openSUSE Security Announce February 2022

security-announce@lists.opensuse.org

1 participants
50 discussions

openSUSE-SU-2022:0574-1: important: Security update for ucode-intel

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0574-1 Rating: important References: #1192615 #1195779 #1195780 #1195781 Cross-References: CVE-2021-0127 CVE-2021-0145 CVE-2021-0146 CVE-2021-33120 CVSS scores: CVE-2021-0127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-0127 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-0145 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0145 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-0146 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0146 (SUSE): 7.1 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2021-33120 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-33120 (SUSE): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615) - CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779) - CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780) - CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781) - Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00528.html) - Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/ad visory/intel-sa-00532.html) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-574=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-574=1 Package List: - openSUSE Leap 15.4 (x86_64): ucode-intel-20220207-10.1 - openSUSE Leap 15.3 (x86_64): ucode-intel-20220207-10.1 References: https://www.suse.com/security/cve/CVE-2021-0127.html https://www.suse.com/security/cve/CVE-2021-0145.html https://www.suse.com/security/cve/CVE-2021-0146.html https://www.suse.com/security/cve/CVE-2021-33120.html https://bugzilla.suse.com/1192615 https://bugzilla.suse.com/1195779 https://bugzilla.suse.com/1195780 https://bugzilla.suse.com/1195781

3 months, 4 weeks

openSUSE-SU-2022:0050-1: important: Security update for opera

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0050-1 Rating: important References: #1027353 #1081164 #1102775 #1108471 #1111122 #1116807 #1140341 #1145864 #1152968 #1174961 #1178021 #1178351 #1179009 #1179699 #1181591 SLE-6120 Cross-References: CVE-2018-18065 CVE-2020-15862 CVE-2022-0452 CVE-2022-0453 CVE-2022-0454 CVE-2022-0455 CVE-2022-0456 CVE-2022-0457 CVE-2022-0458 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0462 CVE-2022-0463 CVE-2022-0464 CVE-2022-0465 CVE-2022-0466 CVE-2022-0467 CVE-2022-0468 CVE-2022-0469 CVE-2022-0470 CVSS scores: CVE-2018-18065 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-18065 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-15862 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-15862 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.3:NonFree ______________________________________________________________________________ An update that fixes 21 vulnerabilities, contains one feature is now available. Description: This update for opera fixes the following issues: - Update to 84.0.4316.14 - CHR-8753 Update chromium on desktop-stable-98-4316 to 98.0.4758.82 - DNA-97177 Battery saver �� the icon looks bad for DPI!=100% - DNA-97614 automatic video pop-out for most popular websites broadcasting Winter Olympic Games 2022 - DNA-97804 Promote O84 to stable - The update to chromium 98.0.4758.82 fixes following issues: CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463, CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467, CVE-2022-0468, CVE-2022-0469, CVE-2022-0470 - Complete Opera 84.0 changelog at: https://blogs.opera.com/desktop/changelog-for-84/ - Update to 83.0.4254.54 - DNA-96581 Fast tab tooltip doesn��t always show related sites with scrollable tab strip - DNA-96608 Cannot drag a tab to create a new window - DNA-96657 Do not make tab tooltip hoverable if there��s no list of tabs - DNA-97291 Crash at opera::flow::FlowSessionImpl::RegisterDevice(base::OnceCallback) - DNA-97468 Incorrect number of restored tabs when video-popout is detached - DNA-97476 Add retry to stapling during signing - DNA-97609 Failing MetricsReporterTest.TimeSpent* smoketests Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3:NonFree: zypper in -t patch openSUSE-2022-50=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-50=1 Package List: - openSUSE Leap 15.3:NonFree (x86_64): opera-84.0.4316.14-lp153.2.36.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 python2-net-snmp-5.7.3-10.9.1 python2-net-snmp-debuginfo-5.7.3-10.9.1 python3-net-snmp-5.7.3-10.9.1 python3-net-snmp-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - openSUSE Leap 15.3 (x86_64): libsnmp30-32bit-5.7.3-10.9.1 libsnmp30-32bit-debuginfo-5.7.3-10.9.1 net-snmp-devel-32bit-5.7.3-10.9.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://www.suse.com/security/cve/CVE-2020-15862.html https://www.suse.com/security/cve/CVE-2022-0452.html https://www.suse.com/security/cve/CVE-2022-0453.html https://www.suse.com/security/cve/CVE-2022-0454.html https://www.suse.com/security/cve/CVE-2022-0455.html https://www.suse.com/security/cve/CVE-2022-0456.html https://www.suse.com/security/cve/CVE-2022-0457.html https://www.suse.com/security/cve/CVE-2022-0458.html https://www.suse.com/security/cve/CVE-2022-0459.html https://www.suse.com/security/cve/CVE-2022-0460.html https://www.suse.com/security/cve/CVE-2022-0461.html https://www.suse.com/security/cve/CVE-2022-0462.html https://www.suse.com/security/cve/CVE-2022-0463.html https://www.suse.com/security/cve/CVE-2022-0464.html https://www.suse.com/security/cve/CVE-2022-0465.html https://www.suse.com/security/cve/CVE-2022-0466.html https://www.suse.com/security/cve/CVE-2022-0467.html https://www.suse.com/security/cve/CVE-2022-0468.html https://www.suse.com/security/cve/CVE-2022-0469.html https://www.suse.com/security/cve/CVE-2022-0470.html https://bugzilla.suse.com/1027353 https://bugzilla.suse.com/1081164 https://bugzilla.suse.com/1102775 https://bugzilla.suse.com/1108471 https://bugzilla.suse.com/1111122 https://bugzilla.suse.com/1116807 https://bugzilla.suse.com/1140341 https://bugzilla.suse.com/1145864 https://bugzilla.suse.com/1152968 https://bugzilla.suse.com/1174961 https://bugzilla.suse.com/1178021 https://bugzilla.suse.com/1178351 https://bugzilla.suse.com/1179009 https://bugzilla.suse.com/1179699 https://bugzilla.suse.com/1181591

3 months, 4 weeks

openSUSE-SU-2022:0562-1: moderate: Security update for jasper

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0562-1 Rating: moderate References: #1188437 Cross-References: CVE-2021-27845 CVSS scores: CVE-2021-27845 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-27845 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jasper fixes the following issues: - CVE-2021-27845: Fixed divide-by-zery issue in cp_create() (bsc#1188437). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-562=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-562=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-3.22.1 jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - openSUSE Leap 15.4 (x86_64): libjasper4-32bit-2.0.14-3.22.1 libjasper4-32bit-debuginfo-2.0.14-3.22.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-3.22.1 jasper-debuginfo-2.0.14-3.22.1 jasper-debugsource-2.0.14-3.22.1 libjasper-devel-2.0.14-3.22.1 libjasper4-2.0.14-3.22.1 libjasper4-debuginfo-2.0.14-3.22.1 - openSUSE Leap 15.3 (x86_64): libjasper4-32bit-2.0.14-3.22.1 libjasper4-32bit-debuginfo-2.0.14-3.22.1 References: https://www.suse.com/security/cve/CVE-2021-27845.html https://bugzilla.suse.com/1188437

4 months

openSUSE-SU-2022:0559-1: important: Security update for MozillaThunderbird

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0559-1 Rating: important References: #1195682 #1196072 Cross-References: CVE-2022-0566 CVE-2022-22753 CVE-2022-22754 CVE-2022-22756 CVE-2022-22759 CVE-2022-22760 CVE-2022-22761 CVE-2022-22763 CVE-2022-22764 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.6.1 / MFSA 2022-07 (bsc#1196072) * CVE-2022-0566 (bmo#1753094) Crafted email could trigger an out-of-bounds write - Mozilla Thunderbird 91.6 / MFSA 2022-06 (bsc#1195682) * CVE-2022-22753 (bmo#1732435) Privilege Escalation to SYSTEM on Windows via Maintenance Service * CVE-2022-22754 (bmo#1750565) Extensions could have bypassed permission confirmation during update * CVE-2022-22756 (bmo#1317873) Drag and dropping an image could have resulted in the dropped object being an executable * CVE-2022-22759 (bmo#1739957) Sandboxed iframes could have executed script if the parent appended elements * CVE-2022-22760 (bmo#1740985, bmo#1748503) Cross-Origin responses could be distinguished between script and non-script content-types * CVE-2022-22761 (bmo#1745566) frame-ancestors Content Security Policy directive was not enforced for framed extension pages * CVE-2022-22763 (bmo#1740534) Script Execution during invalid object state * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545, bmo#1748210, bmo#1748279) Memory safety bugs fixed in Thunderbird 91.6 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-559=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-559=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.6.1-8.54.1 MozillaThunderbird-debuginfo-91.6.1-8.54.1 MozillaThunderbird-debugsource-91.6.1-8.54.1 MozillaThunderbird-translations-common-91.6.1-8.54.1 MozillaThunderbird-translations-other-91.6.1-8.54.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.6.1-8.54.1 MozillaThunderbird-debuginfo-91.6.1-8.54.1 MozillaThunderbird-debugsource-91.6.1-8.54.1 MozillaThunderbird-translations-common-91.6.1-8.54.1 MozillaThunderbird-translations-other-91.6.1-8.54.1 References: https://www.suse.com/security/cve/CVE-2022-0566.html https://www.suse.com/security/cve/CVE-2022-22753.html https://www.suse.com/security/cve/CVE-2022-22754.html https://www.suse.com/security/cve/CVE-2022-22756.html https://www.suse.com/security/cve/CVE-2022-22759.html https://www.suse.com/security/cve/CVE-2022-22760.html https://www.suse.com/security/cve/CVE-2022-22761.html https://www.suse.com/security/cve/CVE-2022-22763.html https://www.suse.com/security/cve/CVE-2022-22764.html https://bugzilla.suse.com/1195682 https://bugzilla.suse.com/1196072

4 months

openSUSE-SU-2022:0539-1: moderate: Security update for systemd

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0539-1 Rating: moderate References: #1191826 #1192637 #1194178 Cross-References: CVE-2021-3997 CVSS scores: CVE-2021-3997 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-539=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-539=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): systemd-logger-246.16-150300.7.39.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.39.1 libsystemd0-debuginfo-246.16-150300.7.39.1 libudev-devel-246.16-150300.7.39.1 libudev1-246.16-150300.7.39.1 libudev1-debuginfo-246.16-150300.7.39.1 nss-myhostname-246.16-150300.7.39.1 nss-myhostname-debuginfo-246.16-150300.7.39.1 nss-mymachines-246.16-150300.7.39.1 nss-mymachines-debuginfo-246.16-150300.7.39.1 nss-resolve-246.16-150300.7.39.1 nss-resolve-debuginfo-246.16-150300.7.39.1 nss-systemd-246.16-150300.7.39.1 nss-systemd-debuginfo-246.16-150300.7.39.1 systemd-246.16-150300.7.39.1 systemd-container-246.16-150300.7.39.1 systemd-container-debuginfo-246.16-150300.7.39.1 systemd-coredump-246.16-150300.7.39.1 systemd-coredump-debuginfo-246.16-150300.7.39.1 systemd-debuginfo-246.16-150300.7.39.1 systemd-debugsource-246.16-150300.7.39.1 systemd-devel-246.16-150300.7.39.1 systemd-doc-246.16-150300.7.39.1 systemd-journal-remote-246.16-150300.7.39.1 systemd-journal-remote-debuginfo-246.16-150300.7.39.1 systemd-logger-246.16-150300.7.39.1 systemd-network-246.16-150300.7.39.1 systemd-network-debuginfo-246.16-150300.7.39.1 systemd-sysvinit-246.16-150300.7.39.1 udev-246.16-150300.7.39.1 udev-debuginfo-246.16-150300.7.39.1 - openSUSE Leap 15.3 (noarch): systemd-lang-246.16-150300.7.39.1 - openSUSE Leap 15.3 (x86_64): libsystemd0-32bit-246.16-150300.7.39.1 libsystemd0-32bit-debuginfo-246.16-150300.7.39.1 libudev-devel-32bit-246.16-150300.7.39.1 libudev1-32bit-246.16-150300.7.39.1 libudev1-32bit-debuginfo-246.16-150300.7.39.1 nss-myhostname-32bit-246.16-150300.7.39.1 nss-myhostname-32bit-debuginfo-246.16-150300.7.39.1 nss-mymachines-32bit-246.16-150300.7.39.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.39.1 systemd-32bit-246.16-150300.7.39.1 systemd-32bit-debuginfo-246.16-150300.7.39.1 References: https://www.suse.com/security/cve/CVE-2021-3997.html https://bugzilla.suse.com/1191826 https://bugzilla.suse.com/1192637 https://bugzilla.suse.com/1194178

4 months

openSUSE-SU-2022:0540-1: moderate: Security update for ImageMagick

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for ImageMagick ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0540-1 Rating: moderate References: #1195563 Cross-References: CVE-2022-0284 CVSS scores: CVE-2022-0284 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ImageMagick fixes the following issues: - CVE-2022-0284: Fixed heap buffer overread in GetPixelAlpha() in MagickCore/pixel-accessor.h (bsc#1195563). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-540=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-540=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libMagick++-7_Q16HDRI4-7.0.7.34-10.21.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.21.1 - openSUSE Leap 15.4 (x86_64): libMagick++-7_Q16HDRI4-32bit-7.0.7.34-10.21.1 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-10.21.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ImageMagick-7.0.7.34-10.21.1 ImageMagick-config-7-SUSE-7.0.7.34-10.21.1 ImageMagick-config-7-upstream-7.0.7.34-10.21.1 ImageMagick-debuginfo-7.0.7.34-10.21.1 ImageMagick-debugsource-7.0.7.34-10.21.1 ImageMagick-devel-7.0.7.34-10.21.1 ImageMagick-extra-7.0.7.34-10.21.1 ImageMagick-extra-debuginfo-7.0.7.34-10.21.1 libMagick++-7_Q16HDRI4-7.0.7.34-10.21.1 libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-10.21.1 libMagick++-devel-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-10.21.1 perl-PerlMagick-7.0.7.34-10.21.1 perl-PerlMagick-debuginfo-7.0.7.34-10.21.1 - openSUSE Leap 15.3 (x86_64): ImageMagick-devel-32bit-7.0.7.34-10.21.1 libMagick++-7_Q16HDRI4-32bit-7.0.7.34-10.21.1 libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-10.21.1 libMagick++-devel-32bit-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-10.21.1 libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-10.21.1 libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-10.21.1 - openSUSE Leap 15.3 (noarch): ImageMagick-doc-7.0.7.34-10.21.1 References: https://www.suse.com/security/cve/CVE-2022-0284.html https://bugzilla.suse.com/1195563

4 months

openSUSE-SU-2022:0046-1: moderate: Security update for sphinx

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for sphinx ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0046-1 Rating: moderate References: #1195227 Cross-References: CVE-2020-29050 CVSS scores: CVE-2020-29050 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: sphinx was updated to fix the following issues: - CVE-2020-29050: SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). (boo#1195227) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-2022-46=1 Package List: - openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64): libsphinxclient-0_0_1-2.2.11-lp154.3.3.1 libsphinxclient-devel-2.2.11-lp154.3.3.1 sphinx-2.2.11-lp154.3.3.1 sphinx-debuginfo-2.2.11-lp154.3.3.1 sphinx-debugsource-2.2.11-lp154.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-29050.html https://bugzilla.suse.com/1195227

4 months

openSUSE-SU-2022:0526-1: moderate: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0526-1 Rating: moderate References: Cross-References: CVE-2021-43565 CVSS scores: CVE-2021-43565 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues: - Update to version 0.49.0 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v0.49.0 - Drop kubevirt-psp-caasp.yaml - Install curl and lsscsi (needed for testing) - Symlink UEFI firmware with AMD SEV support - Install tar package to enable kubectl cp ... - Make a "fixed appliance" for libguestfs - Explicitly install libguestfs{,-devel} and supermin Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-526=1 Package List: - openSUSE Leap 15.3 (x86_64): kubevirt-container-disk-0.49.0-150300.8.10.1 kubevirt-container-disk-debuginfo-0.49.0-150300.8.10.1 kubevirt-manifests-0.49.0-150300.8.10.1 kubevirt-tests-0.49.0-150300.8.10.1 kubevirt-tests-debuginfo-0.49.0-150300.8.10.1 kubevirt-virt-api-0.49.0-150300.8.10.1 kubevirt-virt-api-debuginfo-0.49.0-150300.8.10.1 kubevirt-virt-controller-0.49.0-150300.8.10.1 kubevirt-virt-controller-debuginfo-0.49.0-150300.8.10.1 kubevirt-virt-handler-0.49.0-150300.8.10.1 kubevirt-virt-handler-debuginfo-0.49.0-150300.8.10.1 kubevirt-virt-launcher-0.49.0-150300.8.10.1 kubevirt-virt-launcher-debuginfo-0.49.0-150300.8.10.1 kubevirt-virt-operator-0.49.0-150300.8.10.1 kubevirt-virt-operator-debuginfo-0.49.0-150300.8.10.1 kubevirt-virtctl-0.49.0-150300.8.10.1 kubevirt-virtctl-debuginfo-0.49.0-150300.8.10.1 obs-service-kubevirt_containers_meta-0.49.0-150300.8.10.1 References: https://www.suse.com/security/cve/CVE-2021-43565.html

4 months

openSUSE-SU-2022:0047-1: important: Security update for opera

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0047-1 Rating: important References: Cross-References: CVE-2021-37980 CVE-2021-37997 CVE-2021-37998 CVE-2021-37999 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003 CVE-2021-38004 CVE-2021-38005 CVE-2021-38006 CVE-2021-38007 CVE-2021-38008 CVE-2021-38009 CVE-2021-38010 CVE-2021-38011 CVE-2021-38012 CVE-2021-38013 CVE-2021-38014 CVE-2021-38015 CVE-2021-38016 CVE-2021-38017 CVE-2021-38019 CVE-2021-38020 CVE-2021-38021 CVE-2021-38022 CVE-2021-4052 CVE-2021-4053 CVE-2021-4054 CVE-2021-4055 CVE-2021-4056 CVE-2021-4057 CVE-2021-4058 CVE-2021-4059 CVE-2021-4061 CVE-2021-4062 CVE-2021-4063 CVE-2021-4064 CVE-2021-4065 CVE-2021-4066 CVE-2021-4067 CVE-2021-4068 CVE-2021-4078 CVE-2021-4079 CVE-2021-4098 CVE-2021-4099 CVE-2021-4100 CVE-2021-4101 CVE-2021-4102 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120 CVE-2022-0289 CVE-2022-0290 CVE-2022-0291 CVE-2022-0292 CVE-2022-0293 CVE-2022-0294 CVE-2022-0295 CVE-2022-0296 CVE-2022-0297 CVE-2022-0298 CVE-2022-0300 CVE-2022-0301 CVE-2022-0302 CVE-2022-0304 CVE-2022-0305 CVE-2022-0306 CVE-2022-0307 CVE-2022-0308 CVE-2022-0309 CVE-2022-0310 CVE-2022-0311 CVSS scores: CVE-2021-37980 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-37997 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-37998 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-37999 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-38001 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38002 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-38003 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38004 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-38005 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38006 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38007 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38008 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38009 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-38010 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-38011 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38012 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38013 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-38014 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38015 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38016 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38017 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38019 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-38020 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-38021 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-38022 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-4052 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4053 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4054 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-4055 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4056 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4057 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4058 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4059 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-4061 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4062 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4063 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4064 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4065 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4066 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4067 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4068 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-4078 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4079 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4098 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N CVE-2021-4099 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4100 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4101 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4102 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0096 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0097 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2022-0098 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0099 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0100 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0101 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0102 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0103 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0104 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0105 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0106 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0107 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0108 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-0109 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-0110 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2022-0111 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-0289 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0290 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2022-0293 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0295 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0296 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0297 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0298 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0300 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0302 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0304 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0307 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0308 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3:NonFree ______________________________________________________________________________ An update that fixes 93 vulnerabilities is now available. Description: This update for opera fixes the following issues: Update to 83.0.4254.27 - CHR-8737 Update chromium on desktop-stable-97-4254 to 97.0.4692.99 - DNA-96336 [Mac] Translate new network installer slogan - DNA-96678 Add battery level monitoring capability to powerSavePrivate - DNA-96939 Crash at opera::ExternalVideoService::MarkAsManuallyClosed() - DNA-97276 Enable #static-tab-audio-indicator on all streams - The update to chromium 97.0.4692.99 fixes following issues: CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE-2022-0292, CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296, CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301, CVE-2022-0302, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306, CVE-2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310, CVE-2022-0311 Update to 83.0.4254.19 - DNA-96079 Turn on #automatic-video-popout on developer - DNA-97070 Opera 83 translations - DNA-97119 [LastCard] Stop showing used burner cards - DNA-97131 Enable automatic-video-popout on all streams from O84 on - DNA-97257 Crash at views::ImageButton::SetMinimumImageSize(gfx::Size const&) - DNA-97259 Promote O83 to stable - Complete Opera 83.0 changelog at: https://blogs.opera.com/desktop/changelog-for-83/ - Update to 83.0.4254.16 - DNA-96968 Fix alignment of the 'Advanced' button in Settings - Update to 83.0.4254.14 - CHR-8701 Update chromium on desktop-stable-97-4254 to 97.0.4692.45 - CHR-8713 Update chromium on desktop-stable-97-4254 to 97.0.4692.56 - CHR-8723 Update chromium on desktop-stable-97-4254 to 97.0.4692.71 - DNA-96780 Crash at ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*) - DNA-96822 Tab close resize behavior change - DNA-96861 Create Loomi Options menu - DNA-96904 Support Win11 snap layout popup - DNA-96951 Tab close animation broken - DNA-96991 Tab X button doesn��t work correctly - DNA-97027 Incorrect tab size after tab close - The update to chromium 97.0.4692.71 fixes following issues: CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099, CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103, CVE-2022-0104, CVE-2022-0105, CVE-2022-0105, CVE-2022-0106, CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110, CVE-2022-0111, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113, CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117, CVE-2022-0118, CVE-2022-0120 - Update to version 82.0.4227.58 - DNA-96780 Crash at ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*) - DNA-96890 Settings default browser not working for current user on Windows 7 - Update to version 82.0.4227.43 - CHR-8705 Update chromium on desktop-stable-96-4227 to 96.0.4664.110 - DNA-93284 Unstable obj/opera/desktop/common/installer_rc_generated/installer.res - DNA-95908 Interstitial/internal pages shown as NOT SECURE after visiting http site - DNA-96404 Opera doesn��t show on main screen when second screen is abruptly disconnected - The update to chromium 96.0.4664.110 fixes following issues: CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101, CVE-2021-4102 - Update to version 82.0.4227.33 - CHR-8689 Update chromium on desktop-stable-96-4227 to 96.0.4664.93 - DNA-96559 Tooltip popup looks bad in dark theme - DNA-96570 [Player] Tidal logging in via PLAY doesn��t work - DNA-96594 Unnecessary extra space in fullscreen mode on M1 Pro MacBooks - DNA-96649 Update Meme button - DNA-96676 Add Icon in the Sidebar Setup - DNA-96677 Add default URL - The update to chromium 96.0.4664.93 fixes following issues: CVE-2021-4052, CVE-2021-4053, CVE-2021-4079, CVE-2021-4054, CVE-2021-4078, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057, CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062, CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066, CVE-2021-4067, CVE-2021-4068 - Update to version 82.0.4227.23 - DNA-95632 With new au-logic UUID is set with delay and may be not set for pb-builds (when closing fast) - DNA-96349 Laggy tooltip animation - DNA-96483 [Snap][Linux] Video not working / wrong ffmpeg snap version for Opera 82 - DNA-96493 Create 'small' enticement in credit card autofill - DNA-96533 Opera 82 translations - DNA-96535 Make the URL configurable - DNA-96553 Add switch to whitelist test pages - DNA-96557 Links not opened from panel - DNA-96558 AdBlock bloks some trackers inside the panel - DNA-96568 [Player] Tidal in sidebar Player opens wrong site when logging in - DNA-96659 Siteprefs not applied after network service crash - DNA-96593 Promote O82 to stable - Complete Opera 82.0 changelog at: https://blogs.opera.com/desktop/changelog-for-82/ - Update to version 82.0.4227.13 - CHR-8668 Update chromium on desktop-stable-96-4227 to 96.0.4664.45 - DNA-76987 [Mac] Update desktop EULA with geolocation split - DNA-93388 Problem with symlinks on windows when creating file list - DNA-95734 Discarded Recently Closed items get revived after restart - DNA-96134 "Your profile has been updated" does not disappear - DNA-96190 Opera freezes when trying to drag expanded bookmark folder with nested subfolders - DNA-96223 Easy Files not working in Full Screen - DNA-96274 Checkout autofill shouldn't show used burner card - DNA-96275 Change the notification message for pausing multi-use cards - DNA-96295 "Video pop out" setting doesn't sync - DNA-96316 Highlight text wrong colour on dark mode - DNA-96326 Wrong translation Private Mode > Turkish - DNA-96351 macOS window controls are missing in full screen - DNA-96440 Update video URL - DNA-96448 add option to pin extension via rich hints - DNA-96453 Register user-chosen option on client-side, read on hint side - DNA-96454 Choosing an option from the settings menu should close the popup - DNA-96484 Enable AB test for a new autoupdater logic (for 50%) - DNA-96500 Add "don't show me again" prefs to allowed whitelist - DNA-96538 Inline audiocomplete for www.mediaexpert.pl incorrectly suggested - The update to chromium 96.0.4664.45 fixes following issues: CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008, CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012, CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016, CVE-2021-38017, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021, CVE-2021-38022 - Update to version 81.0.4196.54 - CHR-8644 Update chromium on desktop-stable-95-4196 to 95.0.4638.69 - DNA-95773 ExtensionWebRequestApiTest crashes on mac - DNA-96062 Opera 81 translations - DNA-96134 ��Your profile has been updated�� does not disappear - DNA-96274 Checkout autofill shouldn��t show used burner card - DNA-96275 Change the notification message for pausing multi-use cards - DNA-96440 Update video URL - The update to chromium 95.0.4638.69 fixes following issues: CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-37980, CVE-2021-38001, CVE-2021-38002, CVE-2021-38003, CVE-2021-38004 - Update to version 81.0.4196.37 - DNA-96008 Crash at content::WebContentsImpl::OpenURL(content::OpenURLParams const&) - DNA-96032 Closing the videoconference pop-up force leaving the meeting - DNA-96092 Crash at void opera::ModalDialogViews::OnWidgetClosing(opera::ModalDialog::Result) - DNA-96142 [Yat] Emoji icon cut off in URL for Yat Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3:NonFree: zypper in -t patch openSUSE-2022-47=1 Package List: - openSUSE Leap 15.3:NonFree (x86_64): opera-83.0.4254.27-lp153.2.33.1 References: https://www.suse.com/security/cve/CVE-2021-37980.html https://www.suse.com/security/cve/CVE-2021-37997.html https://www.suse.com/security/cve/CVE-2021-37998.html https://www.suse.com/security/cve/CVE-2021-37999.html https://www.suse.com/security/cve/CVE-2021-38001.html https://www.suse.com/security/cve/CVE-2021-38002.html https://www.suse.com/security/cve/CVE-2021-38003.html https://www.suse.com/security/cve/CVE-2021-38004.html https://www.suse.com/security/cve/CVE-2021-38005.html https://www.suse.com/security/cve/CVE-2021-38006.html https://www.suse.com/security/cve/CVE-2021-38007.html https://www.suse.com/security/cve/CVE-2021-38008.html https://www.suse.com/security/cve/CVE-2021-38009.html https://www.suse.com/security/cve/CVE-2021-38010.html https://www.suse.com/security/cve/CVE-2021-38011.html https://www.suse.com/security/cve/CVE-2021-38012.html https://www.suse.com/security/cve/CVE-2021-38013.html https://www.suse.com/security/cve/CVE-2021-38014.html https://www.suse.com/security/cve/CVE-2021-38015.html https://www.suse.com/security/cve/CVE-2021-38016.html https://www.suse.com/security/cve/CVE-2021-38017.html https://www.suse.com/security/cve/CVE-2021-38019.html https://www.suse.com/security/cve/CVE-2021-38020.html https://www.suse.com/security/cve/CVE-2021-38021.html https://www.suse.com/security/cve/CVE-2021-38022.html https://www.suse.com/security/cve/CVE-2021-4052.html https://www.suse.com/security/cve/CVE-2021-4053.html https://www.suse.com/security/cve/CVE-2021-4054.html https://www.suse.com/security/cve/CVE-2021-4055.html https://www.suse.com/security/cve/CVE-2021-4056.html https://www.suse.com/security/cve/CVE-2021-4057.html https://www.suse.com/security/cve/CVE-2021-4058.html https://www.suse.com/security/cve/CVE-2021-4059.html https://www.suse.com/security/cve/CVE-2021-4061.html https://www.suse.com/security/cve/CVE-2021-4062.html https://www.suse.com/security/cve/CVE-2021-4063.html https://www.suse.com/security/cve/CVE-2021-4064.html https://www.suse.com/security/cve/CVE-2021-4065.html https://www.suse.com/security/cve/CVE-2021-4066.html https://www.suse.com/security/cve/CVE-2021-4067.html https://www.suse.com/security/cve/CVE-2021-4068.html https://www.suse.com/security/cve/CVE-2021-4078.html https://www.suse.com/security/cve/CVE-2021-4079.html https://www.suse.com/security/cve/CVE-2021-4098.html https://www.suse.com/security/cve/CVE-2021-4099.html https://www.suse.com/security/cve/CVE-2021-4100.html https://www.suse.com/security/cve/CVE-2021-4101.html https://www.suse.com/security/cve/CVE-2021-4102.html https://www.suse.com/security/cve/CVE-2022-0096.html https://www.suse.com/security/cve/CVE-2022-0097.html https://www.suse.com/security/cve/CVE-2022-0098.html https://www.suse.com/security/cve/CVE-2022-0099.html https://www.suse.com/security/cve/CVE-2022-0100.html https://www.suse.com/security/cve/CVE-2022-0101.html https://www.suse.com/security/cve/CVE-2022-0102.html https://www.suse.com/security/cve/CVE-2022-0103.html https://www.suse.com/security/cve/CVE-2022-0104.html https://www.suse.com/security/cve/CVE-2022-0105.html https://www.suse.com/security/cve/CVE-2022-0106.html https://www.suse.com/security/cve/CVE-2022-0107.html https://www.suse.com/security/cve/CVE-2022-0108.html https://www.suse.com/security/cve/CVE-2022-0109.html https://www.suse.com/security/cve/CVE-2022-0110.html https://www.suse.com/security/cve/CVE-2022-0111.html https://www.suse.com/security/cve/CVE-2022-0112.html https://www.suse.com/security/cve/CVE-2022-0113.html https://www.suse.com/security/cve/CVE-2022-0114.html https://www.suse.com/security/cve/CVE-2022-0115.html https://www.suse.com/security/cve/CVE-2022-0116.html https://www.suse.com/security/cve/CVE-2022-0117.html https://www.suse.com/security/cve/CVE-2022-0118.html https://www.suse.com/security/cve/CVE-2022-0120.html https://www.suse.com/security/cve/CVE-2022-0289.html https://www.suse.com/security/cve/CVE-2022-0290.html https://www.suse.com/security/cve/CVE-2022-0291.html https://www.suse.com/security/cve/CVE-2022-0292.html https://www.suse.com/security/cve/CVE-2022-0293.html https://www.suse.com/security/cve/CVE-2022-0294.html https://www.suse.com/security/cve/CVE-2022-0295.html https://www.suse.com/security/cve/CVE-2022-0296.html https://www.suse.com/security/cve/CVE-2022-0297.html https://www.suse.com/security/cve/CVE-2022-0298.html https://www.suse.com/security/cve/CVE-2022-0300.html https://www.suse.com/security/cve/CVE-2022-0301.html https://www.suse.com/security/cve/CVE-2022-0302.html https://www.suse.com/security/cve/CVE-2022-0304.html https://www.suse.com/security/cve/CVE-2022-0305.html https://www.suse.com/security/cve/CVE-2022-0306.html https://www.suse.com/security/cve/CVE-2022-0307.html https://www.suse.com/security/cve/CVE-2022-0308.html https://www.suse.com/security/cve/CVE-2022-0309.html https://www.suse.com/security/cve/CVE-2022-0310.html https://www.suse.com/security/cve/CVE-2022-0311.html

4 months

openSUSE-SU-2022:0045-1: moderate: Security update for jaw

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for jaw ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0045-1 Rating: moderate References: #1194358 Cross-References: CVE-2022-21653 CVSS scores: CVE-2022-21653 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: jawn was updated to fix: * CVE-2022-21653: DoS caused by a hash collision in SimpleFacade and MutableFacade (bsc#1194358) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2022-45=1 Package List: - openSUSE Backports SLE-15-SP2 (noarch): jawn-ast-0.14.1-bp152.2.3.1 jawn-json4s-0.14.1-bp152.2.3.1 jawn-parser-0.14.1-bp152.2.3.1 jawn-util-0.14.1-bp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-21653.html https://bugzilla.suse.com/1194358

4 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

openSUSE Security Announce February 2022