6.1
java-17-openjdk-src-17.0.5.0-150400.3.6.1
- openSUSE Leap 15.4 (noarch):
java-17-openjdk-javadoc-17.0.5.0-150400.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
java-17-openjdk-17.0.5.0-150400.3.6.1
java-17-openjdk-debuginfo-17.0.5.0-150400.3.6.1
java-17-openjdk-debugsource-17.0.5.0-150400.3.6.1
java-17-openjdk-demo-17.0.5.0-150400.3.6.1
java-17-openjdk-devel-17.0.5.0-150400.3.6.1
java-17-openjdk-devel-debuginfo-17.0.5.0-150400.3.6.1
java-17-openjdk-headless-17.0.5.0-150400.3.6.1
java-17-openjdk-headless-debuginfo-17.0.5.0-150400.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-21618.html
https://www.suse.com/security/cve/CVE-2022-21619.html
https://www.suse.com/security/cve/CVE-2022-21624.html
https://www.suse.com/security/cve/CVE-2022-21628.html
https://www.suse.com/security/cve/CVE-2022-39399.html
https://bugzilla.suse.com/1203476
https://bugzilla.suse.com/1204468
https://bugzilla.suse.com/1204472
https://bugzilla.suse.com/1204473
https://bugzilla.suse.com/1204475
https://bugzilla.suse.com/1204480
1
0
SUSE-SU-2022:4078-1: moderate: Security update for java-11-openjdk
by opensuse-security@opensuse.org 18 Nov '22
by opensuse-security@opensuse.org 18 Nov '22
18 Nov '22
SUSE Security Update: Security update for java-11-openjdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4078-1
Rating: moderate
References: #1203476 #1204468 #1204471 #1204472 #1204473
#1204475 #1204480 #1204523
Cross-References: CVE-2022-21618 CVE-2022-21619 CVE-2022-21624
CVE-2022-21626 CVE-2022-21628 CVE-2022-39399
CVSS scores:
CVE-2022-21618 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21618 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-39399 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-39399 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 6 vulnerabilities and has two fixes
is now available.
Description:
This update for java-11-openjdk fixes the following issues:
- Update to jdk-11.0.17+8 (October 2022 CPU)
- CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480)
- CVE-2022-21628: Better HttpServer service (bsc#1204472)
- CVE-2022-21624: Enhance icon presentations (bsc#1204475)
- CVE-2022-21619: Improve NTLM support (bsc#1204473)
- CVE-2022-21626: Key X509 usages (bsc#1204471)
- CVE-2022-21618: Wider MultiByte (bsc#1204468)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-4078=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4078=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4078=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4078=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4078=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4078=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4078=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4078=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4078=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4078=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4078=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4078=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4078=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4078=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4078=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4078=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4078=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4078=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4078=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4078=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4078=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4078=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4078=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-4078=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-4078=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-accessibility-11.0.17.0-150000.3.86.2
java-11-openjdk-accessibility-debuginfo-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
java-11-openjdk-jmods-11.0.17.0-150000.3.86.2
java-11-openjdk-src-11.0.17.0-150000.3.86.2
- openSUSE Leap 15.4 (noarch):
java-11-openjdk-javadoc-11.0.17.0-150000.3.86.2
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-accessibility-11.0.17.0-150000.3.86.2
java-11-openjdk-accessibility-debuginfo-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
java-11-openjdk-jmods-11.0.17.0-150000.3.86.2
java-11-openjdk-src-11.0.17.0-150000.3.86.2
- openSUSE Leap 15.3 (noarch):
java-11-openjdk-javadoc-11.0.17.0-150000.3.86.2
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Manager Retail Branch Server 4.1 (x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Manager Proxy 4.1 (x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch):
java-11-openjdk-javadoc-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
java-11-openjdk-jmods-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
java-11-openjdk-javadoc-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Enterprise Storage 7 (aarch64 x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE Enterprise Storage 6 (aarch64 x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
- SUSE CaaS Platform 4.0 (x86_64):
java-11-openjdk-11.0.17.0-150000.3.86.2
java-11-openjdk-debugsource-11.0.17.0-150000.3.86.2
java-11-openjdk-demo-11.0.17.0-150000.3.86.2
java-11-openjdk-devel-11.0.17.0-150000.3.86.2
java-11-openjdk-headless-11.0.17.0-150000.3.86.2
References:
https://www.suse.com/security/cve/CVE-2022-21618.html
https://www.suse.com/security/cve/CVE-2022-21619.html
https://www.suse.com/security/cve/CVE-2022-21624.html
https://www.suse.com/security/cve/CVE-2022-21626.html
https://www.suse.com/security/cve/CVE-2022-21628.html
https://www.suse.com/security/cve/CVE-2022-39399.html
https://bugzilla.suse.com/1203476
https://bugzilla.suse.com/1204468
https://bugzilla.suse.com/1204471
https://bugzilla.suse.com/1204472
https://bugzilla.suse.com/1204473
https://bugzilla.suse.com/1204475
https://bugzilla.suse.com/1204480
https://bugzilla.suse.com/1204523
1
0
SUSE-SU-2022:4082-1: important: Security update for openjpeg
by opensuse-security@opensuse.org 18 Nov '22
by opensuse-security@opensuse.org 18 Nov '22
18 Nov '22
SUSE Security Update: Security update for openjpeg
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4082-1
Rating: important
References: #1140205 #1149789 #1179821 #1180043 #1180044
#1180046
Cross-References: CVE-2018-20846 CVE-2018-21010 CVE-2020-27824
CVE-2020-27842 CVE-2020-27843 CVE-2020-27845
CVSS scores:
CVE-2018-20846 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-20846 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-21010 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-21010 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-27824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-27824 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVE-2020-27842 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-27842 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
CVE-2020-27843 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-27843 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
CVE-2020-27845 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-27845 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for openjpeg fixes the following issues:
- CVE-2018-20846: Fixed an Out-of-bounds accesses in pi_next_lrcp,
pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and
pi_next_cprl in openmj2/pi. (bsc#1140205)
- CVE-2018-21010: Fixed a heap buffer overflow in color_apply_icc_profile
in bin/common/color.c (bsc#1149789)
- CVE-2020-27824: Fixed an OOB read in opj_dwt_calc_explicit_stepsizes()
(bsc#1179821)
- CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset
function in lib/openjp2/tgt.c (bsc#1180043)
- CVE-2020-27843: Fixed an out-of-bounds read in opj_t2_encode_packet
function in openjp2/t2.c (bsc#1180044)
- CVE-2020-27845: Fixed a heap-based buffer over-read in functions
opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c
(bsc#1180046)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-4082=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4082=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4082=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4082=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4082=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4082=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4082=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4082=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4082=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4082=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4082=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4082=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
- openSUSE Leap 15.4 (x86_64):
libopenjpeg1-32bit-1.5.2-150000.4.10.1
libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.10.1
openjpeg-devel-32bit-1.5.2-150000.4.10.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
- openSUSE Leap 15.3 (x86_64):
libopenjpeg1-32bit-1.5.2-150000.4.10.1
libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.10.1
openjpeg-devel-32bit-1.5.2-150000.4.10.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
- SUSE Linux Enterprise Server for SAP 15 (x86_64):
libopenjpeg1-32bit-1.5.2-150000.4.10.1
libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.10.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-32bit-1.5.2-150000.4.10.1
libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.10.1
libopenjpeg1-debuginfo-1.5.2-150000.4.10.1
openjpeg-debuginfo-1.5.2-150000.4.10.1
openjpeg-debugsource-1.5.2-150000.4.10.1
openjpeg-devel-1.5.2-150000.4.10.1
References:
https://www.suse.com/security/cve/CVE-2018-20846.html
https://www.suse.com/security/cve/CVE-2018-21010.html
https://www.suse.com/security/cve/CVE-2020-27824.html
https://www.suse.com/security/cve/CVE-2020-27842.html
https://www.suse.com/security/cve/CVE-2020-27843.html
https://www.suse.com/security/cve/CVE-2020-27845.html
https://bugzilla.suse.com/1140205
https://bugzilla.suse.com/1149789
https://bugzilla.suse.com/1179821
https://bugzilla.suse.com/1180043
https://bugzilla.suse.com/1180044
https://bugzilla.suse.com/1180046
1
0
SUSE-SU-2022:4085-1: important: Security update for MozillaThunderbird
by opensuse-security@opensuse.org 18 Nov '22
by opensuse-security@opensuse.org 18 Nov '22
18 Nov '22
SUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4085-1
Rating: important
References: #1204421 #1205270
Cross-References: CVE-2022-42927 CVE-2022-42928 CVE-2022-42929
CVE-2022-42932 CVE-2022-45403 CVE-2022-45404
CVE-2022-45405 CVE-2022-45406 CVE-2022-45408
CVE-2022-45409 CVE-2022-45410 CVE-2022-45411
CVE-2022-45412 CVE-2022-45416 CVE-2022-45418
CVE-2022-45420 CVE-2022-45421
CVSS scores:
CVE-2022-42927 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-42928 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-42929 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-42932 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 17 vulnerabilities is now available.
Description:
This update for MozillaThunderbird fixes the following issues:
- Fixed various security issues (MFSA 2022-49, bsc#1205270):
* CVE-2022-45403 (bmo#1762078) Service Workers might have learned size
of cross-origin media files
* CVE-2022-45404 (bmo#1790815) Fullscreen notification bypass
* CVE-2022-45405 (bmo#1791314) Use-after-free in InputStream
implementation
* CVE-2022-45406 (bmo#1791975) Use-after-free of a JavaScript Realm
* CVE-2022-45408 (bmo#1793829) Fullscreen notification bypass via
windowName
* CVE-2022-45409 (bmo#1796901) Use-after-free in Garbage Collection
* CVE-2022-45410 (bmo#1658869) ServiceWorker-intercepted requests
bypassed SameSite cookie policy
* CVE-2022-45411 (bmo#1790311) Cross-Site Tracing was possible via
non-standard override headers
* CVE-2022-45412 (bmo#1791029) Symlinks may resolve to partially
uninitialized buffers
* CVE-2022-45416 (bmo#1793676) Keystroke Side-Channel Leakage
* CVE-2022-45418 (bmo#1795815) Custom mouse cursor could have been drawn
over browser UI
* CVE-2022-45420 (bmo#1792643) Iframe contents could be rendered outside
the iframe
* CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) Memory safety
bugs fixed in Thunderbird 102.5
- Fixed various security issues: (MFSA 2022-46, bsc#1204421):
* CVE-2022-42927 (bmo#1789128) Same-origin policy violation could have
leaked cross-origin URLs
* CVE-2022-42928 (bmo#1791520) Memory Corruption in JS Engine
* CVE-2022-42929 (bmo#1789439) Denial of Service via window.print
* CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041) Memory safety
bugs fixed in Thunderbird 102.4
- Mozilla Thunderbird 102.5
* changed: `Ctrl+N` shortcut to create new contacts from address book
restored (bmo#1751288)
* fixed: Account Settings UI did not update to reflect default identity
changes (bmo#1782646)
* fixed: New POP mail notifications were incorrectly shown for messages
marked by filters as read or junk (bmo#1787531)
* fixed: Connecting to an IMAP server configured to use `PREAUTH` caused
Thunderbird to hang (bmo#1798161)
* fixed: Error responses received in greeting header from NNTP servers
did not display error message (bmo#1792281)
* fixed: News messages sent using "Send Later" failed to send after
going back online (bmo#1794997)
* fixed: "Download/Sync Now..." did not completely sync all newsgroups
before going offline (bmo#1795547)
* fixed: Username was missing from error dialog on failed login to news
server (bmo#1796964)
* fixed: Thunderbird can now fetch RSS channel feeds with incomplete
channel URL (bmo#1794775)
* fixed: Add-on "Contribute" button in Add-ons Manager did not work
(bmo#1795751)
* fixed: Help text for `/part` Matrix command was incorrect (bmo#1795578)
* fixed: Invite Attendees dialog did not fetch free/busy info for
attendees with encoded characters in their name (bmo#1797927)
- Mozilla Thunderbird 102.4.2
* changed: "Address Book" button in Account Central will now create a
CardDAV address book instead of a local address book (bmo#1793903)
* fixed: Messages fetched from POP server in `Fetch headers
only` mode disappeared when moved to different folder by filter action
(bmo#1793374)
* fixed: Thunderbird re-downloaded locally deleted messages from a POP
server when "Leave messages on server" and "Until I delete them" were
enabled (bmo#1796903)
* fixed: Multiple password prompts for the same POP account could be
displayed (bmo#1786920)
* fixed: IMAP authentication failed on next startup if ImapMail folder
was deleted by user (bmo#1793599)
* fixed: Retrieving passwords for authenticated NNTP accounts could fail
due to obsolete preferences in a users profile on every startup
(bmo#1770594)
* fixed: `Get Next n Messages` did not consistently fetch all messages
requested from NNTP server (bmo#1794185)
* fixed: `Get Messages` button unable to fetch messages from NNTP server
if root folder not selected (bmo#1792362)
* fixed: Thunderbird text branding did not always match locale
of localized build (bmo#1786199)
* fixed: Thunderbird installer and Thunderbird updater created Windows
shortcuts with different names (bmo#1787264)
* fixed: LDAP search filters unable to work with non-ASCII characters
(bmo#1794306)
* fixed: "Today" highlighting in Calendar Month view did not update
after date change at midnight (bmo#1795176)
- Mozilla Thunderbird 102.4.1
* new: Thunderbird will now catch and report errors parsing vCards that
contain incorrectly formatted dates (bmo#1793415)
* fixed: Dynamic language switching did not update interface when
switched to right-to-left languages (bmo#1794289)
* fixed: Custom header data was discarded after messages were saved as
draft and reopened (bmo#195716)
* fixed: `-remote` command line argument did not work, affecting
integration with various applications such as LibreOffice (bmo#1793323)
* fixed: Messages received via some SMS-to-email services could not
display images (bmo#1774805)
* fixed: VCards with nickname field set could not be edited (bmo#1793877)
* fixed: Some recurring events were missing from Agenda on first load
(bmo#1771168)
* fixed: Download requests for remote ICS calendars incorrectly set
"Accept" header to text/xml (bmo#1793757)
* fixed: Monthly events created on the 31st of a month with <30 days
placed first occurrence 1-2 days after the beginning of the following
month (bmo#1266797)
* fixed: Various visual and UX improvements
(bmo#1781437,bmo#1785314,bmo#1794139,bmo#1794155,bmo#1794399)
* changed: Thunderbird will automatically detect and repair OpenPGP key
storage corruption caused by using the profile import tool in
Thunderbird 102 (bmo#1790610)
* fixed: POP message download into a large folder (~13000 messages)
caused Thunderbird to temporarily freeze (bmo#1792675)
* fixed: Forwarding messages with special characters in Subject failed
on Windows (bmo#1782173)
* fixed: Links for FileLink attachments were not added when attachment
filename contained Unicode characters (bmo#1789589)
* fixed: Address Book display pane continued to show contacts after
deletion (bmo#1777808)
* fixed: Printing address book did not include all contact details
(bmo#1782076)
* fixed: CardDAV contacts without a Name property did not save to Google
Contacts (bmo#1792101)
* fixed: "Publish Calendar" did not work (bmo#1794471)
* fixed: Calendar database storage improvements (bmo#1792124)
* fixed: Incorrectly handled error responses from CalDAV servers
sometimes caused events to disappear from calendar (bmo#1792923)
* fixed: Various visual and UX improvements (bmo#1776093,bmo#17
80040,bmo#1780425,bmo#1792876,bmo#1792872,bmo#1793466,bmo#179 3543)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-4085=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4085=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4085=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4085=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4085=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4085=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-102.5.0-150200.8.90.1
MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1
MozillaThunderbird-debugsource-102.5.0-150200.8.90.1
MozillaThunderbird-translations-common-102.5.0-150200.8.90.1
MozillaThunderbird-translations-other-102.5.0-150200.8.90.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-102.5.0-150200.8.90.1
MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1
MozillaThunderbird-debugsource-102.5.0-150200.8.90.1
MozillaThunderbird-translations-common-102.5.0-150200.8.90.1
MozillaThunderbird-translations-other-102.5.0-150200.8.90.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
MozillaThunderbird-102.5.0-150200.8.90.1
MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1
MozillaThunderbird-debugsource-102.5.0-150200.8.90.1
MozillaThunderbird-translations-common-102.5.0-150200.8.90.1
MozillaThunderbird-translations-other-102.5.0-150200.8.90.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
MozillaThunderbird-102.5.0-150200.8.90.1
MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1
MozillaThunderbird-debugsource-102.5.0-150200.8.90.1
MozillaThunderbird-translations-common-102.5.0-150200.8.90.1
MozillaThunderbird-translations-other-102.5.0-150200.8.90.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x):
MozillaThunderbird-102.5.0-150200.8.90.1
MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1
MozillaThunderbird-debugsource-102.5.0-150200.8.90.1
MozillaThunderbird-translations-common-102.5.0-150200.8.90.1
MozillaThunderbird-translations-other-102.5.0-150200.8.90.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x):
MozillaThunderbird-102.5.0-150200.8.90.1
MozillaThunderbird-debuginfo-102.5.0-150200.8.90.1
MozillaThunderbird-debugsource-102.5.0-150200.8.90.1
MozillaThunderbird-translations-common-102.5.0-150200.8.90.1
MozillaThunderbird-translations-other-102.5.0-150200.8.90.1
References:
https://www.suse.com/security/cve/CVE-2022-42927.html
https://www.suse.com/security/cve/CVE-2022-42928.html
https://www.suse.com/security/cve/CVE-2022-42929.html
https://www.suse.com/security/cve/CVE-2022-42932.html
https://www.suse.com/security/cve/CVE-2022-45403.html
https://www.suse.com/security/cve/CVE-2022-45404.html
https://www.suse.com/security/cve/CVE-2022-45405.html
https://www.suse.com/security/cve/CVE-2022-45406.html
https://www.suse.com/security/cve/CVE-2022-45408.html
https://www.suse.com/security/cve/CVE-2022-45409.html
https://www.suse.com/security/cve/CVE-2022-45410.html
https://www.suse.com/security/cve/CVE-2022-45411.html
https://www.suse.com/security/cve/CVE-2022-45412.html
https://www.suse.com/security/cve/CVE-2022-45416.html
https://www.suse.com/security/cve/CVE-2022-45418.html
https://www.suse.com/security/cve/CVE-2022-45420.html
https://www.suse.com/security/cve/CVE-2022-45421.html
https://bugzilla.suse.com/1204421
https://bugzilla.suse.com/1205270
1
0
18 Nov '22
SUSE Security Update: Security update for dpkg
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4081-1
Rating: low
References: #1199944
Cross-References: CVE-2022-1664
CVSS scores:
CVE-2022-1664 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1664 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
openSUSE Leap Micro 5.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in
Dpkg::Source::Archive (bsc#1199944).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.3:
zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4081=1
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4081=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-4081=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4081=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4081=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4081=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4081=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4081=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4081=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4081=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4081=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4081=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4081=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4081=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4081=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4081=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4081=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4081=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4081=1
- SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-4081=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4081=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4081=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4081=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4081=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4081=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4081=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4081=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4081=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-4081=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-4081=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.3 (aarch64 x86_64):
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- openSUSE Leap 15.4 (noarch):
dpkg-lang-1.19.0.4-150000.4.4.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- openSUSE Leap 15.3 (noarch):
dpkg-lang-1.19.0.4-150000.4.4.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Manager Proxy 4.1 (x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64):
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
- SUSE CaaS Platform 4.0 (x86_64):
dpkg-1.19.0.4-150000.4.4.1
dpkg-debuginfo-1.19.0.4-150000.4.4.1
dpkg-debugsource-1.19.0.4-150000.4.4.1
dpkg-devel-1.19.0.4-150000.4.4.1
update-alternatives-1.19.0.4-150000.4.4.1
update-alternatives-debuginfo-1.19.0.4-150000.4.4.1
update-alternatives-debugsource-1.19.0.4-150000.4.4.1
References:
https://www.suse.com/security/cve/CVE-2022-1664.html
https://bugzilla.suse.com/1199944
1
0
SUSE-SU-2022:4077-1: important: Security update for sudo
by opensuse-security@opensuse.org 18 Nov '22
by opensuse-security@opensuse.org 18 Nov '22
18 Nov '22
SUSE Security Update: Security update for sudo
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:4077-1
Rating: important
References: #1190818 #1203201 #1204986
Cross-References: CVE-2022-43995
CVSS scores:
CVE-2022-43995 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-43995 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for sudo fixes the following issues:
- CVE-2022-43995: Fixed a potential heap-based buffer over-read when
entering a passwor dof seven characters or fewer and using the crypt()
password backend (bsc#1204986).
- Fix wrong information output in the error message (bsc#1190818).
- Make sure SIGCHLD is not ignored when sudo is executed; fixes race
condition (bsc#1203201).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4077=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-4077=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4077=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4077=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4077=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
sudo-1.9.5p2-150300.3.13.1
sudo-debuginfo-1.9.5p2-150300.3.13.1
sudo-debugsource-1.9.5p2-150300.3.13.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
sudo-1.9.5p2-150300.3.13.1
sudo-debuginfo-1.9.5p2-150300.3.13.1
sudo-debugsource-1.9.5p2-150300.3.13.1
sudo-devel-1.9.5p2-150300.3.13.1
sudo-plugin-python-1.9.5p2-150300.3.13.1
sudo-plugin-python-debuginfo-1.9.5p2-150300.3.13.1
sudo-test-1.9.5p2-150300.3.13.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
sudo-1.9.5p2-150300.3.13.1
sudo-debuginfo-1.9.5p2-150300.3.13.1
sudo-debugsource-1.9.5p2-150300.3.13.1
sudo-devel-1.9.5p2-150300.3.13.1
sudo-plugin-python-1.9.5p2-150300.3.13.1
sudo-plugin-python-debuginfo-1.9.5p2-150300.3.13.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
sudo-1.9.5p2-150300.3.13.1
sudo-debuginfo-1.9.5p2-150300.3.13.1
sudo-debugsource-1.9.5p2-150300.3.13.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
sudo-1.9.5p2-150300.3.13.1
sudo-debuginfo-1.9.5p2-150300.3.13.1
sudo-debugsource-1.9.5p2-150300.3.13.1
References:
https://www.suse.com/security/cve/CVE-2022-43995.html
https://bugzilla.suse.com/1190818
https://bugzilla.suse.com/1203201
https://bugzilla.suse.com/1204986
1
0