February 2022 - openSUSE Security Announce

openSUSE-SU-2022:0366-1: critical: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 10 Feb '22

10 Feb '22

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0366-1 Rating: critical References: #1071995 #1124431 #1167162 #1169514 #1172073 #1179599 #1184804 #1185377 #1186207 #1186222 #1187167 #1189305 #1189841 #1190358 #1190428 #1191229 #1191241 #1191384 #1191731 #1192032 #1192267 #1192740 #1192845 #1192847 #1192877 #1192946 #1193306 #1193440 #1193442 #1193575 #1193669 #1193727 #1193731 #1193767 #1193861 #1193864 #1193867 #1193927 #1194001 #1194048 #1194087 #1194227 #1194302 #1194516 #1194529 #1194880 #1194888 #1194985 #1195166 #1195254 Cross-References: CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-3564 CVE-2021-39648 CVE-2021-39657 CVE-2021-4002 CVE-2021-4083 CVE-2021-4135 CVE-2021-4149 CVE-2021-4197 CVE-2021-4202 CVE-2021-43975 CVE-2021-43976 CVE-2021-44733 CVE-2021-45095 CVE-2021-45486 CVE-2022-0322 CVE-2022-0330 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28711 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28714 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28714 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3564 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39648 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39657 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-4202 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-44733 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVE-2021-45095 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45095 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-0322 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 27 vulnerabilities and has 23 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254). - CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880). - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087). - CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867). - CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767). - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-4202: Fixed NFC race condition by adding NCI_UNREG flag (bsc#1194529). - CVE-2021-4197: Use cgroup open-time credentials for process migraton perm checks (bsc#1194302). - CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227). - CVE-2021-4149: Fixed btrfs unlock newly allocated extent buffer after error (bsc#1194001). - CVE-2021-4135: Fixed zero-initialize memory inside netdevsim for new map's value in function nsim_bpf_map_alloc (bsc#1193927). - CVE-2021-4083: Fixed a read-after-free memory flaw inside the garbage collection for Unix domain socket file handlers when users call close() and fget() simultaneouslyand can potentially trigger a race condition (bnc#1193727). - CVE-2021-4002: Fixed incorrect TLBs flush in hugetlbfs after huge_pmd_unshare (bsc#1192946). - CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864). - CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861). - CVE-2021-3564: Fixed double-free memory corruption in the Linux kernel HCI device initialization subsystem that could have been used by attaching malicious HCI TTY Bluetooth devices. A local user could use this flaw to crash the system (bnc#1186207). - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-28715: Fixed issue with xen/netback to do not queue unlimited number of packages (XSA-392) (bsc#1193442). - CVE-2021-28714: Fixed issue with xen/netback to handle rx queue stall detection (XSA-392) (bsc#1193442). - CVE-2021-28713: Fixed issue with xen/console to harden hvc_xen against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28712: Fixed issue with xen/netfront to harden netfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-28711: Fixed issue with xen/blkfront to harden blkfront against event channel storms (XSA-391) (bsc#1193440). - CVE-2021-0935: Fixed possible out of bounds write in ip6_xmit of ip6_output.c due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192032). - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc (bsc#1193731). - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device (bsc#1179599). - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka "Kr00k". (bsc#1167162) - CVE-2018-25020: Fixed an overflow in the BPF subsystem due to a mishandling of a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions. This affects kernel/bpf/core.c and net/core/filter.c (bnc#1193575). The following non-security bugs were fixed: - Bluetooth: fix the erroneous flush_work() order (git-fixes). - Build: Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241 bsc#1195166). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - elfcore: fix building with clang (bsc#1169514). - hv_netvsc: Set needed_headroom according to VF (bsc#1193506). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241 bsc#1195166). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). - kernel-binary.spec.in: add zstd to BuildRequires if used - kernel-binary.spec.in: make sure zstd is supported by kmod if used - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). The semantic changed in an incompatible way so invoking the macro now causes a build failure. - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - livepatch: Avoid CPU hogging with cond_resched (bsc#1071995). - memstick: rtsx_usb_ms: fix UAF (bsc#1194516). - moxart: fix potential use-after-free on remove path (bsc#1194516). - net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506). - net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506). - net: Using proper atomic helper (bsc#1186222). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: mana: Add RX fencing (bsc#1193506). - net: mana: Add XDP support (bsc#1193506). - net: mana: Allow setting the number of queues while the NIC is down (bsc#1193506). - net: mana: Fix spelling mistake "calledd" -> "called" (bsc#1193506). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (bsc#1193506). - net: mana: Improve the HWC error handling (bsc#1193506). - net: mana: Support hibernation and kexec (bsc#1193506). - net: mana: Use kcalloc() instead of kzalloc() (bsc#1193506). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - post.sh: detect /usr mountpoint too - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306). - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305). - rpm/kernel-source.rpmlintrc: ignore new include/config files. - rpm/kernel-source.spec.in: do some more for vanilla_only. - rpm: Abolish image suffix (bsc#1189841). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. - rpm: Define $certs as rpm macro (bsc#1189841). - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - tty: hvc: replace BUG_ON() with negative return value. - vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xfrm: fix MTU regression (bsc#1185377, bsc#1194048). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-366=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-366=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-197.105.1 kernel-vanilla-4.12.14-197.105.1 kernel-vanilla-base-4.12.14-197.105.1 kernel-vanilla-base-debuginfo-4.12.14-197.105.1 kernel-vanilla-debuginfo-4.12.14-197.105.1 kernel-vanilla-debugsource-4.12.14-197.105.1 kernel-vanilla-devel-4.12.14-197.105.1 kernel-vanilla-devel-debuginfo-4.12.14-197.105.1 kernel-vanilla-livepatch-devel-4.12.14-197.105.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-197.105.1 kernel-debug-base-debuginfo-4.12.14-197.105.1 - openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-197.105.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.105.1 - openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-197.105.1 kernel-zfcpdump-man-4.12.14-197.105.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-197.105.1 kernel-vanilla-4.12.14-197.105.1 kernel-vanilla-base-4.12.14-197.105.1 kernel-vanilla-base-debuginfo-4.12.14-197.105.1 kernel-vanilla-debuginfo-4.12.14-197.105.1 kernel-vanilla-debugsource-4.12.14-197.105.1 kernel-vanilla-devel-4.12.14-197.105.1 kernel-vanilla-devel-debuginfo-4.12.14-197.105.1 kernel-vanilla-livepatch-devel-4.12.14-197.105.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-base-4.12.14-197.105.1 kernel-debug-base-debuginfo-4.12.14-197.105.1 - openSUSE Leap 15.3 (x86_64): kernel-kvmsmall-base-4.12.14-197.105.1 kernel-kvmsmall-base-debuginfo-4.12.14-197.105.1 - openSUSE Leap 15.3 (s390x): kernel-default-man-4.12.14-197.105.1 kernel-zfcpdump-man-4.12.14-197.105.1 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-15126.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-0935.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28714.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-33098.html https://www.suse.com/security/cve/CVE-2021-3564.html https://www.suse.com/security/cve/CVE-2021-39648.html https://www.suse.com/security/cve/CVE-2021-39657.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4135.html https://www.suse.com/security/cve/CVE-2021-4149.html https://www.suse.com/security/cve/CVE-2021-4197.html https://www.suse.com/security/cve/CVE-2021-4202.html https://www.suse.com/security/cve/CVE-2021-43975.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-44733.html https://www.suse.com/security/cve/CVE-2021-45095.html https://www.suse.com/security/cve/CVE-2021-45486.html https://www.suse.com/security/cve/CVE-2022-0322.html https://www.suse.com/security/cve/CVE-2022-0330.html https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1124431 https://bugzilla.suse.com/1167162 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185377 https://bugzilla.suse.com/1186207 https://bugzilla.suse.com/1186222 https://bugzilla.suse.com/1187167 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1190358 https://bugzilla.suse.com/1190428 https://bugzilla.suse.com/1191229 https://bugzilla.suse.com/1191241 https://bugzilla.suse.com/1191384 https://bugzilla.suse.com/1191731 https://bugzilla.suse.com/1192032 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192740 https://bugzilla.suse.com/1192845 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192877 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1193306 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193575 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1193767 https://bugzilla.suse.com/1193861 https://bugzilla.suse.com/1193864 https://bugzilla.suse.com/1193867 https://bugzilla.suse.com/1193927 https://bugzilla.suse.com/1194001 https://bugzilla.suse.com/1194048 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194227 https://bugzilla.suse.com/1194302 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194529 https://bugzilla.suse.com/1194880 https://bugzilla.suse.com/1194888 https://bugzilla.suse.com/1194985 https://bugzilla.suse.com/1195166 https://bugzilla.suse.com/1195254

1 0

openSUSE-SU-2022:0030-1: important: Security update for chromium
by opensuse-security＠opensuse.org 07 Feb '22

07 Feb '22

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0030-1 Rating: important References: #1195420 Cross-References: CVE-2022-0452 CVE-2022-0453 CVE-2022-0454 CVE-2022-0455 CVE-2022-0456 CVE-2022-0457 CVE-2022-0459 CVE-2022-0460 CVE-2022-0461 CVE-2022-0462 CVE-2022-0463 CVE-2022-0464 CVE-2022-0465 CVE-2022-0466 CVE-2022-0467 CVE-2022-0468 CVE-2022-0469 CVE-2022-0470 Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 98.0.4758.80 (boo#1195420) * CVE-2022-0452: Use after free in Safe Browsing * CVE-2022-0453: Use after free in Reader Mode * CVE-2022-0454: Heap buffer overflow in ANGLE * CVE-2022-0455: Inappropriate implementation in Full Screen Mode * CVE-2022-0456: Use after free in Web Search * CVE-2022-0457: Type Confusion in V8 * CVE-2022-0459: Use after free in Screen Capture * CVE-2022-0460: Use after free in Window Dialog * CVE-2022-0461: Policy bypass in COOP * CVE-2022-0462: Inappropriate implementation in Scroll * CVE-2022-0463: Use after free in Accessibility * CVE-2022-0464: Use after free in Accessibility * CVE-2022-0465: Use after free in Extensions * CVE-2022-0466: Inappropriate implementation in Extensions Platform * CVE-2022-0467: Inappropriate implementation in Pointer Lock * CVE-2022-0468: Use after free in Payments * CVE-2022-0469: Use after free in Cast * CVE-2022-0470: Out of bounds memory access in V8 * Various fixes from internal audits, fuzzing and other initiatives Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-30=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): chromedriver-98.0.4758.80-bp153.2.60.1 chromium-98.0.4758.80-bp153.2.60.1 References: https://www.suse.com/security/cve/CVE-2022-0452.html https://www.suse.com/security/cve/CVE-2022-0453.html https://www.suse.com/security/cve/CVE-2022-0454.html https://www.suse.com/security/cve/CVE-2022-0455.html https://www.suse.com/security/cve/CVE-2022-0456.html https://www.suse.com/security/cve/CVE-2022-0457.html https://www.suse.com/security/cve/CVE-2022-0459.html https://www.suse.com/security/cve/CVE-2022-0460.html https://www.suse.com/security/cve/CVE-2022-0461.html https://www.suse.com/security/cve/CVE-2022-0462.html https://www.suse.com/security/cve/CVE-2022-0463.html https://www.suse.com/security/cve/CVE-2022-0464.html https://www.suse.com/security/cve/CVE-2022-0465.html https://www.suse.com/security/cve/CVE-2022-0466.html https://www.suse.com/security/cve/CVE-2022-0467.html https://www.suse.com/security/cve/CVE-2022-0468.html https://www.suse.com/security/cve/CVE-2022-0469.html https://www.suse.com/security/cve/CVE-2022-0470.html https://bugzilla.suse.com/1195420

1 0

openSUSE-SU-2022:0330-1: important: Security update for glibc
by opensuse-security＠opensuse.org 04 Feb '22

04 Feb '22

openSUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0330-1 Rating: important References: #1194640 #1194768 #1194770 #1194785 SLE-18195 Cross-References: CVE-2021-3999 CVE-2022-23218 CVE-2022-23219 CVSS scores: CVE-2021-3999 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23218 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2022-23219 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.4 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves three vulnerabilities, contains one feature and has one errata is now available. Description: This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for "unix" (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-330=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-330=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.9.12.1 glibc-debuginfo-2.31-150300.9.12.1 glibc-debugsource-2.31-150300.9.12.1 glibc-devel-2.31-150300.9.12.1 glibc-devel-debuginfo-2.31-150300.9.12.1 glibc-devel-static-2.31-150300.9.12.1 glibc-extra-2.31-150300.9.12.1 glibc-extra-debuginfo-2.31-150300.9.12.1 glibc-locale-2.31-150300.9.12.1 glibc-locale-base-2.31-150300.9.12.1 glibc-locale-base-debuginfo-2.31-150300.9.12.1 glibc-profile-2.31-150300.9.12.1 glibc-utils-2.31-150300.9.12.1 glibc-utils-debuginfo-2.31-150300.9.12.1 glibc-utils-src-debugsource-2.31-150300.9.12.1 nscd-2.31-150300.9.12.1 nscd-debuginfo-2.31-150300.9.12.1 - openSUSE Leap 15.4 (noarch): glibc-html-2.31-150300.9.12.1 glibc-i18ndata-2.31-150300.9.12.1 glibc-info-2.31-150300.9.12.1 glibc-lang-2.31-150300.9.12.1 - openSUSE Leap 15.4 (x86_64): glibc-32bit-2.31-150300.9.12.1 glibc-32bit-debuginfo-2.31-150300.9.12.1 glibc-devel-32bit-2.31-150300.9.12.1 glibc-devel-32bit-debuginfo-2.31-150300.9.12.1 glibc-devel-static-32bit-2.31-150300.9.12.1 glibc-locale-base-32bit-2.31-150300.9.12.1 glibc-locale-base-32bit-debuginfo-2.31-150300.9.12.1 glibc-profile-32bit-2.31-150300.9.12.1 glibc-utils-32bit-2.31-150300.9.12.1 glibc-utils-32bit-debuginfo-2.31-150300.9.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): glibc-2.31-150300.9.12.1 glibc-debuginfo-2.31-150300.9.12.1 glibc-debugsource-2.31-150300.9.12.1 glibc-devel-2.31-150300.9.12.1 glibc-devel-debuginfo-2.31-150300.9.12.1 glibc-devel-static-2.31-150300.9.12.1 glibc-extra-2.31-150300.9.12.1 glibc-extra-debuginfo-2.31-150300.9.12.1 glibc-locale-2.31-150300.9.12.1 glibc-locale-base-2.31-150300.9.12.1 glibc-locale-base-debuginfo-2.31-150300.9.12.1 glibc-profile-2.31-150300.9.12.1 glibc-utils-2.31-150300.9.12.1 glibc-utils-debuginfo-2.31-150300.9.12.1 glibc-utils-src-debugsource-2.31-150300.9.12.1 nscd-2.31-150300.9.12.1 nscd-debuginfo-2.31-150300.9.12.1 - openSUSE Leap 15.3 (noarch): glibc-html-2.31-150300.9.12.1 glibc-i18ndata-2.31-150300.9.12.1 glibc-info-2.31-150300.9.12.1 glibc-lang-2.31-150300.9.12.1 - openSUSE Leap 15.3 (x86_64): glibc-32bit-2.31-150300.9.12.1 glibc-32bit-debuginfo-2.31-150300.9.12.1 glibc-devel-32bit-2.31-150300.9.12.1 glibc-devel-32bit-debuginfo-2.31-150300.9.12.1 glibc-devel-static-32bit-2.31-150300.9.12.1 glibc-locale-base-32bit-2.31-150300.9.12.1 glibc-locale-base-32bit-debuginfo-2.31-150300.9.12.1 glibc-profile-32bit-2.31-150300.9.12.1 glibc-utils-32bit-2.31-150300.9.12.1 glibc-utils-32bit-debuginfo-2.31-150300.9.12.1 References: https://www.suse.com/security/cve/CVE-2021-3999.html https://www.suse.com/security/cve/CVE-2022-23218.html https://www.suse.com/security/cve/CVE-2022-23219.html https://bugzilla.suse.com/1194640 https://bugzilla.suse.com/1194768 https://bugzilla.suse.com/1194770 https://bugzilla.suse.com/1194785

1 0

openSUSE-SU-2022:0333-1: important: Security update for xen
by opensuse-security＠opensuse.org 04 Feb '22

04 Feb '22

openSUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0333-1 Rating: important References: #1194576 #1194581 #1194588 Cross-References: CVE-2022-23033 CVE-2022-23034 CVE-2022-23035 CVSS scores: CVE-2022-23034 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23035 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576) - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581) - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-333=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): xen-4.14.3_06-150300.3.18.2 xen-debugsource-4.14.3_06-150300.3.18.2 xen-devel-4.14.3_06-150300.3.18.2 xen-doc-html-4.14.3_06-150300.3.18.2 xen-libs-4.14.3_06-150300.3.18.2 xen-libs-debuginfo-4.14.3_06-150300.3.18.2 xen-tools-4.14.3_06-150300.3.18.2 xen-tools-debuginfo-4.14.3_06-150300.3.18.2 xen-tools-domU-4.14.3_06-150300.3.18.2 xen-tools-domU-debuginfo-4.14.3_06-150300.3.18.2 - openSUSE Leap 15.3 (noarch): xen-tools-xendomains-wait-disk-4.14.3_06-150300.3.18.2 - openSUSE Leap 15.3 (x86_64): xen-libs-32bit-4.14.3_06-150300.3.18.2 xen-libs-32bit-debuginfo-4.14.3_06-150300.3.18.2 References: https://www.suse.com/security/cve/CVE-2022-23033.html https://www.suse.com/security/cve/CVE-2022-23034.html https://www.suse.com/security/cve/CVE-2022-23035.html https://bugzilla.suse.com/1194576 https://bugzilla.suse.com/1194581 https://bugzilla.suse.com/1194588

1 0

openSUSE-SU-2022:0334-1: moderate: Security update for containerd, docker
by opensuse-security＠opensuse.org 04 Feb '22

04 Feb '22

openSUSE Security Update: Security update for containerd, docker ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0334-1 Rating: moderate References: #1191015 #1191121 #1191334 #1191434 #1193273 Cross-References: CVE-2021-41089 CVE-2021-41091 CVE-2021-41092 CVE-2021-41103 CVE-2021-41190 CVSS scores: CVE-2021-41089 (NVD) : 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2021-41089 (SUSE): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-41091 (NVD) : 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2021-41091 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVE-2021-41092 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-41092 (SUSE): 5.4 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N CVE-2021-41103 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-41103 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-41190 (NVD) : 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N CVE-2021-41190 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for containerd, docker fixes the following issues: - CVE-2021-41089: Fixed "cp" can chmod host files (bsc#1191015). - CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434). - CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334). - CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121). - CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-334=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): containerd-1.4.12-60.1 containerd-ctr-1.4.12-60.1 docker-20.10.12_ce-159.1 docker-debuginfo-20.10.12_ce-159.1 docker-kubic-20.10.12_ce-159.1 docker-kubic-debuginfo-20.10.12_ce-159.1 docker-kubic-kubeadm-criconfig-20.10.12_ce-159.1 - openSUSE Leap 15.3 (noarch): docker-bash-completion-20.10.12_ce-159.1 docker-fish-completion-20.10.12_ce-159.1 docker-kubic-bash-completion-20.10.12_ce-159.1 docker-kubic-fish-completion-20.10.12_ce-159.1 docker-kubic-zsh-completion-20.10.12_ce-159.1 docker-zsh-completion-20.10.12_ce-159.1 References: https://www.suse.com/security/cve/CVE-2021-41089.html https://www.suse.com/security/cve/CVE-2021-41091.html https://www.suse.com/security/cve/CVE-2021-41092.html https://www.suse.com/security/cve/CVE-2021-41103.html https://www.suse.com/security/cve/CVE-2021-41190.html https://bugzilla.suse.com/1191015 https://bugzilla.suse.com/1191121 https://bugzilla.suse.com/1191334 https://bugzilla.suse.com/1191434 https://bugzilla.suse.com/1193273

1 0

openSUSE-SU-2022:0024-1: important: Security update for lighttpd
by opensuse-security＠opensuse.org 02 Feb '22

02 Feb '22

openSUSE Security Update: Security update for lighttpd ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0024-1 Rating: important References: #1146452 #1181400 #1194376 Cross-References: CVE-2022-22707 CVSS scores: CVE-2022-22707 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.64: * CVE-2022-22707: off-by-one stack overflow in the mod_extforward plugin (boo#1194376) * graceful restart/shutdown timeout changed from 0 (disabled) to 8 seconds. configure an alternative with: server.feature-flags += (��server.graceful-shutdown-timeout�� => 8) * deprecated modules (previously announced) have been removed: mod_authn_mysql, mod_mysql_vhost, mod_cml, mod_flv_streaming, mod_geoip, mod_trigger_b4_dl update to 1.4.63: * import xxHash v0.8.1 * fix reqpool mem corruption in 1.4.62 includes changes in 1.4.62: * [mod_alias] fix use-after-free bug * many developer visible bug fixes update to 1.4.61: * mod_dirlisting: sort "../" to top * fix HTTP/2 upload > 64k w/ max-request-size * code level and developer visible bug fixes update to 1.4.60: * HTTP/2 smoother and lower memory use (in general) * HTTP/2 tuning to better handle aggressive client initial requests * reduce memory footprint; workaround poor glibc behavior; jemalloc is better * mod_magnet lua performance improvements * mod_dirlisting performance improvements and new caching option * memory constraints for extreme edge cases in mod_dirlisting, mod_ssi, mod_webdav * connect(), write(), read() time limits on backends (separate from client timeouts) * lighttpd restarts if large discontinuity in time occurs (embedded systems) * RFC7233 Range support for all non-streaming responses, not only static files * connect() to backend now has default 8 second timeout (configurable) - Added hardening to systemd service(s) (boo#1181400). update to 1.4.59: * HTTP/2 enabled by default * mod_deflate zstd suppport * new mod_ajp13 Update to 1.4.58: * [mod_wolfssl] use wolfSSL TLS version defines * [mod_wolfssl] compile with earlier wolfSSL vers * [core] prefer IPv6+IPv4 func vs IPv4-specific func * [core] reuse large mem chunks (fix mem usage) (fixes #3033) * [core] add comment for FastCGI mem use in hctx->rb (#3033) * [mod_proxy] fix sending of initial reqbody chunked * [multiple] fdevent_waitpid() wrapper * [core] sys-time.h - localtime_r,gmtime_r macros * [core] http_date.[ch] encapsulate HTTP-date parse * [core] specialized strptime() for HTTP date fmts * [multiple] employ http_date.h, sys-time.h * [core] http_date_timegm() (portable timegm()) * buffer_append_path_len() to join paths * [core] inet_ntop_cache -> sock_addr_cache * [multiple] etag.[ch] -> http_etag.[ch]; better imp * [core] fix crash after specific err in config file * [core] fix bug in FastCGI uploads (#3033) * [core] http_response_match_if_range() * [mod_webdav] typedef off_t loff_t for FreeBSD * [multiple] chunkqueue_write_chunk() * [build] add GNUMAKEFLAGS=--no-print-directory * [core] fix bug in read retry found by coverity * [core] attempt to quiet some coverity warnings * [mod_webdav] compile fix for Mac OSX/11 * [core] handle U+00A0 in config parser * [core] fix lighttpd -1 one-shot with pipes * [core] quiet start/shutdown trace in one-shot mode * [core] allow keep-alives in one-shot mode (#3042) * [mod_webdav] define _ATFILE_SOURCE if AT_FDCWD * [core] setsockopt IPV6_V6ONLY if server.v4mapped * [core] prefer inet_aton() over inet_addr() * [core] add missing mod_wolfssl to ssl compat list * [mod_openssl] remove ancient preprocessor logic * [core] SHA512_Init, SHA512_Update, SHA512_Final * [mod_wolfssl] add complex preproc logic for SNI * [core] wrap a macro value with parens * [core] fix handling chunked response from backend (fixes #3044) * [core] always set file.fd = -1 on FILE_CHUNK reset (fixes #3044) * [core] skip some trace if backend Upgrade (#3044) * [TLS] cert-staple.sh POSIX sh compat (fixes #3043) * [core] portability fix if st_mtime not defined * [mod_nss] portability fix * [core] warn if mod_authn_file needed in conf * [core] fix chunked decoding from backend (fixes #3044) * [core] reject excess data after chunked encoding (#3046) * [core] track chunked encoding state from backend (fixes #3046) * [core] li_restricted_strtoint64() * [core] track Content-Length from backend (fixes #3046) * [core] enhance config parsing debugging (#3047) * [core] reorder srv->config_context to match ndx (fixes #3047) * [mod_proxy] proxy.header = ("force-http10" => ...) * [mod_authn_ldap] fix crash (fixes #3048) * [mod_authn_ldap, mod_vhostdb_ldap] default cafile * [core] fix array_copy_array() sorted[] * [multiple] replace fall through comment with attr * [core] fix crash printing trace if backend is down * [core] fix decoding chunked from backend (fixes #3049) * [core] attempt to quiet some coverity warnings * [core] perf: request processing * [core] http_header_str_contains_token() * [mod_flv_streaming] parse query string w/o copying * [mod_evhost] use local array to split values * [core] remove srv->split_vals * [core] add User-Agent to http_header_e enum * [core] store struct server * in struct connection * [core] use func rc to indicate done reading header * [core] replace connection_set_state w/ assignment * [core] do not pass srv to http header parsing func * [core] cold buffer_string_prepare_append_resize() * [core] chunkqueue_compact_mem() * [core] connection_chunkqueue_compact() * [core] pass con around request, not srv and con * [core] reduce use of struct parse_header_state * [core] perf: HTTP header parsing using \n offsets * [core] no need to pass srv to connection_set_state * [core] perf: connection_read_header_more() * [core] perf: connection_read_header_hoff() hot * [core] inline connection_read_header() * [core] pass ptr to http_request_parse() * [core] more 'const' in request.c prototypes * [core] handle common case of alnum or - field-name * [mod_extforward] simplify code: use light_isxdigit * [core] perf: array.c performance enhancements * [core] mark some data_* funcs cold * [core] http_header.c internal inline funcs * [core] remove unused array_reset() * [core] prefer uint32_t to size_t in base.h * [core] uint32_t for struct buffer sizes * [core] remove unused members of struct server * [core] short-circuit path to clear request.headers * [core] array keys are non-empty in key-value list * [core] keep a->data[] sorted; remove a->sorted[] * [core] __attribute_returns_nonnull__ * [core] differentiate array_get_* for ro and rw * [core] (const buffer *) in (struct burl_parts_t) * [core] (const buffer *) for con->server_name * [core] perf: initialize con->conf using memcpy() * [core] run config_setup_connection() fewer times * [core] isolate data_config.c, vector.c * [core] treat con->conditional_is_valid as bitfield * [core] http_header_hkey_get() over const array * [core] inline buffer as part of DATA_UNSET key * [core] inline buffer key for *_patch_connection() * [core] (data_unset *) from array_get_element_klen * [core] inline buffer as part of data_string value * [core] add const to callers of http_header_*_get() * [core] inline array as part of data_array value * [core] const char *op in data_config * [core] buffer string in data_config * [core] streamline config_check_cond() * [core] keep a->data[] sorted (REVERT) * [core] array a->sorted[] as ptrs rather than pos * [core] inline header and env arrays into con * [mod_accesslog] avoid alloc for parsing cookie val * [core] simpler config_check_cond() * [mod_redirect,mod_rewrite] store context_ndx * [core] const char *name in struct plugin * [core] srv->plugin_slots as compact list * [core] rearrange server_config, server members * [core] macros CONST_LEN_STR and CONST_STR_LEN * [core] struct plugin_data_base * [core] improve condition caching perf * [core] config_plugin_values_init() new interface * [mod_access] use config_plugin_values_init() * [core] (const buffer *) from strftime_cache_get() * [core] mv config_setup_connection to connections.c * [core] use (const char *) in config file parsing * [mod_staticfile] use config_plugin_values_init() * [mod_skeleton] use config_plugin_values_init() * [mod_setenv] use config_plugin_values_init() * [mod_alias] use config_plugin_values_init() * [mod_indexfile] use config_plugin_values_init() * [mod_expire] use config_plugin_values_init() * [mod_flv_streaming] use config_plugin_values_init() * [mod_magnet] use config_plugin_values_init() * [mod_usertrack] use config_plugin_values_init() * [mod_userdir] split policy from userdir path build * [mod_userdir] use config_plugin_values_init() * [mod_ssi] use config_plugin_values_init() * [mod_uploadprogress] use config_plugin_values_init() * [mod_status] use config_plugin_values_init() * [mod_cml] use config_plugin_values_init() * [mod_secdownload] use config_plugin_values_init() * [mod_geoip] use config_plugin_values_init() * [mod_evasive] use config_plugin_values_init() * [mod_trigger_b4_dl] use config_plugin_values_init() * [mod_accesslog] use config_plugin_values_init() * [mod_simple_vhost] use config_plugin_values_init() * [mod_evhost] use config_plugin_values_init() * [mod_vhostdb*] use config_plugin_values_init() * [mod_mysql_vhost] use config_plugin_values_init() * [mod_maxminddb] use config_plugin_values_init() * [mod_auth*] use config_plugin_values_init() * [mod_deflate] use config_plugin_values_init() * [mod_compress] use config_plugin_values_init() * [core] add xsendfile* check if xdocroot is NULL * [mod_cgi] use config_plugin_values_init() * [mod_dirlisting] use config_plugin_values_init() * [mod_extforward] use config_plugin_values_init() * [mod_webdav] use config_plugin_values_init() * [core] store addtl data in pcre_keyvalue_buffer * [mod_redirect] use config_plugin_values_init() * [mod_rewrite] use config_plugin_values_init() * [mod_rrdtool] use config_plugin_values_init() * [multiple] gw_backends config_plugin_values_init() * [core] config_get_config_cond_info() * [mod_openssl] use config_plugin_values_init() * [core] use config_plugin_values_init() * [core] collect more config logic into configfile.c * [core] config_plugin_values_init_block() * [core] gw_backend config_plugin_values_init_block * [core] remove old config_insert_values_*() funcs * [multiple] plugin.c handles common FREE_FUNC code * [core] run all trigger and sighup handlers * [mod_wstunnel] change DEBUG_LOG to use log_error() * [core] stat_cache_path_contains_symlink use errh * [core] isolate use of data_config, configfile.h * [core] split cond cache from cond matches * [mod_auth] inline arrays in http_auth_require_t * [core] array_init() arg for initial size * [core] gw_exts_clear_check_local() * [core] gw_backend less pointer chasing * [core] connection_handle_errdoc() separate func * [multiple] prefer (connection *) to (srv *) * [core] create http chunk header on the stack * [multiple] connection hooks no longer get (srv *) * [multiple] plugin_stats array * [core] read up-to fixed size chunk before fionread * [core] default chunk size 8k (was 4k) * [core] pass con around gw_backend instead of srv * [core] log_error_multiline_buffer() * [multiple] reduce direct use of srv->cur_ts * [multiple] extern log_epoch_secs * [multiple] reduce direct use of srv->errh * [multiple] stat_cache singleton * [mod_expire] parse config into structured data * [multiple] generic config array type checking * [multiple] rename r to rc rv rd wr to be different * [core] (minor) config_plugin_keys_t data packing * [core] inline buffer in log_error_st errh * [multiple] store srv->tmp_buf in tb var * [multiple] quiet clang compiler warnings * [core] http_status_set_error_close() * [core] http_request_host_policy w/ http_parseopts * [multiple] con->proto_default_port * [core] store log filename in (log_error_st *) * [core] separate log_error_open* funcs * [core] fdevent uses uint32_t instead of size_t * [mod_webdav] large buffer reuse * [mod_accesslog] flush file log buffer at 8k size * [core] include settings.h where used * [core] static buffers for mtime_cache * [core] convenience macros to check req methods * [core] support multiple error logs * [multiple] omit passing srv to fdevent_handler * [core] remove unused arg to fdevent_fcntl_set_nb* * [core] slightly simpify server_(over)load_check() * [core] isolate fdevent subsystem * [core] isolate stat_cache subsystem * [core] remove include base.h where unused * [core] restart dead piped loggers every 64 sec * [mod_webdav] use copy_file_range() if available * [core] perf: buffer copy and append * [core] copy some srv->srvconf into con->conf * [core] move keep_alive flag into request_st * [core] pass scheme port to http_request_parse() * [core] pass http_parseopts around request.c * [core] rename specific_config to request_config * [core] move request_st,request_config to request.h * [core] pass (request_st *) to request.c funcs * [core] remove unused request_st member 'request' * [core] rename content_length to reqbody_length * [core] t/test_request.c using (request_st *) * [core] (const connection *) in http_header_*_get() * [mod_accesslog] log_access_record() fmt log record * [core] move request start ts into (request_st *) * [core] move addtl request-specific struct members * [core] move addtl request-specific struct members * [core] move plugin_ctx into (request_st *) * [core] move addtl request-specific struct members * [core] move request state into (request_st *) * [core] store (plugin *) in p->data * [core] store subrequest_handler instead of mode * [multiple] copy small struct instead of memcpy() * [multiple] split con, request (very large change) * [core] r->uri.path always set, though might be "" * [core] C99 restrict on some base funcs * [core] dispatch handler in handle_request func * [core] http_request_parse_target() * [mod_magnet] modify r->target with "uri.path-raw" * [core] remove r->uri.path_raw; generate as needed * [core] http_response_comeback() * [core] http_response_config() * [tests] use buffer_eq_slen() for str comparison * [core] http_status_append() short-circuit 200 OK * [core] mark some chunk.c funcs as pure * [core] use uint32_t in http_header.[ch] * [core] perf: tighten some code in some hot paths * [core] parse header label before end of line * [mod_auth] "nonce_secret" option to validate nonce (fixes #2976) * [build] fix build on MacOS X Tiger * [doc] lighttpd.conf: lighttpd choose event-handler * [config] blank server.tag if whitespace-only * [mod_proxy] stream request using HTTP/1.1 chunked (fixes #3006) * [multiple] correct misspellings in comments * [multiple] fix some cc warnings in 32-bit, powerpc * [tests] fix skip count in mod-fastcgi w/o php-cgi * [multiple] ./configure --with-nettle to use Nettle * [core] skip excess close() when FD_CLOEXEC defined * [mod_cgi] remove redundant calls to set FD_CLOEXEC * [core] return EINVAL if stat_cache_get_entry w/o / * [mod_webdav] define PATH_MAX if not defined * [mod_accesslog] process backslash-escapes in fmt * [mod_openssl] disable cert vrfy if ALPN acme-tls/1 * [core] add seed before openssl RAND_pseudo_bytes() * [mod_mbedtls] mbedTLS option for TLS * [core] prefer getxattr() instead of get_attr() * [multiple] use *(unsigned char *) with ctypes * [mod_openssl] do not log ECONNRESET unless debug * [mod_openssl] SSL_R_UNEXPECTED_EOF_WHILE_READING * [mod_gnutls] GnuTLS option for TLS (fixes #109) * [mod_openssl] rotate session ticket encryption key * [mod_openssl] set cert from callback in 1.0.2+ (fixes #2842) * [mod_openssl] set chains from callback in 1.0.2+ (#2842) * [core] RFC-strict parse of Content-Length * [build] point ./configure --help to support forum * [core] stricter parse of numerical digits * [multiple] add summaries to top of some modules * [core] sys-crypto-md.h w/ inline message digest fn * [mod_openssl] enable read-ahead, if set, after SNI * [mod_openssl] issue warning for deprecated options * [mod_openssl] use SSL_OP_NO_RENEGOTIATION if avail * [mod_openssl] use openssl feature define for ALPN * [mod_openssl] update default DH params * [core] SecureZeroMemory() on _WIN32 * [core] safe memset calls memset() through volatile * [doc] update comments in doc/config/modules.conf * [core] more precise check for request stream flags * [mod_openssl] rotate session ticket encryption key * [mod_openssl] ssl.stek-file to specify encrypt key * [mod_mbedtls] ssl.stek-file to specify encrypt key * [mod_gnutls] ssl.stek-file to specify encrypt key * [mod_openssl] disable session cache; prefer ticket * [mod_openssl] compat with LibreSSL * [mod_openssl] compat with WolfSSL * [mod_openssl] set SSL_OP_PRIORITIZE_CHACHA * [mod_openssl] move SSL_CTX curve conf to new func * [mod_openssl] basic SSL_CONF_cmd for alt TLS libs * [mod_openssl] OCSP stapling (fixes #2469) * [TLS] cert-staple.sh - refresh OCSP responses (#2469) * [mod_openssl] compat with BoringSSL * [mod_gnutls] option to override GnuTLS priority * [mod_gnutls] OCSP stapling (#2469) * [mod_extforward] config warning for module order * [mod_webdav] store webdav.opts as bitflags * [mod_webdav] limit webdav_propfind_dir() recursion * [mod_webdav] unsafe-propfind-follow-symlink option * [mod_webdav] webdav.opts "propfind-depth-infinity" * [mod_openssl] detect certs marked OCSP Must-Staple * [mod_gnutls] detect certs marked OCSP Must-Staple * [mod_openssl] default to set MinProtocol TLSv1.2 * [mod_nss] NSS option for TLS (fixes #1218) * [core] fdevent_load_file() shared code * [mod_openssl,mbedtls,gnutls,nss] fdevent_load_file * [core] error if s->socket_perms chmod() fails * [mod_openssl] prefer some WolfSSL native APIs * quiet clang analyzer scan-build warnings * [core] uint32_t is plenty large for path names * [mod_mysql_vhost] deprecated; use mod_vhostdb_mysql * [core] splaytree_djbhash() in splaytree.h (reuse) * [cmake] update deps for src/t/test_* * [cmake] update deps for src/t/test_* * [build] remove tests/mod-userdir.t from builds * [build] fix typo in src/Makefile.am EXTRA_DIST * [core] remove unused mbedtls_enabled flag * [core] store fd in srv->stdin_fd during setup * [multiple] address coverity warnings * [mod_webdav] fix theoretical NULL dereference * [mod_webdav] update rc for PROPFIND allprop * [mod_webdav] build fix: ifdef live_properties * [multiple] address coverity warnings * [meson] fix libmariadb dependency * [meson] add missing libmaxminddb section * [mod_auth,mod_vhostdb] add caching option (fixes #2805) * [mod_authn_ldap,mod_vhostdb_ldap] add timeout opt (#2805) * [mod_auth] accept "nonce-secret" & "nonce_secret" * [mod_openssl] fix build warnings on MacOS X * [core] Nettle assert()s if buffer len > digest sz * [mod_authn_dbi] authn backend employing DBI * [mod_authn_mysql,file] use crypt() to save stack * [mod_vhostdb_dbi] allow strings and ints in config * add ci-build.sh * move ci-build.sh to scripts * [build] build fixes for AIX * [mod_deflate] Brotli support * [build] bzip2 default to not-enabled in build * [mod_deflate] fix typo in config option * [mod_deflate] propagate errs from internal funcs * [mod_deflate] deflate.cache-dir compressed cache * [mod_deflate] mod_deflate subsumes mod_compress * [doc] mod_compress -> mod_deflate * [tests] mod_compress -> mod_deflate * [mod_compress] remove mod_compress * [build] add --with-brotli to CI build * [core] server.feature-flags extensible config * [core] con layer plugin_ctx separate from request * [multiple] con hooks store ctx in con->plugin_ctx * [core] separate funcs to reset (request_st *) * [multiple] rename connection_reset hook to request * [mod_nss] func renames for consistency * [core] detect and reject TLS connect to cleartext * [mod_deflate] quicker check for Content-Encoding * [mod_openssl] read secret data w/ BIO_new_mem_buf * [core] decode Transfer-Encoding: chunked from gw * [mod_fastcgi] decode Transfer-Encoding: chunked * [core] stricter parsing of POST chunked block hdr * [mod_proxy] send HTTP/1.1 requests to backends * [tests] test_base64.c clear buf vs reset * [core] http_header_remove_token() * [mod_webdav] fix inadvertent string truncation * [core] add some missing standard includes * [mod_extforward] attempt to quiet Coverity warning * [mod_authn_dbi,mod_authn_mysql] fix coverity issue * scons: fix check environment * Add avahi service file under doc/avahi/ * [mod_webdav] fix fallback if linkat() fails * [mod_proxy] do not forward Expect: 100-continue * [core] chunkqueue_compact_mem() must upd cq->last * [core] dlsym for FAMNoExists() for compat w/ fam * [core] disperse settings.h to appropriate headers * [core] inline buffer_reset() * [mod_extforward] save proto per connection * [mod_extforward] skip after HANDLER_COMEBACK * [core] server.feature-flags to enable h2 * [core] HTTP_VERSION_2 * [multiple] allow TLS ALPN "h2" if "server.h2proto" * [mod_extforward] preserve changed addr for h2 con * [core] do not send Connection: close if h2 * [core] lowercase response hdr field names for h2 * [core] recognize status: 421 Misdirected Request * [core] parse h2 pseudo-headers * [core] request_headers_process() * [core] connection_state_machine_loop() * [core] reset connection counters per connection * [mod_accesslog,mod_rrdtool] HTTP/2 basic accounting * [core] connection_set_fdevent_interest() * [core] HTTP2-Settings * [core] adjust http_request_headers_process() * [core] http_header_parse_hoff() * [core] move http_request_headers_process() * [core] reqpool.[ch] for (request_st *) * [multiple] modules read reqbody via fn ptr * [multiple] isolate more con code in connections.c * [core] isolate more resp code in response.c * [core] h2.[ch] with stub funcs (incomplete) * [core] alternate between two joblists * [core] connection transition to HTTP/2; incomplete * [core] mark some error paths with attribute cold * [core] discard 100 102 103 responses from backend * [core] skip write throttle for 100 Continue * [core] adjust (disabled) debug code * [core] update comment * [core] link in ls-hpack (EXPERIMENTAL) * [core] HTTP/2 HPACK using LiteSpeed ls-hpack * [core] h2_send_headers() specialized for resp hdrs * [core] http_request_parse_header() specialized * [core] comment possible future ls-hpack optimize * [mod_status] separate funcs to print request table * [mod_status] adjust to print HTTP/2 requests * [core] redirect to dir using relative-path * [core] ignore empty field-name from backends * [mod_auth] fix crash if auth.require misconfigured (fixes #3023) * [core] fix 1-char trunc of default server.tag * [core] request_acquire(), request_release() * [core] keep pool of (request_st *) for HTTP/2 * [mod_status] dedicated funcs for r->state labels * [core] move connections_get_state to connections.c * [core] fix crash on master after graceful restart * [core] defer optimization to read small files * [core] do not require '\0' term for k,v hdr parse * [scripts] cert-staple.sh enhancements * [core] document algorithm used in lighttpd etag * [core] ls-hpack optimizations * [core] fix crash on master if blank line request * [core] use djbhash in gw_backend to choose host * [core] rename md5.[ch] to algo_md5.[ch] * [core] move djbhash(), dekhash() to algo_md.h * [core] rename splaytree.[ch] to algo_splaytree.[ch] * [core] import xxHash v0.8.0 * [build] modify build, includes for xxHash v0.8.0 * [build] remove ls-hpack/deps * [core] xxhash no inline hints; let compiler choose * [mod_dirlisting] fix config parsing crash * [mod_openssl] clarify trace w/ deprecated options * [doc] refresh doc/config/*/* * [core] code size: disable XXH64(), XXH3() * [doc] update README and INSTALL * [core] combine Cookie request headers with ';' * [core] log stream id with debug.log-state-handling * [core] set r->state in h2.c * [mod_ssi] update chunk after shell output redirect * [mod_webdav] preserve bytes_out when chunks merged * [multiple] inline chunkqueue_length() * [core] cold h2_log_response_header*() funcs * [core] update HTTP status codes list from IANA * [mod_wolfssl] standalone module * [core] Content-Length in http_response_send_file() * [core] adjust response header prep for common case * [core] light_isupper(), light_islower() * [core] tst,set,clr macros for r->{rqst,resp}_htags * [core] separate http_header_e from _htags bitmask * [core] http_header_hkey_get_lc() for HTTP/2 * [core] array.[ch] using uint32_t instead of size_t * [core] extend (data_string *) to store header id * [multiple] extend enum http_header_e list * [core] http_header_e <=> lshpack_static_hdr_idx * [core] skip ls-hpack decode work unused by lighttpd * [TLS] error if inherit empty TLS cfg from globals * [core] connection_check_expect_100() * [core] support multiple 1xx responses from backend * [core] reload c after chunkqueue_compact_mem() * [core] relay 1xx from backend over HTTP/2 * [core] relay 1xx from backend over HTTP/1.1 * [core] chunkqueue_{peek,read}_data(), squash * [multiple] TLS modules use chunkqueue_peek_data() * [mod_magnet] magnet.attract-response-start-to * [multiple] code reuse chunkqueue_peek_data() * [core] reuse r->start_hp.tv_sec for r->start_ts * [core] config_plugin_value_tobool() accept "0","1" * [core] graceful and immediate restart option * [mod_ssi] init status var before waitpid() * [core] graceful shutdown timeout option * [core] lighttpd -1 supports pipes (e.g. netcat) * [core] perf adjustments to avoid load miss * [multiple] use sock_addr_get_family in more places * [multiple] inline chunkqueue where always alloc'd * [core] propagate state after writing * [core] server_run_con_queue() * [core] defer handling FDEVENT_HUP and FDEVENT_ERR * [core] handle unexpected EOF reading FILE_CHUNK * [core] short-circuit connection_write_throttle() * [core] walk queue in connection_write_chunkqueue() * [core] connection_joblist global * [core] be more precise checking streaming flags * [core] fdevent_load_file_bytes() * [TLS] use fdevent_load_file_bytes() for STEK file * [core] allow symlinks under /dev for rand devices * [multiple] use light_btst() for hdr existence chk * [mod_deflate] fix potential NULL deref in err case * [core] save errno around close() if fstat() fails * [mod_ssi] use stat_cache_open_rdonly_fstat() * [core] fdevent_dup_cloexec() * [core] dup FILE_CHUNK fd when splitting FILE_CHUNK * [core] stat_cache_path_isdir() * [multiple] use stat_cache_path_isdir() * [mod_mbedtls] quiet CLOSE_NOTIFY after conn reset * [mod_gnutls] quiet CLOSE_NOTIFY after conn reset * [core] limit num ranges in Range requests * [core] remove unused r->content_length * [core] http_response_parse_range() const file sz * [core] pass open fd to http_response_parse_range * [core] stat_cache_get_entry_open() * [core,mod_deflate] leverage cache of open fd * [doc] comment out config disabling Range for .pdf * [core] coalesce nearby ranges in Range requests * [mod_fastcgi] decode chunked is cold code path * [core] fix chunkqueue_compact_mem w/ partial chunk * [core] alloc optim reading file, sending chunked * [core] reuse chunkqueue_compact_mem*() * [mod_cgi] use splice() to send input to CGI * [multiple] ignore openssl 3.0.0 deprecation warns * [mod_openssl] migrate ticket cb to openssl 3.0.0 * [mod_openssl] construct OSSL_PARAM on stack * [mod_openssl] merge ssl_tlsext_ticket_key_cb impls * [multiple] openssl 3.0.0 digest interface migrate * [tests] detect multiple SSL/TLS/crypto providers * [core] sys-crypto-md.h consistent interfaces * [wolfssl] wolfSSL_CTX_set_mode differs from others * [multiple] use NSS crypto if no other crypto avail * [multiple] stat_cache_path_stat() for struct st * [TLS] ignore empty "CipherString" in ssl-conf-cmd * [multiple] remove chunk file.start member * [core] modify use of getrlimit() to not be fatal * [mod_webdav] add missing update to cq accounting * [mod_webdav] update defaults after worker_init * [mod_openssl] use newer openssl 3.0.0 func * [core] config_plugin_value_to_int32() * [core] minimize pause during graceful restart * [mod_deflate] use large mmap chunks to compress * [core] stat_cache_entry reference counting * [core] FILE_CHUNK can hold stat_cache_entry ref * [core] http_chunk_append_file_ref_range() * [multiple] use http_chunk_append_file_ref() * [core] always lseek() with shared fd * [core] silence coverity warnings (false positives) * [core] silence coverity warnings in ls-hpack * [core] silence coverity warnings (another try) * [core] fix fd sharing when splitting file chunk * [mod_mbedtls] quiet unused variable warning * [core] use inline funcs in sys-crypto-md.h * [core] add missing declaration for NSS rand * [core] init NSS lib for basic crypto algorithms * [doc] change mod_compress refs to mod_deflate * [doc] replace bzip2 refs with brotli * [build] remove svnversion from versionstamp rule * [doc] /var/run -> /run * [multiple] test for nss includes * [mod_nss] more nss includes fixes * [mod_webdav] define _NETBSD_SOURCE on NetBSD * [core] silence coverity warnings (another try) * [mod_mbedtls] newer mbedTLS vers support TLSv1.3 * [mod_accesslog] update defaults after cycling log * [multiple] add some missing config cleanup * [core] fix (startup) mem leaks in configparser.y * [core] STAILQ_* -> SIMPLEQ_* on OpenBSD * [mod_wolfssl] use more wolfssl/options.h defines * [mod_wolfssl] cripple SNI if not built OPENSSL_ALL * [mod_wolfssl] need to build --enable-alpn for ALPN * [mod_secdownload] fix compile w/ NSS on FreeBSD * [mod_mbedtls] wrap addtl code in preproc defines * [TLS] server.feature-flags "ssl.session-cache" * [core] workaround fragile code in wolfssl types.h * [core] move misplaced error trace to match option * [core] adjust wolfssl workaround for another case * [multiple] consistent order for crypto lib select * [multiple] include mbedtls/config.h after select * [multiple] include wolfssl/options.h after select * [core] set NSS_VER_INCLUDE after crypto lib select * [core] use system xxhash lib if available * [doc] refresh doc/config/conf.d/mime.conf * [meson] add matching -I for lua lib version * [build] prepend search for lua version 5.4 * [core] use inotify in stat_cache.[ch] on Linux * [build] detect inotify header <sys/inotify.h> * [mod_nss] update session ticket NSS devel comment * [core] set last_used on rd/wr from backend (fixes #3029) * [core] cold func for gw_recv_response error case * [core] use kqueue() instead of FAM/gamin on *BSD * [core] no graceful-restart-bg on OpenBSD, NetBSD * [mod_openssl] add LIBRESSL_VERSION_NUMBER checks * [core] use struct kevent on stack in stat_cache * [core] stat_cache preprocessor paranoia * [mod_openssl] adjust LIBRESSL_VERSION_NUMBER check * [mod_maxminddb] fix config validation typo * [tests] allow LIGHTTPD_EXE_PATH override * [multiple] handle NULL val as empty in *_env_add (fixes #3030) * [core] accept "HTTP/2.0", "HTTP/3.0" from backends (fixes #3031) * [build] check for xxhash in more ways * [core] accept "HTTP/2.0", "HTTP/3.0" from backends (#3031) * [core] http_response_buffer_append_authority() * [core] define SHA*_DIGEST_LENGTH macros if missing * [doc] update optional pkg dependencies in INSTALL * [mod_alias] validate given order, not sorted order * [core] filter out duplicate modules * [mod_cgi] fix crash if initial write to CGI fails * [mod_cgi] ensure tmp file open() before splice() * [multiple] add back-pressure gw data pump (fixes #3033) * [core] fix bug when HTTP/2 frames span chunks * [multiple] more forgiving config str to boolean (fixes #3036) * [core] check for __builtin_expect() availability * [core] quiet more request parse errs unless debug * [core] consolidate chunk size checks * [mod_flv_streaming] use stat_cache_get_entry_open * [mod_webdav] pass full path to webdav_unlinkat() * [mod_webdav] fallbacks if _ATFILE_SOURCE not avail * [mod_fastcgi] move src/fastcgi.h into src/compat/ * [mod_status] add additional HTML-encoding * [core] server.v4mapped option * [mod_webdav] workaround for gvfs dir redir bug - Remove SuSEfirewall2 service files, SuSEfirewall2 does not exist anymore - Changed /etc/logrotate.d/lighttpd from init.d to systemd fix boo#1146452. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-24=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): lighttpd-1.4.64-bp153.2.3.1 lighttpd-mod_authn_gssapi-1.4.64-bp153.2.3.1 lighttpd-mod_authn_ldap-1.4.64-bp153.2.3.1 lighttpd-mod_authn_pam-1.4.64-bp153.2.3.1 lighttpd-mod_authn_sasl-1.4.64-bp153.2.3.1 lighttpd-mod_magnet-1.4.64-bp153.2.3.1 lighttpd-mod_maxminddb-1.4.64-bp153.2.3.1 lighttpd-mod_rrdtool-1.4.64-bp153.2.3.1 lighttpd-mod_vhostdb_dbi-1.4.64-bp153.2.3.1 lighttpd-mod_vhostdb_ldap-1.4.64-bp153.2.3.1 lighttpd-mod_vhostdb_mysql-1.4.64-bp153.2.3.1 lighttpd-mod_vhostdb_pgsql-1.4.64-bp153.2.3.1 lighttpd-mod_webdav-1.4.64-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-22707.html https://bugzilla.suse.com/1146452 https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1194376

1 0

openSUSE-SU-2022:0287-1: critical: Security update for samba
by opensuse-security＠opensuse.org 01 Feb '22

01 Feb '22

openSUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0287-1 Rating: critical References: #1194859 Cross-References: CVE-2021-44142 CVSS scores: CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-287=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libndr0-4.11.14+git.319.91d693db37c-4.35.1 libndr0-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 - openSUSE Leap 15.4 (x86_64): libndr0-32bit-4.11.14+git.319.91d693db37c-4.35.1 libndr0-32bit-debuginfo-4.11.14+git.319.91d693db37c-4.35.1 References: https://www.suse.com/security/cve/CVE-2021-44142.html https://bugzilla.suse.com/1194859

1 0

openSUSE-SU-2022:0277-1: important: Test update for SUSE:SLE-15-SP2:Update (security)
by opensuse-security＠opensuse.org 01 Feb '22

01 Feb '22

openSUSE Security Update: Test update for SUSE:SLE-15-SP2:Update (security) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0277-1 Rating: important References: #1194507 Affected Products: openSUSE Leap 15.4 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This is a security test update for SUSE:SLE-15-SP2:Update Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-277=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-277=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): update-test-security-5.1-33.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): update-test-security-5.1-33.2 References: https://bugzilla.suse.com/1194507

1 0

openSUSE-SU-2022:0283-1: important: Security update for samba
by opensuse-security＠opensuse.org 01 Feb '22

01 Feb '22

openSUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0283-1 Rating: important References: #1139519 #1183572 #1183574 #1188571 #1191227 #1191532 #1192684 #1193690 #1194859 #1195048 SLE-23329 Cross-References: CVE-2020-27840 CVE-2021-20277 CVE-2021-20316 CVE-2021-36222 CVE-2021-43566 CVE-2021-44141 CVE-2021-44142 CVE-2022-0336 CVSS scores: CVE-2020-27840 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27840 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20277 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20277 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2021-20316 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-43566 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-44141 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-0336 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 8 vulnerabilities, contains one feature and has two fixes is now available. Description: - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the "password" and "verify" options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports "service@" as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with ".rcache2" by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an "enforce_ok_as_delegate" krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ("draft 9") variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for "dns_canonicalize_hostname=fallback", causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a "qualify_shortname" krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing "addprinc -randkey -kvno" from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * "kdb5_util dump" will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-283=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.13.6-150300.3.11.2 apache2-mod_apparmor-debuginfo-2.13.6-150300.3.11.2 apparmor-debugsource-2.13.6-150300.3.11.2 apparmor-parser-2.13.6-150300.3.11.2 apparmor-parser-debuginfo-2.13.6-150300.3.11.2 ctdb-4.15.4+git.324.8332acf1a63-150300.3.25.3 ctdb-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 ctdb-pcp-pmda-4.15.4+git.324.8332acf1a63-150300.3.25.3 ctdb-pcp-pmda-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 krb5-1.19.2-150300.8.3.2 krb5-client-1.19.2-150300.8.3.2 krb5-client-debuginfo-1.19.2-150300.8.3.2 krb5-debuginfo-1.19.2-150300.8.3.2 krb5-debugsource-1.19.2-150300.8.3.2 krb5-devel-1.19.2-150300.8.3.2 krb5-mini-1.19.2-150300.8.3.2 krb5-mini-debuginfo-1.19.2-150300.8.3.2 krb5-mini-debugsource-1.19.2-150300.8.3.2 krb5-mini-devel-1.19.2-150300.8.3.2 krb5-plugin-kdb-ldap-1.19.2-150300.8.3.2 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.8.3.2 krb5-plugin-preauth-otp-1.19.2-150300.8.3.2 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.8.3.2 krb5-plugin-preauth-pkinit-1.19.2-150300.8.3.2 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.8.3.2 krb5-plugin-preauth-spake-1.19.2-150300.8.3.2 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.8.3.2 krb5-server-1.19.2-150300.8.3.2 krb5-server-debuginfo-1.19.2-150300.8.3.2 ldb-debugsource-2.4.1-150300.3.10.1 ldb-tools-2.4.1-150300.3.10.1 ldb-tools-debuginfo-2.4.1-150300.3.10.1 libapparmor-debugsource-2.13.6-150300.3.11.1 libapparmor-devel-2.13.6-150300.3.11.1 libapparmor1-2.13.6-150300.3.11.1 libapparmor1-debuginfo-2.13.6-150300.3.11.1 libipa_hbac-devel-1.16.1-150300.23.17.3 libipa_hbac0-1.16.1-150300.23.17.3 libipa_hbac0-debuginfo-1.16.1-150300.23.17.3 libldb-devel-2.4.1-150300.3.10.1 libldb2-2.4.1-150300.3.10.1 libldb2-debuginfo-2.4.1-150300.3.10.1 libnfsidmap-sss-1.16.1-150300.23.17.3 libnfsidmap-sss-debuginfo-1.16.1-150300.23.17.3 libsamba-policy-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3 libsamba-policy-python3-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3 libsamba-policy0-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3 libsamba-policy0-python3-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 libsss_certmap-devel-1.16.1-150300.23.17.3 libsss_certmap0-1.16.1-150300.23.17.3 libsss_certmap0-debuginfo-1.16.1-150300.23.17.3 libsss_idmap-devel-1.16.1-150300.23.17.3 libsss_idmap0-1.16.1-150300.23.17.3 libsss_idmap0-debuginfo-1.16.1-150300.23.17.3 libsss_nss_idmap-devel-1.16.1-150300.23.17.3 libsss_nss_idmap0-1.16.1-150300.23.17.3 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.17.3 libsss_simpleifp-devel-1.16.1-150300.23.17.3 libsss_simpleifp0-1.16.1-150300.23.17.3 libsss_simpleifp0-debuginfo-1.16.1-150300.23.17.3 libtalloc-devel-2.3.3-150300.3.3.2 libtalloc2-2.3.3-150300.3.3.2 libtalloc2-debuginfo-2.3.3-150300.3.3.2 libtdb-devel-1.4.4-150300.3.3.2 libtdb1-1.4.4-150300.3.3.2 libtdb1-debuginfo-1.4.4-150300.3.3.2 libtevent-devel-0.11.0-150300.3.3.2 libtevent0-0.11.0-150300.3.3.2 libtevent0-debuginfo-0.11.0-150300.3.3.2 pam_apparmor-2.13.6-150300.3.11.2 pam_apparmor-debuginfo-2.13.6-150300.3.11.2 perl-apparmor-2.13.6-150300.3.11.2 perl-apparmor-debuginfo-2.13.6-150300.3.11.2 python3-apparmor-2.13.6-150300.3.11.2 python3-apparmor-debuginfo-2.13.6-150300.3.11.2 python3-ipa_hbac-1.16.1-150300.23.17.3 python3-ipa_hbac-debuginfo-1.16.1-150300.23.17.3 python3-ldb-2.4.1-150300.3.10.1 python3-ldb-debuginfo-2.4.1-150300.3.10.1 python3-ldb-devel-2.4.1-150300.3.10.1 python3-sss-murmur-1.16.1-150300.23.17.3 python3-sss-murmur-debuginfo-1.16.1-150300.23.17.3 python3-sss_nss_idmap-1.16.1-150300.23.17.3 python3-sss_nss_idmap-debuginfo-1.16.1-150300.23.17.3 python3-sssd-config-1.16.1-150300.23.17.3 python3-sssd-config-debuginfo-1.16.1-150300.23.17.3 python3-talloc-2.3.3-150300.3.3.2 python3-talloc-debuginfo-2.3.3-150300.3.3.2 python3-talloc-devel-2.3.3-150300.3.3.2 python3-tdb-1.4.4-150300.3.3.2 python3-tdb-debuginfo-1.4.4-150300.3.3.2 python3-tevent-0.11.0-150300.3.3.2 python3-tevent-debuginfo-0.11.0-150300.3.3.2 ruby-apparmor-2.13.6-150300.3.11.2 ruby-apparmor-debuginfo-2.13.6-150300.3.11.2 samba-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ad-dc-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ad-dc-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ad-dc-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ad-dc-libs-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-libs-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-debugsource-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-devel-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-dsdb-modules-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-dsdb-modules-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-gpupdate-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ldb-ldap-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ldb-ldap-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-python3-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-python3-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-python3-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-test-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-test-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-tool-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-libs-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 sssd-1.16.1-150300.23.17.3 sssd-ad-1.16.1-150300.23.17.3 sssd-ad-debuginfo-1.16.1-150300.23.17.3 sssd-common-1.16.1-150300.23.17.3 sssd-common-debuginfo-1.16.1-150300.23.17.3 sssd-dbus-1.16.1-150300.23.17.3 sssd-dbus-debuginfo-1.16.1-150300.23.17.3 sssd-debugsource-1.16.1-150300.23.17.3 sssd-ipa-1.16.1-150300.23.17.3 sssd-ipa-debuginfo-1.16.1-150300.23.17.3 sssd-krb5-1.16.1-150300.23.17.3 sssd-krb5-common-1.16.1-150300.23.17.3 sssd-krb5-common-debuginfo-1.16.1-150300.23.17.3 sssd-krb5-debuginfo-1.16.1-150300.23.17.3 sssd-ldap-1.16.1-150300.23.17.3 sssd-ldap-debuginfo-1.16.1-150300.23.17.3 sssd-proxy-1.16.1-150300.23.17.3 sssd-proxy-debuginfo-1.16.1-150300.23.17.3 sssd-tools-1.16.1-150300.23.17.3 sssd-tools-debuginfo-1.16.1-150300.23.17.3 sssd-wbclient-1.16.1-150300.23.17.3 sssd-wbclient-debuginfo-1.16.1-150300.23.17.3 sssd-wbclient-devel-1.16.1-150300.23.17.3 sssd-winbind-idmap-1.16.1-150300.23.17.3 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.17.3 talloc-debugsource-2.3.3-150300.3.3.2 talloc-man-2.3.3-150300.3.3.1 tdb-debugsource-1.4.4-150300.3.3.2 tdb-tools-1.4.4-150300.3.3.2 tdb-tools-debuginfo-1.4.4-150300.3.3.2 tevent-debugsource-0.11.0-150300.3.3.2 tevent-man-0.11.0-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 x86_64): samba-ceph-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ceph-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 - openSUSE Leap 15.3 (aarch64_ilp32): libsamba-policy0-python3-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 libsamba-policy0-python3-64bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-64bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-64bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-python3-64bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-python3-64bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 - openSUSE Leap 15.3 (noarch): apparmor-abstractions-2.13.6-150300.3.11.2 apparmor-docs-2.13.6-150300.3.11.2 apparmor-parser-lang-2.13.6-150300.3.11.2 apparmor-profiles-2.13.6-150300.3.11.2 apparmor-utils-2.13.6-150300.3.11.2 apparmor-utils-lang-2.13.6-150300.3.11.2 samba-doc-4.15.4+git.324.8332acf1a63-150300.3.25.3 - openSUSE Leap 15.3 (x86_64): krb5-32bit-1.19.2-150300.8.3.2 krb5-32bit-debuginfo-1.19.2-150300.8.3.2 krb5-devel-32bit-1.19.2-150300.8.3.2 libapparmor1-32bit-2.13.6-150300.3.11.1 libapparmor1-32bit-debuginfo-2.13.6-150300.3.11.1 libldb2-32bit-2.4.1-150300.3.10.1 libldb2-32bit-debuginfo-2.4.1-150300.3.10.1 libsamba-policy0-python3-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 libsamba-policy0-python3-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 libtalloc2-32bit-2.3.3-150300.3.3.2 libtalloc2-32bit-debuginfo-2.3.3-150300.3.3.2 libtdb1-32bit-1.4.4-150300.3.3.2 libtdb1-32bit-debuginfo-1.4.4-150300.3.3.2 libtevent0-32bit-0.11.0-150300.3.3.2 libtevent0-32bit-debuginfo-0.11.0-150300.3.3.2 pam_apparmor-32bit-2.13.6-150300.3.11.2 pam_apparmor-32bit-debuginfo-2.13.6-150300.3.11.2 python3-ldb-32bit-2.4.1-150300.3.10.1 python3-ldb-32bit-debuginfo-2.4.1-150300.3.10.1 python3-talloc-32bit-2.3.3-150300.3.3.2 python3-talloc-32bit-debuginfo-2.3.3-150300.3.3.2 python3-tdb-32bit-1.4.4-150300.3.3.2 python3-tdb-32bit-debuginfo-1.4.4-150300.3.3.2 python3-tevent-32bit-0.11.0-150300.3.3.2 python3-tevent-32bit-debuginfo-0.11.0-150300.3.3.2 samba-ad-dc-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-ad-dc-libs-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-client-libs-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-devel-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-python3-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-libs-python3-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-libs-32bit-4.15.4+git.324.8332acf1a63-150300.3.25.3 samba-winbind-libs-32bit-debuginfo-4.15.4+git.324.8332acf1a63-150300.3.25.3 References: https://www.suse.com/security/cve/CVE-2020-27840.html https://www.suse.com/security/cve/CVE-2021-20277.html https://www.suse.com/security/cve/CVE-2021-20316.html https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-43566.html https://www.suse.com/security/cve/CVE-2021-44141.html https://www.suse.com/security/cve/CVE-2021-44142.html https://www.suse.com/security/cve/CVE-2022-0336.html https://bugzilla.suse.com/1139519 https://bugzilla.suse.com/1183572 https://bugzilla.suse.com/1183574 https://bugzilla.suse.com/1188571 https://bugzilla.suse.com/1191227 https://bugzilla.suse.com/1191532 https://bugzilla.suse.com/1192684 https://bugzilla.suse.com/1193690 https://bugzilla.suse.com/1194859 https://bugzilla.suse.com/1195048

1 0

openSUSE-SU-2022:0284-1: critical: Security update for samba
by opensuse-security＠opensuse.org 01 Feb '22

01 Feb '22

openSUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0284-1 Rating: critical References: #1194859 Cross-References: CVE-2021-44142 CVSS scores: CVE-2021-44142 (SUSE): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2021-44142: Fixed out-of-Bound Read/Write on Samba vfs_fruit module. (bsc#1194859) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-284=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsamba-policy-python-devel-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-4.9.5+git.483.212a7ebca6b-3.64.1 samba-python-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 - openSUSE Leap 15.4 (x86_64): libsamba-policy0-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 libsamba-policy0-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-32bit-4.9.5+git.483.212a7ebca6b-3.64.1 samba-libs-python-32bit-debuginfo-4.9.5+git.483.212a7ebca6b-3.64.1 References: https://www.suse.com/security/cve/CVE-2021-44142.html https://bugzilla.suse.com/1194859

1 0