openSUSE Security Announce
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
April 2022
- 2 participants
- 61 discussions
SUSE-SU-2022:1316-1: moderate: Security update for podofo
by opensuse-security@opensuse.org 22 Apr '22
by opensuse-security@opensuse.org 22 Apr '22
22 Apr '22
SUSE Security Update: Security update for podofo
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1316-1
Rating: moderate
References: #1159921
Cross-References: CVE-2019-20093
CVSS scores:
CVE-2019-20093 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-20093 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for podofo fixes the following issues:
- CVE-2019-20093: Fixed an invalid memory access that could cause an
application crash (bsc#1159921).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1316=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1316=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libpodofo-devel-0.9.6-150300.3.3.1
libpodofo0_9_6-0.9.6-150300.3.3.1
libpodofo0_9_6-debuginfo-0.9.6-150300.3.3.1
podofo-0.9.6-150300.3.3.1
podofo-debuginfo-0.9.6-150300.3.3.1
podofo-debugsource-0.9.6-150300.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libpodofo-devel-0.9.6-150300.3.3.1
libpodofo0_9_6-0.9.6-150300.3.3.1
libpodofo0_9_6-debuginfo-0.9.6-150300.3.3.1
podofo-0.9.6-150300.3.3.1
podofo-debuginfo-0.9.6-150300.3.3.1
podofo-debugsource-0.9.6-150300.3.3.1
References:
https://www.suse.com/security/cve/CVE-2019-20093.html
https://bugzilla.suse.com/1159921
1
0
SUSE-SU-2022:1296-1: important: Security update for openjpeg
by opensuse-security@opensuse.org 21 Apr '22
by opensuse-security@opensuse.org 21 Apr '22
21 Apr '22
SUSE Security Update: Security update for openjpeg
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1296-1
Rating: important
References: #1102016 #1106881 #1162090 #1173578 #1180457
#1184774
Cross-References: CVE-2018-14423 CVE-2018-16376 CVE-2020-15389
CVE-2020-27823 CVE-2020-8112 CVE-2021-29338
CVSS scores:
CVE-2018-14423 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2018-14423 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-16376 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-16376 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2020-15389 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2020-15389 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-27823 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-27823 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-8112 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-8112 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-29338 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-29338 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for openjpeg fixes the following issues:
- CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions
pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c
(bsc#1102016).
- CVE-2018-16376: Fixed heap-based buffer overflow function
t2_encode_packet in lib/openmj2/t2.c (bsc#1106881).
- CVE-2020-8112: Fixed a heap buffer overflow in
opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090).
- CVE-2020-15389: Fixed a use-after-free if a mix of valid and invalid
files in a directory operated on by the decompressor (bsc#1173578).
- CVE-2020-27823: Fixed a heap buffer over-write in
opj_tcd_dc_level_shift_encode() (bsc#1180457),
- CVE-2021-29338: Fixed an integer Overflow allows remote attackers to
crash the application (bsc#1184774).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1296=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1296=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1296=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1296=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1296=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1296=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1296=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1296=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1296=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1296=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1296=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1296=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1296=1
- SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1296=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1296=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1296=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1296=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1296=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1296=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1296=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1296=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1296=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1296=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-1296=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- openSUSE Leap 15.4 (x86_64):
libopenjpeg1-32bit-1.5.2-150000.4.5.1
libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.5.1
openjpeg-devel-32bit-1.5.2-150000.4.5.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- openSUSE Leap 15.3 (x86_64):
libopenjpeg1-32bit-1.5.2-150000.4.5.1
libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.5.1
openjpeg-devel-32bit-1.5.2-150000.4.5.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Manager Proxy 4.1 (x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
- SUSE CaaS Platform 4.0 (x86_64):
libopenjpeg1-1.5.2-150000.4.5.1
libopenjpeg1-debuginfo-1.5.2-150000.4.5.1
openjpeg-debuginfo-1.5.2-150000.4.5.1
openjpeg-debugsource-1.5.2-150000.4.5.1
openjpeg-devel-1.5.2-150000.4.5.1
References:
https://www.suse.com/security/cve/CVE-2018-14423.html
https://www.suse.com/security/cve/CVE-2018-16376.html
https://www.suse.com/security/cve/CVE-2020-15389.html
https://www.suse.com/security/cve/CVE-2020-27823.html
https://www.suse.com/security/cve/CVE-2020-8112.html
https://www.suse.com/security/cve/CVE-2021-29338.html
https://bugzilla.suse.com/1102016
https://bugzilla.suse.com/1106881
https://bugzilla.suse.com/1162090
https://bugzilla.suse.com/1173578
https://bugzilla.suse.com/1180457
https://bugzilla.suse.com/1184774
1
0
21 Apr '22
SUSE Security Update: Security update for swtpm
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1297-1
Rating: low
References: #1196240
Cross-References: CVE-2022-23645
CVSS scores:
CVE-2022-23645 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for swtpm fixes the following issues:
- Update to version 0.5.3
- CVE-2022-23645: Check header size indicator against expected size
(bsc#1196240).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1297=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1297=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1297=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1297=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
swtpm-0.5.3-150300.3.3.1
swtpm-debuginfo-0.5.3-150300.3.3.1
swtpm-debugsource-0.5.3-150300.3.3.1
swtpm-devel-0.5.3-150300.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
swtpm-0.5.3-150300.3.3.1
swtpm-debuginfo-0.5.3-150300.3.3.1
swtpm-debugsource-0.5.3-150300.3.3.1
swtpm-devel-0.5.3-150300.3.3.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
swtpm-0.5.3-150300.3.3.1
swtpm-debuginfo-0.5.3-150300.3.3.1
swtpm-debugsource-0.5.3-150300.3.3.1
swtpm-devel-0.5.3-150300.3.3.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
swtpm-0.5.3-150300.3.3.1
swtpm-debuginfo-0.5.3-150300.3.3.1
swtpm-debugsource-0.5.3-150300.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-23645.html
https://bugzilla.suse.com/1196240
1
0
SUSE-SU-2022:1277-1: moderate: Security update for dcraw
by opensuse-security@opensuse.org 20 Apr '22
by opensuse-security@opensuse.org 20 Apr '22
20 Apr '22
SUSE Security Update: Security update for dcraw
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1277-1
Rating: moderate
References: #1056170 #1063798 #1084690 #1097973 #1097974
#1117436 #1117512 #1117517 #1117622 #1117896
#1189642
Cross-References: CVE-2017-13735 CVE-2017-14608 CVE-2018-19565
CVE-2018-19566 CVE-2018-19567 CVE-2018-19568
CVE-2018-19655 CVE-2018-5801 CVE-2018-5805
CVE-2018-5806 CVE-2021-3624
CVSS scores:
CVE-2017-13735 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2017-13735 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2017-14608 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2017-14608 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-19565 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2018-19565 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-19566 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2018-19566 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVE-2018-19567 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-19567 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-19568 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-19568 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-19655 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-19655 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-5801 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-5801 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-5805 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-5805 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2018-5806 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-5806 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3624 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 11 vulnerabilities is now available.
Description:
This update for dcraw fixes the following issues:
- CVE-2017-13735: Fixed a denial of service issue due to a floating point
exception (bsc#1056170).
- CVE-2017-14608: Fixed an invalid memory access that could lead to
information disclosure or denial of service (bsc#1063798).
- CVE-2018-19655: Fixed a buffer overflow that could lead to an
application crash (bsc#1117896).
- CVE-2018-5801: Fixed an invalid memory access that could lead to denial
of service (bsc#1084690).
- CVE-2018-5805: Fixed a buffer overflow that could lead to an application
crash (bsc#1097973).
- CVE-2018-5806: Fixed an invalid memory access that could lead to denial
of service (bsc#1097974).
- CVE-2018-19565: Fixed an invalid memory access that could lead to
information disclosure or denial of service (bsc#1117622).
- CVE-2018-19566: Fixed an invalid memory access that could lead to
information disclosure or denial of service (bsc#1117517).
- CVE-2018-19567: Fixed a denial of service issue due to a floating point
exception (bsc#1117512).
- CVE-2018-19568: Fixed a denial of service issue due to a floating point
exception (bsc#1117436).
- CVE-2021-3624: Fixed a buffer overflow that could lead to code execution
or denial of service (bsc#1189642).
Non-security fixes:
- Updated to version 9.28.0.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1277=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1277=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
dcraw-9.28.0-150000.3.3.1
dcraw-debuginfo-9.28.0-150000.3.3.1
dcraw-debugsource-9.28.0-150000.3.3.1
- openSUSE Leap 15.4 (noarch):
dcraw-lang-9.28.0-150000.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
dcraw-9.28.0-150000.3.3.1
dcraw-debuginfo-9.28.0-150000.3.3.1
dcraw-debugsource-9.28.0-150000.3.3.1
- openSUSE Leap 15.3 (noarch):
dcraw-lang-9.28.0-150000.3.3.1
References:
https://www.suse.com/security/cve/CVE-2017-13735.html
https://www.suse.com/security/cve/CVE-2017-14608.html
https://www.suse.com/security/cve/CVE-2018-19565.html
https://www.suse.com/security/cve/CVE-2018-19566.html
https://www.suse.com/security/cve/CVE-2018-19567.html
https://www.suse.com/security/cve/CVE-2018-19568.html
https://www.suse.com/security/cve/CVE-2018-19655.html
https://www.suse.com/security/cve/CVE-2018-5801.html
https://www.suse.com/security/cve/CVE-2018-5805.html
https://www.suse.com/security/cve/CVE-2018-5806.html
https://www.suse.com/security/cve/CVE-2021-3624.html
https://bugzilla.suse.com/1056170
https://bugzilla.suse.com/1063798
https://bugzilla.suse.com/1084690
https://bugzilla.suse.com/1097973
https://bugzilla.suse.com/1097974
https://bugzilla.suse.com/1117436
https://bugzilla.suse.com/1117512
https://bugzilla.suse.com/1117517
https://bugzilla.suse.com/1117622
https://bugzilla.suse.com/1117896
https://bugzilla.suse.com/1189642
1
0
SUSE-SU-2022:1271-1: important: Security update for netty
by opensuse-security@opensuse.org 20 Apr '22
by opensuse-security@opensuse.org 20 Apr '22
20 Apr '22
SUSE Security Update: Security update for netty
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1271-1
Rating: important
References: #1182103 #1183262 #1190610 #1190613 #1193672
Cross-References: CVE-2021-21290 CVE-2021-21295 CVE-2021-37136
CVE-2021-37137 CVE-2021-43797
CVSS scores:
CVE-2021-21290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-21290 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-21295 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2021-21295 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2021-37136 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-37136 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-37137 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-37137 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-43797 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-43797 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for netty fixes the following issues:
- Updated to version 4.1.75:
- CVE-2021-37136: Fixed an unrestricted decompressed data size in
Bzip2Decoder (bsc#1190610).
- CVE-2021-37137: Fixed an unrestricted chunk length in
SnappyFrameDecoder, which might lead to excessive memory usage
(#bsc#1190613).
- CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to
insufficient validation against control characters (bsc#1193672).
- CVE-2021-21290: Fixed an information disclosure via the local system
temporary directory (bsc#1182103).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1271=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1271=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
netty-4.1.75-150200.4.6.2
- openSUSE Leap 15.4 (noarch):
netty-javadoc-4.1.75-150200.4.6.2
netty-poms-4.1.75-150200.4.6.2
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
netty-4.1.75-150200.4.6.2
- openSUSE Leap 15.3 (noarch):
netty-javadoc-4.1.75-150200.4.6.2
netty-poms-4.1.75-150200.4.6.2
References:
https://www.suse.com/security/cve/CVE-2021-21290.html
https://www.suse.com/security/cve/CVE-2021-21295.html
https://www.suse.com/security/cve/CVE-2021-37136.html
https://www.suse.com/security/cve/CVE-2021-37137.html
https://www.suse.com/security/cve/CVE-2021-43797.html
https://bugzilla.suse.com/1182103
https://bugzilla.suse.com/1183262
https://bugzilla.suse.com/1190610
https://bugzilla.suse.com/1190613
https://bugzilla.suse.com/1193672
1
0
SUSE-SU-2022:1274-1: important: Security update for GraphicsMagick
by opensuse-security@opensuse.org 20 Apr '22
by opensuse-security@opensuse.org 20 Apr '22
20 Apr '22
SUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1274-1
Rating: important
References: #1198351
Cross-References: CVE-2022-1270
CVSS scores:
CVE-2022-1270 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for GraphicsMagick fixes the following issues:
- CVE-2022-1270: Fixed a heap buffer overflow when parsing MIFF
(bsc#1198351).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1274=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1274=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
GraphicsMagick-1.3.35-150300.3.3.1
GraphicsMagick-debuginfo-1.3.35-150300.3.3.1
GraphicsMagick-debugsource-1.3.35-150300.3.3.1
GraphicsMagick-devel-1.3.35-150300.3.3.1
libGraphicsMagick++-Q16-12-1.3.35-150300.3.3.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.35-150300.3.3.1
libGraphicsMagick++-devel-1.3.35-150300.3.3.1
libGraphicsMagick-Q16-3-1.3.35-150300.3.3.1
libGraphicsMagick-Q16-3-debuginfo-1.3.35-150300.3.3.1
libGraphicsMagick3-config-1.3.35-150300.3.3.1
libGraphicsMagickWand-Q16-2-1.3.35-150300.3.3.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.35-150300.3.3.1
perl-GraphicsMagick-1.3.35-150300.3.3.1
perl-GraphicsMagick-debuginfo-1.3.35-150300.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
GraphicsMagick-1.3.35-150300.3.3.1
GraphicsMagick-debuginfo-1.3.35-150300.3.3.1
GraphicsMagick-debugsource-1.3.35-150300.3.3.1
GraphicsMagick-devel-1.3.35-150300.3.3.1
libGraphicsMagick++-Q16-12-1.3.35-150300.3.3.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.35-150300.3.3.1
libGraphicsMagick++-devel-1.3.35-150300.3.3.1
libGraphicsMagick-Q16-3-1.3.35-150300.3.3.1
libGraphicsMagick-Q16-3-debuginfo-1.3.35-150300.3.3.1
libGraphicsMagick3-config-1.3.35-150300.3.3.1
libGraphicsMagickWand-Q16-2-1.3.35-150300.3.3.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.35-150300.3.3.1
perl-GraphicsMagick-1.3.35-150300.3.3.1
perl-GraphicsMagick-debuginfo-1.3.35-150300.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-1270.html
https://bugzilla.suse.com/1198351
1
0
SUSE-SU-2022:1273-1: important: Security update for SDL
by opensuse-security@opensuse.org 20 Apr '22
by opensuse-security@opensuse.org 20 Apr '22
20 Apr '22
SUSE Security Update: Security update for SDL
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1273-1
Rating: important
References: #1181201 #1181202 #1198001
Cross-References: CVE-2020-14409 CVE-2020-14410 CVE-2021-33657
CVSS scores:
CVE-2020-14409 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-14409 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-14410 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVE-2020-14410 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33657 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-33657 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for SDL fixes the following issues:
- CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap
corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202)
- CVE-2020-14410: Fixed a heap-based buffer over-read in
Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201)
- CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c.
(bsc#1198001)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1273=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1273=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1273=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1273=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1273=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1273=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1273=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1273=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1273=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1273=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1273=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1273=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1273=1
- SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1273=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1273=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1273=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1273=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1273=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1273=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1273=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1273=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1273=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1273=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1273=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-1273=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- openSUSE Leap 15.4 (x86_64):
libSDL-1_2-0-32bit-1.2.15-150000.3.19.1
libSDL-1_2-0-32bit-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-32bit-1.2.15-150000.3.19.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- openSUSE Leap 15.3 (x86_64):
libSDL-1_2-0-32bit-1.2.15-150000.3.19.1
libSDL-1_2-0-32bit-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-32bit-1.2.15-150000.3.19.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Manager Proxy 4.1 (x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x):
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
- SUSE CaaS Platform 4.0 (x86_64):
SDL-debugsource-1.2.15-150000.3.19.1
libSDL-1_2-0-1.2.15-150000.3.19.1
libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1
libSDL-devel-1.2.15-150000.3.19.1
References:
https://www.suse.com/security/cve/CVE-2020-14409.html
https://www.suse.com/security/cve/CVE-2020-14410.html
https://www.suse.com/security/cve/CVE-2021-33657.html
https://bugzilla.suse.com/1181201
https://bugzilla.suse.com/1181202
https://bugzilla.suse.com/1198001
1
0
SUSE-SU-2022:1276-1: important: Security update for nbd
by opensuse-security@opensuse.org 20 Apr '22
by opensuse-security@opensuse.org 20 Apr '22
20 Apr '22
SUSE Security Update: Security update for nbd
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1276-1
Rating: important
References: #1196827 #1196828
Cross-References: CVE-2022-26495 CVE-2022-26496
CVSS scores:
CVE-2022-26495 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26495 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26496 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26496 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for nbd fixes the following issues:
- CVE-2022-26495: Fixed an integer overflow with a resultant heap-based
buffer overflow (bsc#1196827).
- CVE-2022-26496: Fixed a stack-based buffer overflow when parsing the
name field by sending a crafted NBD_OPT_INFO (bsc#1196828).
Update to version 3.24 (bsc#1196827, bsc#1196828, CVE-2022-26495,
CVE-2022-26496):
* https://github.com/advisories/GHSA-q9rw-8758-hccj
Update to version 3.23:
* Don't overwrite the hostname with the TLS hostname
Update to version 3.22:
- nbd-server: handle auth for v6-mapped IPv4 addresses
- nbd-client.c: parse the next option in all cases
- configure.ac: silence a few autoconf 2.71 warnings
- spec: Relax NBD_OPT_LIST_META_CONTEXTS
- client: Don't confuse Unix socket with TLS hostname
- server: Avoid deprecated g_memdup
Update to version 3.21:
- Fix --disable-manpages build
- Fix a bug in whitespace handling regarding authorization files
- Support client-side marking of devices as read-only
- Support preinitialized NBD connection (i.e., skip the negotiation).
- Fix the systemd unit file for nbd-client so it works with netlink (the
more common situation nowadays)
Update to 3.20.0 (no changelog)
Update to version 3.19.0:
* Better error messages in case of unexpected disconnects
* Better compatibility with non-bash sh implementations (for
configure.sh)
* Fix for a segfault in NBD_OPT_INFO handling
* The ability to specify whether to listen on both TCP and Unix domain
sockets, rather than to always do so
* Various minor editorial and spelling fixes in the documentation.
Update to version 1.18.0:
* Client: Add the "-g" option to avoid even trying the NBD_OPT_GO message
* Server: fixes to inetd mode
* Don't make gnutls and libnl automagic.
* Server: bugfixes in handling of some export names during verification.
* Server: clean supplementary groups when changing user.
* Client: when using the netlink protocol, only set a timeout when there
actually is a timeout, rather than defaulting to 0 seconds
* Improve documentation on the nbdtab file
* Minor improvements to some error messages
* Improvements to test suite so it works better on non-GNU userland
environments
- Update to version 1.17.0:
* proto: add xNBD command NBD_CMD_CACHE to the spec
* server: do not crash when handling child name
* server: Close socket pair when fork fails
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1276=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1276=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
nbd-3.24-150000.3.3.1
nbd-debuginfo-3.24-150000.3.3.1
nbd-debugsource-3.24-150000.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nbd-3.24-150000.3.3.1
nbd-debuginfo-3.24-150000.3.3.1
nbd-debugsource-3.24-150000.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-26495.html
https://www.suse.com/security/cve/CVE-2022-26496.html
https://bugzilla.suse.com/1196827
https://bugzilla.suse.com/1196828
1
0
SUSE-SU-2022:1265-1: important: Security update for jsoup, jsr-305
by opensuse-security@opensuse.org 19 Apr '22
by opensuse-security@opensuse.org 19 Apr '22
19 Apr '22
SUSE Security Update: Security update for jsoup, jsr-305
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1265-1
Rating: important
References: #1189749
Cross-References: CVE-2021-37714
CVSS scores:
CVE-2021-37714 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-37714 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for jsoup, jsr-305 fixes the following issues:
- CVE-2021-37714: Fixed infinite in untrusted HTML or XML data parsing
(bsc#1189749).
Changes in jsr-305:
- Build with java source and target levels 8
- Upgrade to upstream version 3.0.2
Changes in jsoup:
- Upgrade to upstream version 1.14.2
- Generate tarball using source service instead of a script
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1265=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1265=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1265=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1265=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1265=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1265=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1265=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1265=1
- SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1265=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1265=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1265=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1265=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1265=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1265=1
Package List:
- openSUSE Leap 15.4 (noarch):
jsoup-1.14.2-150200.3.3.1
jsoup-javadoc-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
jsr-305-javadoc-3.0.2-150200.3.3.1
- openSUSE Leap 15.3 (noarch):
jsoup-1.14.2-150200.3.3.1
jsoup-javadoc-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
jsr-305-javadoc-3.0.2-150200.3.3.1
- SUSE Manager Server 4.1 (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
- SUSE Manager Proxy 4.1 (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
- SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
- SUSE Enterprise Storage 7 (noarch):
jsoup-1.14.2-150200.3.3.1
jsr-305-3.0.2-150200.3.3.1
References:
https://www.suse.com/security/cve/CVE-2021-37714.html
https://bugzilla.suse.com/1189749
1
0
SUSE-SU-2022:1256-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 19 Apr '22
by opensuse-security@opensuse.org 19 Apr '22
19 Apr '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1256-1
Rating: important
References: #1189562 #1193738 #1194943 #1195051 #1195254
#1195353 #1196018 #1196114 #1196433 #1196468
#1196488 #1196514 #1196639 #1196761 #1196830
#1196836 #1196942 #1196973 #1197227 #1197331
#1197366 #1197391 #1198031 #1198032 #1198033
SLE-18234 SLE-23652
Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0812
CVE-2022-0850 CVE-2022-1016 CVE-2022-1048
CVE-2022-23036 CVE-2022-23037 CVE-2022-23038
CVE-2022-23039 CVE-2022-23040 CVE-2022-23041
CVE-2022-23042 CVE-2022-26490 CVE-2022-26966
CVE-2022-28356 CVE-2022-28388 CVE-2022-28389
CVE-2022-28390
CVSS scores:
CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0812 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-28356 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 19 vulnerabilities, contains two
features and has 6 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c
(bnc#1197391).
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the
netfilter subsystem. This vulnerability gives an attacker a powerful
primitive that can be used to both read from and write to relative stack
data, which can lead to arbitrary code execution (bsc#1197227).
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c
vulnerability in the Linux kernel (bnc#1198032).
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c
vulnerability in the Linux kernel (bnc#1198033).
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c
vulnerability in the Linux kernel (bnc#1198031).
- CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma
(bsc#1196639).
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to
use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock
(bsc#1197331).
- CVE-2022-0850: Fixed a kernel information leak vulnerability in
iov_iter.c (bsc#1196761).
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which
allowed attackers to obtain sensitive information from the memory via
crafted frame lengths from a USB device (bsc#1196836).
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c
which could lead to an use-after-free if there is a corrupted quota file
(bnc#1197366).
- CVE-2021-39713: Fixed a race condition in the network scheduling
subsystem which could lead to a use-after-free (bsc#1196973).
-
CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,
CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have
lead to read/write access to memory pages or denial of service. These
issues are related to the Xen PV device frontend drivers (bsc#1196488).
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An
attacker with adjacent NFC access could trigger crash the system or
corrupt system memory (bsc#1196830).
The following non-security bugs were fixed:
- ax88179_178a: Fixed memory issues that could be triggered by malicious
USB devices (bsc#1196018).
- genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
- gve/net: Fixed multiple bugfixes (jsc#SLE-23652).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- net: tipc: validate domain record count on input (bsc#1195254).
- powerpc: Fixed issues related to slow I/O on PowerPC (bsc#1196433).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1256=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1256=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1256=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1256=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1256=1
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1256=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1256=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1256=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1256=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-1256=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.111.1
kernel-vanilla-4.12.14-150100.197.111.1
kernel-vanilla-base-4.12.14-150100.197.111.1
kernel-vanilla-base-debuginfo-4.12.14-150100.197.111.1
kernel-vanilla-debuginfo-4.12.14-150100.197.111.1
kernel-vanilla-debugsource-4.12.14-150100.197.111.1
kernel-vanilla-devel-4.12.14-150100.197.111.1
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.111.1
kernel-vanilla-livepatch-devel-4.12.14-150100.197.111.1
- openSUSE Leap 15.4 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.111.1
kernel-debug-base-debuginfo-4.12.14-150100.197.111.1
- openSUSE Leap 15.4 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.111.1
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.111.1
- openSUSE Leap 15.4 (s390x):
kernel-default-man-4.12.14-150100.197.111.1
kernel-zfcpdump-man-4.12.14-150100.197.111.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.111.1
kernel-vanilla-4.12.14-150100.197.111.1
kernel-vanilla-base-4.12.14-150100.197.111.1
kernel-vanilla-base-debuginfo-4.12.14-150100.197.111.1
kernel-vanilla-debuginfo-4.12.14-150100.197.111.1
kernel-vanilla-debugsource-4.12.14-150100.197.111.1
kernel-vanilla-devel-4.12.14-150100.197.111.1
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.111.1
kernel-vanilla-livepatch-devel-4.12.14-150100.197.111.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.111.1
kernel-debug-base-debuginfo-4.12.14-150100.197.111.1
- openSUSE Leap 15.3 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.111.1
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.111.1
- openSUSE Leap 15.3 (s390x):
kernel-default-man-4.12.14-150100.197.111.1
kernel-zfcpdump-man-4.12.14-150100.197.111.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
kernel-default-4.12.14-150100.197.111.1
kernel-default-base-4.12.14-150100.197.111.1
kernel-default-base-debuginfo-4.12.14-150100.197.111.1
kernel-default-debuginfo-4.12.14-150100.197.111.1
kernel-default-debugsource-4.12.14-150100.197.111.1
kernel-default-devel-4.12.14-150100.197.111.1
kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
kernel-obs-build-4.12.14-150100.197.111.1
kernel-obs-build-debugsource-4.12.14-150100.197.111.1
kernel-syms-4.12.14-150100.197.111.1
reiserfs-kmp-default-4.12.14-150100.197.111.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
kernel-devel-4.12.14-150100.197.111.1
kernel-docs-4.12.14-150100.197.111.1
kernel-macros-4.12.14-150100.197.111.1
kernel-source-4.12.14-150100.197.111.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-150100.197.111.1
kernel-default-base-4.12.14-150100.197.111.1
kernel-default-base-debuginfo-4.12.14-150100.197.111.1
kernel-default-debuginfo-4.12.14-150100.197.111.1
kernel-default-debugsource-4.12.14-150100.197.111.1
kernel-default-devel-4.12.14-150100.197.111.1
kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
kernel-obs-build-4.12.14-150100.197.111.1
kernel-obs-build-debugsource-4.12.14-150100.197.111.1
kernel-syms-4.12.14-150100.197.111.1
reiserfs-kmp-default-4.12.14-150100.197.111.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.111.1
kernel-docs-4.12.14-150100.197.111.1
kernel-macros-4.12.14-150100.197.111.1
kernel-source-4.12.14-150100.197.111.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
kernel-default-man-4.12.14-150100.197.111.1
kernel-zfcpdump-debuginfo-4.12.14-150100.197.111.1
kernel-zfcpdump-debugsource-4.12.14-150100.197.111.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
kernel-devel-4.12.14-150100.197.111.1
kernel-docs-4.12.14-150100.197.111.1
kernel-macros-4.12.14-150100.197.111.1
kernel-source-4.12.14-150100.197.111.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
kernel-default-4.12.14-150100.197.111.1
kernel-default-base-4.12.14-150100.197.111.1
kernel-default-base-debuginfo-4.12.14-150100.197.111.1
kernel-default-debuginfo-4.12.14-150100.197.111.1
kernel-default-debugsource-4.12.14-150100.197.111.1
kernel-default-devel-4.12.14-150100.197.111.1
kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
kernel-obs-build-4.12.14-150100.197.111.1
kernel-obs-build-debugsource-4.12.14-150100.197.111.1
kernel-syms-4.12.14-150100.197.111.1
reiserfs-kmp-default-4.12.14-150100.197.111.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-150100.197.111.1
kernel-default-debugsource-4.12.14-150100.197.111.1
kernel-default-livepatch-4.12.14-150100.197.111.1
kernel-default-livepatch-devel-4.12.14-150100.197.111.1
kernel-livepatch-4_12_14-150100_197_111-default-1-150100.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.111.1
kernel-default-base-4.12.14-150100.197.111.1
kernel-default-base-debuginfo-4.12.14-150100.197.111.1
kernel-default-debuginfo-4.12.14-150100.197.111.1
kernel-default-debugsource-4.12.14-150100.197.111.1
kernel-default-devel-4.12.14-150100.197.111.1
kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
kernel-obs-build-4.12.14-150100.197.111.1
kernel-obs-build-debugsource-4.12.14-150100.197.111.1
kernel-syms-4.12.14-150100.197.111.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.111.1
kernel-docs-4.12.14-150100.197.111.1
kernel-macros-4.12.14-150100.197.111.1
kernel-source-4.12.14-150100.197.111.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.111.1
kernel-default-base-4.12.14-150100.197.111.1
kernel-default-base-debuginfo-4.12.14-150100.197.111.1
kernel-default-debuginfo-4.12.14-150100.197.111.1
kernel-default-debugsource-4.12.14-150100.197.111.1
kernel-default-devel-4.12.14-150100.197.111.1
kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
kernel-obs-build-4.12.14-150100.197.111.1
kernel-obs-build-debugsource-4.12.14-150100.197.111.1
kernel-syms-4.12.14-150100.197.111.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
kernel-devel-4.12.14-150100.197.111.1
kernel-docs-4.12.14-150100.197.111.1
kernel-macros-4.12.14-150100.197.111.1
kernel-source-4.12.14-150100.197.111.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-150100.197.111.1
cluster-md-kmp-default-debuginfo-4.12.14-150100.197.111.1
dlm-kmp-default-4.12.14-150100.197.111.1
dlm-kmp-default-debuginfo-4.12.14-150100.197.111.1
gfs2-kmp-default-4.12.14-150100.197.111.1
gfs2-kmp-default-debuginfo-4.12.14-150100.197.111.1
kernel-default-debuginfo-4.12.14-150100.197.111.1
kernel-default-debugsource-4.12.14-150100.197.111.1
ocfs2-kmp-default-4.12.14-150100.197.111.1
ocfs2-kmp-default-debuginfo-4.12.14-150100.197.111.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
kernel-default-4.12.14-150100.197.111.1
kernel-default-base-4.12.14-150100.197.111.1
kernel-default-base-debuginfo-4.12.14-150100.197.111.1
kernel-default-debuginfo-4.12.14-150100.197.111.1
kernel-default-debugsource-4.12.14-150100.197.111.1
kernel-default-devel-4.12.14-150100.197.111.1
kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
kernel-obs-build-4.12.14-150100.197.111.1
kernel-obs-build-debugsource-4.12.14-150100.197.111.1
kernel-syms-4.12.14-150100.197.111.1
reiserfs-kmp-default-4.12.14-150100.197.111.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
- SUSE Enterprise Storage 6 (noarch):
kernel-devel-4.12.14-150100.197.111.1
kernel-docs-4.12.14-150100.197.111.1
kernel-macros-4.12.14-150100.197.111.1
kernel-source-4.12.14-150100.197.111.1
- SUSE CaaS Platform 4.0 (noarch):
kernel-devel-4.12.14-150100.197.111.1
kernel-docs-4.12.14-150100.197.111.1
kernel-macros-4.12.14-150100.197.111.1
kernel-source-4.12.14-150100.197.111.1
- SUSE CaaS Platform 4.0 (x86_64):
kernel-default-4.12.14-150100.197.111.1
kernel-default-base-4.12.14-150100.197.111.1
kernel-default-base-debuginfo-4.12.14-150100.197.111.1
kernel-default-debuginfo-4.12.14-150100.197.111.1
kernel-default-debugsource-4.12.14-150100.197.111.1
kernel-default-devel-4.12.14-150100.197.111.1
kernel-default-devel-debuginfo-4.12.14-150100.197.111.1
kernel-obs-build-4.12.14-150100.197.111.1
kernel-obs-build-debugsource-4.12.14-150100.197.111.1
kernel-syms-4.12.14-150100.197.111.1
reiserfs-kmp-default-4.12.14-150100.197.111.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1
References:
https://www.suse.com/security/cve/CVE-2021-39713.html
https://www.suse.com/security/cve/CVE-2021-45868.html
https://www.suse.com/security/cve/CVE-2022-0812.html
https://www.suse.com/security/cve/CVE-2022-0850.html
https://www.suse.com/security/cve/CVE-2022-1016.html
https://www.suse.com/security/cve/CVE-2022-1048.html
https://www.suse.com/security/cve/CVE-2022-23036.html
https://www.suse.com/security/cve/CVE-2022-23037.html
https://www.suse.com/security/cve/CVE-2022-23038.html
https://www.suse.com/security/cve/CVE-2022-23039.html
https://www.suse.com/security/cve/CVE-2022-23040.html
https://www.suse.com/security/cve/CVE-2022-23041.html
https://www.suse.com/security/cve/CVE-2022-23042.html
https://www.suse.com/security/cve/CVE-2022-26490.html
https://www.suse.com/security/cve/CVE-2022-26966.html
https://www.suse.com/security/cve/CVE-2022-28356.html
https://www.suse.com/security/cve/CVE-2022-28388.html
https://www.suse.com/security/cve/CVE-2022-28389.html
https://www.suse.com/security/cve/CVE-2022-28390.html
https://bugzilla.suse.com/1189562
https://bugzilla.suse.com/1193738
https://bugzilla.suse.com/1194943
https://bugzilla.suse.com/1195051
https://bugzilla.suse.com/1195254
https://bugzilla.suse.com/1195353
https://bugzilla.suse.com/1196018
https://bugzilla.suse.com/1196114
https://bugzilla.suse.com/1196433
https://bugzilla.suse.com/1196468
https://bugzilla.suse.com/1196488
https://bugzilla.suse.com/1196514
https://bugzilla.suse.com/1196639
https://bugzilla.suse.com/1196761
https://bugzilla.suse.com/1196830
https://bugzilla.suse.com/1196836
https://bugzilla.suse.com/1196942
https://bugzilla.suse.com/1196973
https://bugzilla.suse.com/1197227
https://bugzilla.suse.com/1197331
https://bugzilla.suse.com/1197366
https://bugzilla.suse.com/1197391
https://bugzilla.suse.com/1198031
https://bugzilla.suse.com/1198032
https://bugzilla.suse.com/1198033
1
0
SUSE-SU-2022:1260-1: important: Security update for git
by opensuse-security@opensuse.org 19 Apr '22
by opensuse-security@opensuse.org 19 Apr '22
19 Apr '22
SUSE Security Update: Security update for git
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1260-1
Rating: important
References: #1198234
Cross-References: CVE-2022-24765
CVSS scores:
CVE-2022-24765 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for git fixes the following issues:
- CVE-2022-24765: Fixed a potential command injection via git worktree
(bsc#1198234).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1260=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1260=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1260=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1260=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1260=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1260=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1260=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1260=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1260=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1260=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1260=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1260=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1260=1
- SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1260=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1260=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1260=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1260=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1260=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1260=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1260=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1260=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-1260=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
git-svn-debuginfo-2.26.2-150000.36.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
git-svn-debuginfo-2.26.2-150000.36.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Manager Server 4.1 (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Manager Proxy 4.1 (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Manager Proxy 4.1 (x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Enterprise Storage 7 (noarch):
git-doc-2.26.2-150000.36.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE Enterprise Storage 6 (noarch):
git-doc-2.26.2-150000.36.1
- SUSE CaaS Platform 4.0 (x86_64):
git-2.26.2-150000.36.1
git-arch-2.26.2-150000.36.1
git-core-2.26.2-150000.36.1
git-core-debuginfo-2.26.2-150000.36.1
git-cvs-2.26.2-150000.36.1
git-daemon-2.26.2-150000.36.1
git-daemon-debuginfo-2.26.2-150000.36.1
git-debuginfo-2.26.2-150000.36.1
git-debugsource-2.26.2-150000.36.1
git-email-2.26.2-150000.36.1
git-gui-2.26.2-150000.36.1
git-svn-2.26.2-150000.36.1
git-svn-debuginfo-2.26.2-150000.36.1
git-web-2.26.2-150000.36.1
gitk-2.26.2-150000.36.1
- SUSE CaaS Platform 4.0 (noarch):
git-doc-2.26.2-150000.36.1
References:
https://www.suse.com/security/cve/CVE-2022-24765.html
https://bugzilla.suse.com/1198234
1
0
SUSE-SU-2022:1259-1: important: Security update for icedtea-web
by opensuse-security@opensuse.org 19 Apr '22
by opensuse-security@opensuse.org 19 Apr '22
19 Apr '22
SUSE Security Update: Security update for icedtea-web
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1259-1
Rating: important
References: #1142825 #1142832 #1142835
Cross-References: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185
CVSS scores:
CVE-2019-10181 (NVD) : 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-10181 (SUSE): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-10182 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2019-10182 (SUSE): 6.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
CVE-2019-10185 (SUSE): 8.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for icedtea-web fixes the following issues:
- CVE-2019-10181: Fixed an issue where an attacker could inject unsigned
code in a signed JAR file (bsc#1142835).
- CVE-2019-10182: Fixed a path traversal issue where an attacker could
upload arbritrary files by tricking a victim into running a specially
crafted application(bsc#1142825).
- CVE-2019-10185: Fixed an issue where an attacker could write files to
arbitrary locations during JAR auto-extraction (bsc#1142832).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1259=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1259=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1259=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1259=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1259=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1259=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
icedtea-web-1.7.2-150100.7.3.1
- openSUSE Leap 15.4 (noarch):
icedtea-web-javadoc-1.7.2-150100.7.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
icedtea-web-1.7.2-150100.7.3.1
- openSUSE Leap 15.3 (noarch):
icedtea-web-javadoc-1.7.2-150100.7.3.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
icedtea-web-1.7.2-150100.7.3.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
icedtea-web-1.7.2-150100.7.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x):
icedtea-web-1.7.2-150100.7.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch):
icedtea-web-javadoc-1.7.2-150100.7.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x):
icedtea-web-1.7.2-150100.7.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
icedtea-web-javadoc-1.7.2-150100.7.3.1
References:
https://www.suse.com/security/cve/CVE-2019-10181.html
https://www.suse.com/security/cve/CVE-2019-10182.html
https://www.suse.com/security/cve/CVE-2019-10185.html
https://bugzilla.suse.com/1142825
https://bugzilla.suse.com/1142832
https://bugzilla.suse.com/1142835
1
0
SUSE-SU-2022:1252-1: important: Security update for openjpeg2
by opensuse-security@opensuse.org 19 Apr '22
by opensuse-security@opensuse.org 19 Apr '22
19 Apr '22
SUSE Security Update: Security update for openjpeg2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1252-1
Rating: important
References: #1076314 #1076967 #1079845 #1102016 #1106881
#1106882 #1140130 #1160782 #1162090 #1173578
#1180457 #1184774 #1197738
Cross-References: CVE-2018-14423 CVE-2018-16375 CVE-2018-16376
CVE-2018-20845 CVE-2018-5727 CVE-2018-5785
CVE-2018-6616 CVE-2020-15389 CVE-2020-27823
CVE-2020-6851 CVE-2020-8112 CVE-2021-29338
CVE-2022-1122
CVSS scores:
CVE-2018-14423 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2018-14423 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-16375 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-16375 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVE-2018-16376 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-16376 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2018-20845 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-20845 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2018-5727 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-5727 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-5785 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-5785 (SUSE): 4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
CVE-2018-6616 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-6616 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2020-15389 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2020-15389 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-27823 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-27823 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-6851 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-6851 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-8112 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-8112 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-29338 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-29338 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-1122 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-1122 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
This update for openjpeg2 fixes the following issues:
- CVE-2018-5727: Fixed integer overflow vulnerability in
theopj_t1_encode_cblks function (bsc#1076314).
- CVE-2018-5785: Fixed integer overflow caused by an out-of-bounds
leftshift in the opj_j2k_setup_encoder function (bsc#1076967).
- CVE-2018-6616: Fixed excessive iteration in the opj_t1_encode_cblks
function of openjp2/t1.c (bsc#1079845).
- CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions
pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c
(bsc#1102016).
- CVE-2018-16375: Fixed missing checks for header_info.height and
header_info.width in the function pnmtoimage in bin/jpwl/convert.c
(bsc#1106882).
- CVE-2018-16376: Fixed heap-based buffer overflow function
t2_encode_packet in lib/openmj2/t2.c (bsc#1106881).
- CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl,
pi_next_cprl, and pi_next_rpcl in openmj2/pi.ci (bsc#1140130).
- CVE-2020-6851: Fixed heap-based buffer overflow in
opj_t1_clbl_decode_processor (bsc#1160782).
- CVE-2020-8112: Fixed heap-based buffer overflow in
opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090).
- CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid
files in a directory operated on by the decompressor (bsc#1173578).
- CVE-2020-27823: Fixed heap buffer over-write in
opj_tcd_dc_level_shift_encode() (bsc#1180457).
- CVE-2021-29338: Fixed integer overflow that allows remote attackers to
crash the application (bsc#1184774).
- CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to
uninitialized pointer (bsc#1197738).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1252=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1252=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1252=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1252=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1252=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1252=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1252=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1252=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1252=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1252=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1252=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1252=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1252=1
- SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1252=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1252=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1252=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1252=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1252=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1252=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1252=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1252=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1252=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1252=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1252=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-1252=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- openSUSE Leap 15.4 (x86_64):
libopenjp2-7-32bit-2.3.0-150000.3.5.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.5.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- openSUSE Leap 15.3 (x86_64):
libopenjp2-7-32bit-2.3.0-150000.3.5.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.5.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Manager Proxy 4.1 (x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
libopenjp2-7-32bit-2.3.0-150000.3.5.1
libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
- SUSE CaaS Platform 4.0 (x86_64):
libopenjp2-7-2.3.0-150000.3.5.1
libopenjp2-7-debuginfo-2.3.0-150000.3.5.1
openjpeg2-2.3.0-150000.3.5.1
openjpeg2-debuginfo-2.3.0-150000.3.5.1
openjpeg2-debugsource-2.3.0-150000.3.5.1
openjpeg2-devel-2.3.0-150000.3.5.1
References:
https://www.suse.com/security/cve/CVE-2018-14423.html
https://www.suse.com/security/cve/CVE-2018-16375.html
https://www.suse.com/security/cve/CVE-2018-16376.html
https://www.suse.com/security/cve/CVE-2018-20845.html
https://www.suse.com/security/cve/CVE-2018-5727.html
https://www.suse.com/security/cve/CVE-2018-5785.html
https://www.suse.com/security/cve/CVE-2018-6616.html
https://www.suse.com/security/cve/CVE-2020-15389.html
https://www.suse.com/security/cve/CVE-2020-27823.html
https://www.suse.com/security/cve/CVE-2020-6851.html
https://www.suse.com/security/cve/CVE-2020-8112.html
https://www.suse.com/security/cve/CVE-2021-29338.html
https://www.suse.com/security/cve/CVE-2022-1122.html
https://bugzilla.suse.com/1076314
https://bugzilla.suse.com/1076967
https://bugzilla.suse.com/1079845
https://bugzilla.suse.com/1102016
https://bugzilla.suse.com/1106881
https://bugzilla.suse.com/1106882
https://bugzilla.suse.com/1140130
https://bugzilla.suse.com/1160782
https://bugzilla.suse.com/1162090
https://bugzilla.suse.com/1173578
https://bugzilla.suse.com/1180457
https://bugzilla.suse.com/1184774
https://bugzilla.suse.com/1197738
1
0
openSUSE-SU-2022:0114-1: important: Security update for chromium
by opensuse-security@opensuse.org 19 Apr '22
by opensuse-security@opensuse.org 19 Apr '22
19 Apr '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0114-1
Rating: important
References: #1198509
Cross-References: CVE-2022-1364
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for chromium fixes the following issues:
Updated Chromium to 100.0.4896.127 (boo#1198509)
- CVE-2022-1364: Type Confusion in V8
- Various fixes from internal audits, fuzzing and other initiatives
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-114=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-100.0.4896.127-bp153.2.85.1
chromium-100.0.4896.127-bp153.2.85.1
References:
https://www.suse.com/security/cve/CVE-2022-1364.html
https://bugzilla.suse.com/1198509
1
0
openSUSE-SU-2022:0113-1: moderate: Security update for nodejs12
by opensuse-security@opensuse.org 17 Apr '22
by opensuse-security@opensuse.org 17 Apr '22
17 Apr '22
openSUSE Security Update: Security update for nodejs12
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0113-1
Rating: moderate
References: #1194511 #1194512 #1194513 #1194514 #1198204
Cross-References: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533
CVE-2022-21824 CVE-2022-24191
CVSS scores:
CVE-2021-44531 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-44532 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-44533 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21824 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
CVE-2022-24191 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for nodejs12 fixes the following issues:
- CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names
(bsc#1194511).
- CVE-2021-44532: Fixed certificate Verification Bypass via String
Injection (bsc#1194512).
- CVE-2021-44533: Fixed incorrect handling of certificate subject and
issuer fields (bsc#1194513).
- CVE-2022-21824: Fixed prototype pollution via console.table properties
(bsc#1194514).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-113=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-113=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nodejs12-12.22.9-4.25.1
nodejs12-debuginfo-12.22.9-4.25.1
nodejs12-debugsource-12.22.9-4.25.1
nodejs12-devel-12.22.9-4.25.1
npm12-12.22.9-4.25.1
- openSUSE Leap 15.3 (noarch):
nodejs12-docs-12.22.9-4.25.1
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
htmldoc-1.9.12-bp153.2.9.1
References:
https://www.suse.com/security/cve/CVE-2021-44531.html
https://www.suse.com/security/cve/CVE-2021-44532.html
https://www.suse.com/security/cve/CVE-2021-44533.html
https://www.suse.com/security/cve/CVE-2022-21824.html
https://www.suse.com/security/cve/CVE-2022-24191.html
https://bugzilla.suse.com/1194511
https://bugzilla.suse.com/1194512
https://bugzilla.suse.com/1194513
https://bugzilla.suse.com/1194514
https://bugzilla.suse.com/1198204
1
0
SUSE-SU-2022:1218-1: important: Security update for SDL2
by opensuse-security@opensuse.org 14 Apr '22
by opensuse-security@opensuse.org 14 Apr '22
14 Apr '22
SUSE Security Update: Security update for SDL2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1218-1
Rating: important
References: #1198001
Cross-References: CVE-2021-33657
CVSS scores:
CVE-2021-33657 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-33657 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for SDL2 fixes the following issues:
- CVE-2021-33657: Fix a buffer overflow when parsing a crafted BMP image
(bsc#1198001).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1218=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1218=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1218=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1218=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1218=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1218=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1218=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1218=1
- SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1218=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1218=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1218=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1218=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1218=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1218=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1218=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1218=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- openSUSE Leap 15.4 (x86_64):
libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1
libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-32bit-2.0.8-150200.11.6.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- openSUSE Leap 15.3 (x86_64):
libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1
libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-32bit-2.0.8-150200.11.6.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- SUSE Manager Proxy 4.1 (x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1
libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1
libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
SDL2-debugsource-2.0.8-150200.11.6.1
libSDL2-2_0-0-2.0.8-150200.11.6.1
libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1
libSDL2-devel-2.0.8-150200.11.6.1
References:
https://www.suse.com/security/cve/CVE-2021-33657.html
https://bugzilla.suse.com/1198001
1
0
openSUSE-SU-2022:0112-1: important: Security update for chromium
by opensuse-security@opensuse.org 13 Apr '22
by opensuse-security@opensuse.org 13 Apr '22
13 Apr '22
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0112-1
Rating: important
References: #1194511 #1194512 #1194513 #1194514 #1197680
#1198053 #1198361
Cross-References: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533
CVE-2022-1125 CVE-2022-1127 CVE-2022-1128
CVE-2022-1129 CVE-2022-1130 CVE-2022-1131
CVE-2022-1132 CVE-2022-1133 CVE-2022-1134
CVE-2022-1135 CVE-2022-1136 CVE-2022-1137
CVE-2022-1138 CVE-2022-1139 CVE-2022-1141
CVE-2022-1142 CVE-2022-1143 CVE-2022-1144
CVE-2022-1145 CVE-2022-1146 CVE-2022-1232
CVE-2022-1305 CVE-2022-1306 CVE-2022-1307
CVE-2022-1308 CVE-2022-1309 CVE-2022-1310
CVE-2022-1311 CVE-2022-1312 CVE-2022-1313
CVE-2022-1314 CVE-2022-21824
CVSS scores:
CVE-2021-44531 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-44532 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-44533 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21824 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Affected Products:
openSUSE Backports SLE-15-SP3
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 35 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Updated to Chromium 100.0.4896.88 (boo#1198361)
- CVE-2022-1305: Use after free in storage
- CVE-2022-1306: Inappropriate implementation in compositing
- CVE-2022-1307: Inappropriate implementation in full screen
- CVE-2022-1308: Use after free in BFCache
- CVE-2022-1309: Insufficient policy enforcement in developer tools
- CVE-2022-1310: Use after free in regular expressions
- CVE-2022-1311: Use after free in Chrome OS shell
- CVE-2022-1312: Use after free in storage
- CVE-2022-1313: Use after free in tab groups
- CVE-2022-1314: Type Confusion in V8
- Various fixes from internal audits, fuzzing and other initiatives
Updated to version 100.0.4896.75:
- CVE-2022-1232: Type Confusion in V8 (boo#1198053)
Update to version 100.0.4896.60 (boo#1197680):
- CVE-2022-1125: Use after free in Portals
- CVE-2022-1127: Use after free in QR Code Generator
- CVE-2022-1128: Inappropriate implementation in Web Share API
- CVE-2022-1129: Inappropriate implementation in Full Screen Mode
- CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
- CVE-2022-1131: Use after free in Cast UI
- CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
- CVE-2022-1133: Use after free in WebRTC
- CVE-2022-1134: Type Confusion in V8
- CVE-2022-1135: Use after free in Shopping Cart
- CVE-2022-1136: Use after free in Tab Strip
- CVE-2022-1137: Inappropriate implementation in Extensions
- CVE-2022-1138: Inappropriate implementation in Web Cursor
- CVE-2022-1139: Inappropriate implementation in Background Fetch API
- CVE-2022-1141: Use after free in File Manager
- CVE-2022-1142: Heap buffer overflow in WebUI
- CVE-2022-1143: Heap buffer overflow in WebUI
- CVE-2022-1144: Use after free in WebUI
- CVE-2022-1145: Use after free in Extensions
- CVE-2022-1146: Inappropriate implementation in Resource Timing
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-112=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-112=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nodejs14-14.18.3-15.24.1
nodejs14-debuginfo-14.18.3-15.24.1
nodejs14-debugsource-14.18.3-15.24.1
nodejs14-devel-14.18.3-15.24.1
npm14-14.18.3-15.24.1
- openSUSE Leap 15.3 (noarch):
nodejs14-docs-14.18.3-15.24.1
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-100.0.4896.88-bp153.2.82.1
chromedriver-debuginfo-100.0.4896.88-bp153.2.82.1
chromium-100.0.4896.88-bp153.2.82.1
chromium-debuginfo-100.0.4896.88-bp153.2.82.1
References:
https://www.suse.com/security/cve/CVE-2021-44531.html
https://www.suse.com/security/cve/CVE-2021-44532.html
https://www.suse.com/security/cve/CVE-2021-44533.html
https://www.suse.com/security/cve/CVE-2022-1125.html
https://www.suse.com/security/cve/CVE-2022-1127.html
https://www.suse.com/security/cve/CVE-2022-1128.html
https://www.suse.com/security/cve/CVE-2022-1129.html
https://www.suse.com/security/cve/CVE-2022-1130.html
https://www.suse.com/security/cve/CVE-2022-1131.html
https://www.suse.com/security/cve/CVE-2022-1132.html
https://www.suse.com/security/cve/CVE-2022-1133.html
https://www.suse.com/security/cve/CVE-2022-1134.html
https://www.suse.com/security/cve/CVE-2022-1135.html
https://www.suse.com/security/cve/CVE-2022-1136.html
https://www.suse.com/security/cve/CVE-2022-1137.html
https://www.suse.com/security/cve/CVE-2022-1138.html
https://www.suse.com/security/cve/CVE-2022-1139.html
https://www.suse.com/security/cve/CVE-2022-1141.html
https://www.suse.com/security/cve/CVE-2022-1142.html
https://www.suse.com/security/cve/CVE-2022-1143.html
https://www.suse.com/security/cve/CVE-2022-1144.html
https://www.suse.com/security/cve/CVE-2022-1145.html
https://www.suse.com/security/cve/CVE-2022-1146.html
https://www.suse.com/security/cve/CVE-2022-1232.html
https://www.suse.com/security/cve/CVE-2022-1305.html
https://www.suse.com/security/cve/CVE-2022-1306.html
https://www.suse.com/security/cve/CVE-2022-1307.html
https://www.suse.com/security/cve/CVE-2022-1308.html
https://www.suse.com/security/cve/CVE-2022-1309.html
https://www.suse.com/security/cve/CVE-2022-1310.html
https://www.suse.com/security/cve/CVE-2022-1311.html
https://www.suse.com/security/cve/CVE-2022-1312.html
https://www.suse.com/security/cve/CVE-2022-1313.html
https://www.suse.com/security/cve/CVE-2022-1314.html
https://www.suse.com/security/cve/CVE-2022-21824.html
https://bugzilla.suse.com/1194511
https://bugzilla.suse.com/1194512
https://bugzilla.suse.com/1194513
https://bugzilla.suse.com/1194514
https://bugzilla.suse.com/1197680
https://bugzilla.suse.com/1198053
https://bugzilla.suse.com/1198361
1
0
SUSE-SU-2022:1183-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 13 Apr '22
by opensuse-security@opensuse.org 13 Apr '22
13 Apr '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1183-1
Rating: important
References: #1065729 #1156395 #1175667 #1177028 #1178134
#1179639 #1180153 #1189562 #1194649 #1195640
#1195926 #1196018 #1196196 #1196478 #1196761
#1196823 #1197227 #1197243 #1197300 #1197302
#1197331 #1197343 #1197366 #1197389 #1197462
#1197501 #1197534 #1197661 #1197675 #1197702
#1197811 #1197812 #1197815 #1197817 #1197819
#1197820 #1197888 #1197889 #1197894 #1197914
#1198027 #1198028 #1198029 #1198030 #1198031
#1198032 #1198033
Cross-References: CVE-2021-45868 CVE-2022-0850 CVE-2022-0854
CVE-2022-1011 CVE-2022-1016 CVE-2022-1048
CVE-2022-1055 CVE-2022-1195 CVE-2022-1198
CVE-2022-1199 CVE-2022-1205 CVE-2022-27666
CVE-2022-28388 CVE-2022-28389 CVE-2022-28390
CVSS scores:
CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2022-0854 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-0854 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1195 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1198 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1199 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1205 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 15 vulnerabilities and has 32 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels
DMA subsystem. This flaw allowed a local user to read random memory from
the kernel space. (bnc#1196823)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the
netfilter subsystem. This vulnerability gives an attacker a powerful
primitive that can be used to both read from and write to relative stack
data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c
vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c
vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c
vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow
a local attacker to gain privilege escalation. (bnc#1197702)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to
use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock.
(bsc#1197331)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c
which could lead to an use-after-free if there is a corrupted quota
file. (bnc#1197366)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP
transformation code. This flaw allowed a local attacker with a normal
user privilege to overwrite kernel heap objects and may cause a local
privilege escalation. (bnc#1197462)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in
iov_iter.c. (bsc#1196761)
- CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities
that allow an attacker to crash the linux kernel by simulating Amateur
Radio. (bsc#1198028)
- CVE-2022-1205: Fixed null pointer dereference and use-after-free
vulnerabilities that allow an attacker to crash the linux kernel by
simulating Amateur Radio. (bsc#1198027)
- CVE-2022-1198: Fixed an use-after-free vulnerability that allow an
attacker to crash the linux kernel by simulating Amateur Radio
(bsc#1198030).
- CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a
local attacker with a user privilege to execute a denial of service.
(bsc#1198029)
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a
local attacker to retireve (partial) /etc/shadow hashes or any other
data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
The following non-security bugs were fixed:
- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
(git-fixes).
- ACPI: APEI: fix return value of __setup handlers (git-fixes).
- ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
(git-fixes).
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
(git-fixes).
- ACPI: docs: enumeration: Discourage to use custom _DSM methods
(git-fixes).
- ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
- ACPI: docs: enumeration: Update UART serial bus resource documentation
(git-fixes).
- ACPI: properties: Consistently return -ENOENT if there are no more
references (git-fixes).
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
(git-fixes).
- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
- ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
(git-fixes).
- ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
- ALSA: spi: Add check for clk_enable() (git-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
(git-fixes).
- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
- ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
(git-fixes).
- ASoC: codecs: wcd934x: Add missing of_node_put() in
wcd934x_codec_parse_data (git-fixes).
- ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put
(git-fixes).
- ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
(git-fixes).
- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
- ASoC: fsi: Add check for clk_enable (git-fixes).
- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
(git-fixes).
- ASoC: msm8916-wcd-analog: Fix error handling in
pm8916_wcd_analog_spmi_probe (git-fixes).
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in
msm8916_wcd_digital_probe (git-fixes).
- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
- ASoC: rt5663: check the return value of devm_kzalloc() in
rt5663_parse_dp() (git-fixes).
- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
- ASoC: SOF: topology: remove redundant code (git-fixes).
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
- ASoC: topology: Allow TLV control to be either read or write (git-fixes).
- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior
(git-fixes).
- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
(bsc#1196018).
- block: update io_ticks when io hang (bsc#1197817).
- block/wbt: fix negative inflight counter when remove scsi device
(bsc#1197819).
- bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
- bpf: Remove config check to enable bpf support for branch records
(git-fixes bsc#1177028).
- btrfs: avoid unnecessary lock and leaf splits when updating inode in the
log (bsc#1194649).
- btrfs: avoid unnecessary log mutex contention when syncing log
(bsc#1194649).
- btrfs: avoid unnecessary logging of xattrs during fast fsyncs
(bsc#1194649).
- btrfs: check error value from btrfs_update_inode in tree log
(bsc#1194649).
- btrfs: check if a log root exists before locking the log_mutex on unlink
(bsc#1194649).
- btrfs: check if a log tree exists at inode_logged() (bsc#1194649).
- btrfs: do not commit delayed inode when logging a file in full sync mode
(bsc#1194649).
- btrfs: do not log new dentries when logging that a new name exists
(bsc#1194649).
- btrfs: eliminate some false positives when checking if inode was logged
(bsc#1194649).
- btrfs: fix race leading to unnecessary transaction commit when logging
inode (bsc#1194649).
- btrfs: fix race that causes unnecessary logging of ancestor inodes
(bsc#1194649).
- btrfs: fix race that makes inode logging fallback to transaction commit
(bsc#1194649).
- btrfs: fix race that results in logging old extents during a fast fsync
(bsc#1194649).
- btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649).
- btrfs: remove no longer needed full sync flag check at inode_logged()
(bsc#1194649).
- btrfs: Remove unnecessary check from join_running_log_trans
(bsc#1194649).
- btrfs: remove unnecessary directory inode item update when deleting dir
entry (bsc#1194649).
- btrfs: remove unnecessary list head initialization when syncing log
(bsc#1194649).
- btrfs: skip unnecessary searches for xattrs when logging an inode
(bsc#1194649).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error
path (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error
path (git-fixes).
- can: mcba_usb: properly check endpoint type (git-fixes).
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device
when fully ready (git-fixes).
- cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
- clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
- clk: bcm2835: Remove unused variable (git-fixes).
- clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
- clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
- clk: Initialize orphan req_rate (git-fixes).
- clk: loongson1: Terminate clk_div_table with sentinel element
(git-fixes).
- clk: nxp: Remove unused variable (git-fixes).
- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
(git-fixes).
- clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes).
- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
- clk: tegra: tegra124-emc: Fix missing put_device() call in
emc_ensure_emc_driver (git-fixes).
- clk: uniphier: Fix fixed-rate initialization (git-fixes).
- clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
- clocksource/drivers/timer-of: Check return value of of_iomap in
timer_of_base_init() (git-fixes).
- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
- crypto: authenc - Fix sleep in atomic context in decrypt_tail
(git-fixes).
- crypto: cavium/nitrox - do not cast parameter in bit operations
(git-fixes).
- crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
- crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
- crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
- crypto: qat - do not cast parameter in bit operations (git-fixes).
- crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
(git-fixes).
- crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
(git-fixes).
- crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
- crypto: vmx - add missing dependencies (git-fixes).
- dma/pool: create dma atomic pool only if dma zone has managed pages
(bsc#1197501).
- driver core: dd: fix return value of __setup handler (git-fixes).
- drm: add a locked version of drm_is_current_master (bsc#1197914).
- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
- drm: drm_file struct kABI compatibility workaround (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock (bsc#1197914).
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
(git-fixes).
- drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq
function (git-fixes).
- drm/bridge: dw-hdmi: use safe format when first in bridge chain
(git-fixes).
- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe
(git-fixes).
- drm/doc: overview before functions for drm_writeback.c (git-fixes).
- drm/i915: Fix dbuf slice config lookup (git-fixes).
- drm/i915/gem: add missing boundary check in vm_access (git-fixes).
- drm/imx: parallel-display: Remove bus flags check in
imx_pd_bridge_atomic_check() (git-fixes).
- drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes).
- drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops
(git-fixes).
- drm/msm/dpu: add DSPP blocks teardown (git-fixes).
- drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()
(git-fixes).
- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes).
- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
- drm/vc4: crtc: Make sure the HDMI controller is powered when disabling
(git-fixes).
- drm/vrr: Set VRR capable prop only if it is attached to connector
(git-fixes).
- ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
- ecryptfs: Fix typo in message (bsc#1197811).
- ext2: correct max file size computing (bsc#1197820).
- firmware: google: Properly state IOMEM dependency (git-fixes).
- firmware: qcom: scm: Remove reassignment to desc following initializer
(git-fixes).
- fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815).
- HID: multitouch: fix Dell Precision 7550 and 7750 button type
(bsc#1197243).
- hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
- hwmon: (pmbus) Add Vin unit off handling (git-fixes).
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
(git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259).
- iio: accel: mma8452: use the correct logic to get mma8452_data
(git-fixes).
- iio: adc: Add check for devm_request_threaded_irq (git-fixes).
- iio: afe: rescale: use s64 for temporary scale calculations (git-fixes).
- iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes).
- iio: inkern: apply consumer scale when no channel scale is available
(git-fixes).
- iio: inkern: make a best effort on offset calculation (git-fixes).
- Input: aiptek - properly check endpoint type (git-fixes).
- iwlwifi: do not advertise TWT support (git-fixes).
- KVM: SVM: Do not flush cache if hardware enforces cache coherency across
encryption domains (bsc#1178134).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- mac80211: fix potential double free on mesh join (git-fixes).
- mac80211: refuse aggregations sessions before authorized (git-fixes).
- media: aspeed: Correct value for h-total-pixels (git-fixes).
- media: bttv: fix WARNING regression on tunerless devices (git-fixes).
- media: coda: Fix missing put_device() call in coda_get_vdoa_data
(git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
- media: em28xx: initialize refcount before kref_get (git-fixes).
- media: hantro: Fix overfill bottom register field name (git-fixes).
- media: Revert "media: em28xx: add missing em28xx_close_extension"
(git-fixes).
- media: stk1160: If start stream fails, return buffers with
VB2_BUF_STATE_QUEUED (git-fixes).
- media: usb: go7007: s2250-board: fix leak in probe() (git-fixes).
- media: video/hdmi: handle short reads of hdmi info frame (git-fixes).
- membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
- memory: emif: Add check for setup_interrupts (git-fixes).
- memory: emif: check the pointer temp in get_device_details() (git-fixes).
- misc: alcor_pci: Fix an error handling path (git-fixes).
- misc: sgi-gru: Do not cast parameter in bit operations (git-fixes).
- mm_zone: add function to check if managed dma zone exists (bsc#1197501).
- mm: add vma_lookup(), update find_vma_intersection() comments
(git-fixes).
- mm/page_alloc.c: do not warn allocation failure on zone DMA if no
managed pages (bsc#1197501).
- mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
- net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add
(git-fixes).
- net: enetc: initialize the RFS and RSS memories (git-fixes).
- net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx()
(git-fixes).
- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
- net: phy: marvell: Fix invalid comparison in the resume and suspend
functions (git-fixes).
- net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
(bsc#1196018).
- net: watchdog: hold device global xmit lock during tx disable
(git-fixes).
- net/smc: Fix loop in smc_listen (git-fixes).
- net/smc: fix using of uninitialized completions (git-fixes).
- net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes).
- net/smc: Make sure the link_id is unique (git-fixes).
- net/smc: Reset conn->lgr when link group registration fails (git-fixes).
- netfilter: conntrack: do not refresh sctp entries in closed state
(bsc#1197389).
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
- NFS: Do not skip directory entries when doing uncached readdir
(git-fixes).
- NFS: Ensure the server had an up to date ctime before hardlinking
(git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
- NFS: Use of mapping_set_error() results in spurious errors (git-fixes).
- NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client
(git-fixes).
- NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
- NFS: Fix another issue with a list iterator pointing to the head
(git-fixes).
- nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes).
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
(git-fixes).
- pinctrl: mediatek: paris: Fix "argument" argument type for
mtk_pinconf_get() (git-fixes).
- pinctrl: mediatek: paris: Fix pingroup pin config state readback
(git-fixes).
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
(git-fixes).
- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes).
- pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
(git-fixes).
- pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes).
- pinctrl: samsung: drop pin banks references on error paths (git-fixes).
- pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
(git-fixes).
- PM: hibernate: fix __setup handler error handling (git-fixes).
- PM: suspend: fix return value of __setup handler (git-fixes).
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties()
(bsc#1179639 ltc#189002 git-fixes).
- powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395).
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
(bsc#1065729).
- powerpc/sysdev: fix incorrect use to determine if list is empty
(bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- printk: Add panic_in_progress helper (bsc#1197894).
- printk: disable optimistic spin during panic (bsc#1197894).
- pwm: lpc18xx-sct: Initialize driver data and hardware before
pwmchip_add() (git-fixes).
- regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes).
- remoteproc: qcom_wcnss: Add missing of_node_put() in
wcnss_alloc_memory_region (git-fixes).
- remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
(git-fixes).
- s390/bpf: Perform r1 range checking before accessing jit->seen_reg
(git-fixes).
- s390/gmap: do not unconditionally call pte_unmap_unlock() in
__gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390/hypfs: include z/VM guests with access control group set
(bsc#1195640 LTC#196352).
- s390/kexec_file: fix error handling when applying relocations
(git-fixes).
- s390/kexec: fix memory leak of ipl report buffer (git-fixes).
- s390/kexec: fix return code handling (git-fixes).
- s390/mm: fix VMA and page table handling code in storage key handling
functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions (git-fixes).
- s390/module: fix loading modules with a lot of relocations (git-fixes).
- s390/pci_mmio: fully validate the VMA before calling follow_pte()
(git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity error
(bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults
(bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675
bsc#1196478).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download
(bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
(bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped()
(bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
- scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management failure
(bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test
(bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID processing
(bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
- serial: 8250_lpss: Balance reference count for PCI DMA device
(git-fixes).
- serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes).
- serial: 8250: Fix race condition in RTS-after-send handling (git-fixes).
- serial: core: Fix the definition name in the comment of UPF_* flags
(git-fixes).
- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
- soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes).
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes).
- soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes).
- spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes).
- spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes).
- staging:iio:adc:ad7280a: Fix handing of device address bit reversing
(git-fixes).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- thermal: int340x: Check for NULL after calling kmemdup() (git-fixes).
- thermal: int340x: Increase bitmap size (git-fixes).
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
(git-fixes).
- Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m ->
VIRTIO_PCI=y
- usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
- usb: bdc: Fix a resource leak in the error handling path of
'bdc_probe()' (git-fixes).
- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
- usb: bdc: remove duplicated error message (git-fixes).
- usb: bdc: Use devm_clk_get_optional() (git-fixes).
- usb: bdc: use devm_platform_ioremap_resource() to simplify code
(git-fixes).
- usb: dwc3: gadget: Use list_replace_init() before traversing lists
(git-fixes).
- usb: dwc3: qcom: add IRQ check (git-fixes).
- usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes).
- usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
(git-fixes).
- usb: gadget: rndis: prevent integer overflow in rndis_set_response()
(git-fixes).
- usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes).
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
(git-fixes).
- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to
avoid black screen (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to
avoid black screen (git-fixes).
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
(git-fixes).
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes).
- VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
- wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes).
- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes).
- wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes).
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes).
- x86/cpu: Add hardware-enforced cache coherency as a CPUID feature
(bsc#1178134).
- x86/mm/pat: Do not flush cache if hardware enforces cache coherency
across encryption domnains (bsc#1178134).
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
(bsc#1178134).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134).
- xhci: fix garbage USBSTS being logged in some cases (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1183=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1183=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1183=1
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1183=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-1183=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1183=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1183=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1183=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1183=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1183=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.63.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
dlm-kmp-preempt-5.3.18-150300.59.63.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
gfs2-kmp-preempt-5.3.18-150300.59.63.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-5.3.18-150300.59.63.1
kernel-preempt-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-debugsource-5.3.18-150300.59.63.1
kernel-preempt-devel-5.3.18-150300.59.63.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-extra-5.3.18-150300.59.63.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.63.1
kernel-preempt-optional-5.3.18-150300.59.63.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.63.1
kselftests-kmp-preempt-5.3.18-150300.59.63.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
ocfs2-kmp-preempt-5.3.18-150300.59.63.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
reiserfs-kmp-preempt-5.3.18-150300.59.63.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.63.1
dtb-zte-5.3.18-150300.59.63.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.63.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.63.1
dlm-kmp-default-5.3.18-150300.59.63.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.63.1
gfs2-kmp-default-5.3.18-150300.59.63.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1
kernel-default-5.3.18-150300.59.63.1
kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
kernel-default-base-rebuild-5.3.18-150300.59.63.1.150300.18.39.1
kernel-default-debuginfo-5.3.18-150300.59.63.1
kernel-default-debugsource-5.3.18-150300.59.63.1
kernel-default-devel-5.3.18-150300.59.63.1
kernel-default-devel-debuginfo-5.3.18-150300.59.63.1
kernel-default-extra-5.3.18-150300.59.63.1
kernel-default-extra-debuginfo-5.3.18-150300.59.63.1
kernel-default-livepatch-5.3.18-150300.59.63.1
kernel-default-livepatch-devel-5.3.18-150300.59.63.1
kernel-default-optional-5.3.18-150300.59.63.1
kernel-default-optional-debuginfo-5.3.18-150300.59.63.1
kernel-obs-build-5.3.18-150300.59.63.1
kernel-obs-build-debugsource-5.3.18-150300.59.63.1
kernel-obs-qa-5.3.18-150300.59.63.1
kernel-syms-5.3.18-150300.59.63.1
kselftests-kmp-default-5.3.18-150300.59.63.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.63.1
ocfs2-kmp-default-5.3.18-150300.59.63.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1
reiserfs-kmp-default-5.3.18-150300.59.63.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.63.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.63.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
dlm-kmp-preempt-5.3.18-150300.59.63.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
gfs2-kmp-preempt-5.3.18-150300.59.63.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-5.3.18-150300.59.63.1
kernel-preempt-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-debugsource-5.3.18-150300.59.63.1
kernel-preempt-devel-5.3.18-150300.59.63.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-extra-5.3.18-150300.59.63.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.63.1
kernel-preempt-optional-5.3.18-150300.59.63.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.63.1
kselftests-kmp-preempt-5.3.18-150300.59.63.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
ocfs2-kmp-preempt-5.3.18-150300.59.63.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
reiserfs-kmp-preempt-5.3.18-150300.59.63.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.63.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.63.1
kernel-debug-debuginfo-5.3.18-150300.59.63.1
kernel-debug-debugsource-5.3.18-150300.59.63.1
kernel-debug-devel-5.3.18-150300.59.63.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.63.1
kernel-debug-livepatch-devel-5.3.18-150300.59.63.1
kernel-kvmsmall-5.3.18-150300.59.63.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.63.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.63.1
kernel-kvmsmall-devel-5.3.18-150300.59.63.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.63.1
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.63.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.63.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.63.1
dlm-kmp-64kb-5.3.18-150300.59.63.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.63.1
dtb-al-5.3.18-150300.59.63.1
dtb-allwinner-5.3.18-150300.59.63.1
dtb-altera-5.3.18-150300.59.63.1
dtb-amd-5.3.18-150300.59.63.1
dtb-amlogic-5.3.18-150300.59.63.1
dtb-apm-5.3.18-150300.59.63.1
dtb-arm-5.3.18-150300.59.63.1
dtb-broadcom-5.3.18-150300.59.63.1
dtb-cavium-5.3.18-150300.59.63.1
dtb-exynos-5.3.18-150300.59.63.1
dtb-freescale-5.3.18-150300.59.63.1
dtb-hisilicon-5.3.18-150300.59.63.1
dtb-lg-5.3.18-150300.59.63.1
dtb-marvell-5.3.18-150300.59.63.1
dtb-mediatek-5.3.18-150300.59.63.1
dtb-nvidia-5.3.18-150300.59.63.1
dtb-qcom-5.3.18-150300.59.63.1
dtb-renesas-5.3.18-150300.59.63.1
dtb-rockchip-5.3.18-150300.59.63.1
dtb-socionext-5.3.18-150300.59.63.1
dtb-sprd-5.3.18-150300.59.63.1
dtb-xilinx-5.3.18-150300.59.63.1
dtb-zte-5.3.18-150300.59.63.1
gfs2-kmp-64kb-5.3.18-150300.59.63.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.63.1
kernel-64kb-5.3.18-150300.59.63.1
kernel-64kb-debuginfo-5.3.18-150300.59.63.1
kernel-64kb-debugsource-5.3.18-150300.59.63.1
kernel-64kb-devel-5.3.18-150300.59.63.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.63.1
kernel-64kb-extra-5.3.18-150300.59.63.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.63.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.63.1
kernel-64kb-optional-5.3.18-150300.59.63.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.63.1
kselftests-kmp-64kb-5.3.18-150300.59.63.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.63.1
ocfs2-kmp-64kb-5.3.18-150300.59.63.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.63.1
reiserfs-kmp-64kb-5.3.18-150300.59.63.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.63.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.63.1
kernel-docs-5.3.18-150300.59.63.1
kernel-docs-html-5.3.18-150300.59.63.1
kernel-macros-5.3.18-150300.59.63.1
kernel-source-5.3.18-150300.59.63.1
kernel-source-vanilla-5.3.18-150300.59.63.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.63.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.63.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-150300.59.63.1
kernel-default-debugsource-5.3.18-150300.59.63.1
kernel-default-extra-5.3.18-150300.59.63.1
kernel-default-extra-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-debugsource-5.3.18-150300.59.63.1
kernel-preempt-extra-5.3.18-150300.59.63.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.63.1
kernel-default-debugsource-5.3.18-150300.59.63.1
kernel-default-livepatch-5.3.18-150300.59.63.1
kernel-default-livepatch-devel-5.3.18-150300.59.63.1
kernel-livepatch-5_3_18-150300_59_63-default-1-150300.7.3.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.63.1
kernel-default-debugsource-5.3.18-150300.59.63.1
reiserfs-kmp-default-5.3.18-150300.59.63.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.3.18-150300.59.63.1
kernel-obs-build-debugsource-5.3.18-150300.59.63.1
kernel-syms-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-debugsource-5.3.18-150300.59.63.1
kernel-preempt-devel-5.3.18-150300.59.63.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-150300.59.63.1
kernel-source-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-150300.59.63.1
kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
kernel-default-debuginfo-5.3.18-150300.59.63.1
kernel-default-debugsource-5.3.18-150300.59.63.1
kernel-default-devel-5.3.18-150300.59.63.1
kernel-default-devel-debuginfo-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-150300.59.63.1
kernel-preempt-debuginfo-5.3.18-150300.59.63.1
kernel-preempt-debugsource-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-150300.59.63.1
kernel-64kb-debuginfo-5.3.18-150300.59.63.1
kernel-64kb-debugsource-5.3.18-150300.59.63.1
kernel-64kb-devel-5.3.18-150300.59.63.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-150300.59.63.1
kernel-macros-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.63.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.63.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.63.1
kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
kernel-default-debuginfo-5.3.18-150300.59.63.1
kernel-default-debugsource-5.3.18-150300.59.63.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.63.1
kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1
kernel-default-debuginfo-5.3.18-150300.59.63.1
kernel-default-debugsource-5.3.18-150300.59.63.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.63.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.63.1
dlm-kmp-default-5.3.18-150300.59.63.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.63.1
gfs2-kmp-default-5.3.18-150300.59.63.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1
kernel-default-debuginfo-5.3.18-150300.59.63.1
kernel-default-debugsource-5.3.18-150300.59.63.1
ocfs2-kmp-default-5.3.18-150300.59.63.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1
References:
https://www.suse.com/security/cve/CVE-2021-45868.html
https://www.suse.com/security/cve/CVE-2022-0850.html
https://www.suse.com/security/cve/CVE-2022-0854.html
https://www.suse.com/security/cve/CVE-2022-1011.html
https://www.suse.com/security/cve/CVE-2022-1016.html
https://www.suse.com/security/cve/CVE-2022-1048.html
https://www.suse.com/security/cve/CVE-2022-1055.html
https://www.suse.com/security/cve/CVE-2022-1195.html
https://www.suse.com/security/cve/CVE-2022-1198.html
https://www.suse.com/security/cve/CVE-2022-1199.html
https://www.suse.com/security/cve/CVE-2022-1205.html
https://www.suse.com/security/cve/CVE-2022-27666.html
https://www.suse.com/security/cve/CVE-2022-28388.html
https://www.suse.com/security/cve/CVE-2022-28389.html
https://www.suse.com/security/cve/CVE-2022-28390.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1175667
https://bugzilla.suse.com/1177028
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1179639
https://bugzilla.suse.com/1180153
https://bugzilla.suse.com/1189562
https://bugzilla.suse.com/1194649
https://bugzilla.suse.com/1195640
https://bugzilla.suse.com/1195926
https://bugzilla.suse.com/1196018
https://bugzilla.suse.com/1196196
https://bugzilla.suse.com/1196478
https://bugzilla.suse.com/1196761
https://bugzilla.suse.com/1196823
https://bugzilla.suse.com/1197227
https://bugzilla.suse.com/1197243
https://bugzilla.suse.com/1197300
https://bugzilla.suse.com/1197302
https://bugzilla.suse.com/1197331
https://bugzilla.suse.com/1197343
https://bugzilla.suse.com/1197366
https://bugzilla.suse.com/1197389
https://bugzilla.suse.com/1197462
https://bugzilla.suse.com/1197501
https://bugzilla.suse.com/1197534
https://bugzilla.suse.com/1197661
https://bugzilla.suse.com/1197675
https://bugzilla.suse.com/1197702
https://bugzilla.suse.com/1197811
https://bugzilla.suse.com/1197812
https://bugzilla.suse.com/1197815
https://bugzilla.suse.com/1197817
https://bugzilla.suse.com/1197819
https://bugzilla.suse.com/1197820
https://bugzilla.suse.com/1197888
https://bugzilla.suse.com/1197889
https://bugzilla.suse.com/1197894
https://bugzilla.suse.com/1197914
https://bugzilla.suse.com/1198027
https://bugzilla.suse.com/1198028
https://bugzilla.suse.com/1198029
https://bugzilla.suse.com/1198030
https://bugzilla.suse.com/1198031
https://bugzilla.suse.com/1198032
https://bugzilla.suse.com/1198033
1
0
SUSE-SU-2022:1176-1: important: Security update for MozillaThunderbird
by opensuse-security@opensuse.org 13 Apr '22
by opensuse-security@opensuse.org 13 Apr '22
13 Apr '22
SUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1176-1
Rating: important
References: #1197903
Cross-References: CVE-2022-1097 CVE-2022-1196 CVE-2022-1197
CVE-2022-24713 CVE-2022-28281 CVE-2022-28282
CVE-2022-28285 CVE-2022-28286 CVE-2022-28289
CVSS scores:
CVE-2022-1097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1196 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-1197 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-24713 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-24713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-28281 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28282 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-28285 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-28286 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-28289 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for MozillaThunderbird fixes the following issues:
- Updated to version 91.8 (bsc#1197903):
- CVE-2022-1097: Fixed a memory corruption issue with NSSToken objects.
- CVE-2022-28281: Fixed a memory corruption issue due to unexpected
WebAuthN Extensions.
- CVE-2022-1197: Fixed an issue where OpenPGP revocation information was
ignored.
- CVE-2022-1196: Fixed a memory corruption issue after VR process
destruction.
- CVE-2022-28282: Fixed a memory corruption issue in document
translation.
- CVE-2022-28285: Fixed a memory corruption issue in JIT code generation.
- CVE-2022-28286: Fixed an iframe layout issue that could have been
exploited to stage spoofing attacks.
- CVE-2022-24713: Fixed a potential denial of service via complex
regular expressions.
- CVE-2022-28289: Fixed multiple memory corruption issues.
Non-security fixes:
- Changed Google accounts using password authentication to use OAuth2.
- Fixed an issue where OpenPGP ECC keys created by Thunderbird could not
be imported into GnuPG.
- Fixed an issue where exporting multiple public PGP keys from Thunderbird
was not possible.
- Fixed an issue where replying to a newsgroup message erroneously
displayed a "No-reply" popup warning.
- Fixed an issue with opening older address books.
- Fixed an issue where LDAP directories would be lost when switching to
"Offline" mode.
- Fixed an issue when importing webcals.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1176=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1176=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1176=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1176=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1176=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1176=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-91.8.0-150200.8.65.1
MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1
MozillaThunderbird-debugsource-91.8.0-150200.8.65.1
MozillaThunderbird-translations-common-91.8.0-150200.8.65.1
MozillaThunderbird-translations-other-91.8.0-150200.8.65.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-91.8.0-150200.8.65.1
MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1
MozillaThunderbird-debugsource-91.8.0-150200.8.65.1
MozillaThunderbird-translations-common-91.8.0-150200.8.65.1
MozillaThunderbird-translations-other-91.8.0-150200.8.65.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
MozillaThunderbird-91.8.0-150200.8.65.1
MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1
MozillaThunderbird-debugsource-91.8.0-150200.8.65.1
MozillaThunderbird-translations-common-91.8.0-150200.8.65.1
MozillaThunderbird-translations-other-91.8.0-150200.8.65.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
MozillaThunderbird-91.8.0-150200.8.65.1
MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1
MozillaThunderbird-debugsource-91.8.0-150200.8.65.1
MozillaThunderbird-translations-common-91.8.0-150200.8.65.1
MozillaThunderbird-translations-other-91.8.0-150200.8.65.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x):
MozillaThunderbird-91.8.0-150200.8.65.1
MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1
MozillaThunderbird-debugsource-91.8.0-150200.8.65.1
MozillaThunderbird-translations-common-91.8.0-150200.8.65.1
MozillaThunderbird-translations-other-91.8.0-150200.8.65.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x):
MozillaThunderbird-91.8.0-150200.8.65.1
MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1
MozillaThunderbird-debugsource-91.8.0-150200.8.65.1
MozillaThunderbird-translations-common-91.8.0-150200.8.65.1
MozillaThunderbird-translations-other-91.8.0-150200.8.65.1
References:
https://www.suse.com/security/cve/CVE-2022-1097.html
https://www.suse.com/security/cve/CVE-2022-1196.html
https://www.suse.com/security/cve/CVE-2022-1197.html
https://www.suse.com/security/cve/CVE-2022-24713.html
https://www.suse.com/security/cve/CVE-2022-28281.html
https://www.suse.com/security/cve/CVE-2022-28282.html
https://www.suse.com/security/cve/CVE-2022-28285.html
https://www.suse.com/security/cve/CVE-2022-28286.html
https://www.suse.com/security/cve/CVE-2022-28289.html
https://bugzilla.suse.com/1197903
1
0
SUSE-SU-2022:1167-1: important: Security update for go1.17
by opensuse-security@opensuse.org 12 Apr '22
by opensuse-security@opensuse.org 12 Apr '22
12 Apr '22
SUSE Security Update: Security update for go1.17
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1167-1
Rating: important
References: #1183043 #1190649 #1196732
Cross-References: CVE-2022-24921
CVSS scores:
CVE-2022-24921 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-24921 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for go1.17 fixes the following issues:
Update to version 1.17.8 (bsc#1190649):
- CVE-2022-24921: Fixed a potential denial of service via large regular
expressions (bsc#1196732).
Non-security fixes:
- Fixed an issue with v2 modules (go#51332).
- Fixed an issue when building source in riscv64 (go#51199).
- Increased compatibility for the DNS protocol in the net module
(go#51162).
- Fixed an issue with histograms in the runtime/metrics module
(go#50734).
- Fixed an issue when parsing x509 certificates (go#51000).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1167=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1167=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1167=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1167=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1167=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1167=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1167=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1167=1
- SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1167=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1167=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1167=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1167=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1167=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1167=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
- openSUSE Leap 15.4 (aarch64 x86_64):
go1.17-race-1.17.8-150000.1.25.1
- openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
- openSUSE Leap 15.3 (aarch64 x86_64):
go1.17-race-1.17.8-150000.1.25.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
- SUSE Manager Server 4.1 (x86_64):
go1.17-race-1.17.8-150000.1.25.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
go1.17-race-1.17.8-150000.1.25.1
- SUSE Manager Proxy 4.1 (x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
go1.17-race-1.17.8-150000.1.25.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
go1.17-race-1.17.8-150000.1.25.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64):
go1.17-race-1.17.8-150000.1.25.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
go1.17-race-1.17.8-150000.1.25.1
- SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
go1.17-race-1.17.8-150000.1.25.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64):
go1.17-race-1.17.8-150000.1.25.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
go1.17-race-1.17.8-150000.1.25.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
go1.17-race-1.17.8-150000.1.25.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
go1.17-race-1.17.8-150000.1.25.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
go1.17-1.17.8-150000.1.25.1
go1.17-doc-1.17.8-150000.1.25.1
go1.17-race-1.17.8-150000.1.25.1
References:
https://www.suse.com/security/cve/CVE-2022-24921.html
https://bugzilla.suse.com/1183043
https://bugzilla.suse.com/1190649
https://bugzilla.suse.com/1196732
1
0
SUSE-SU-2022:1164-1: important: Security update for go1.16
by opensuse-security@opensuse.org 12 Apr '22
by opensuse-security@opensuse.org 12 Apr '22
12 Apr '22
SUSE Security Update: Security update for go1.16
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1164-1
Rating: important
References: #1182345 #1183043 #1196732
Cross-References: CVE-2022-24921
CVSS scores:
CVE-2022-24921 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-24921 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for go1.16 fixes the following issues:
Update to version 1.16.15 (bsc#1182345):
- CVE-2022-24921: Fixed a potential denial of service via large regular
expressions (bsc#1196732).
Non-security fixes:
- Fixed an issue with v2 modules (go#51331).
- Fixed an issue when building source in riscv64 (go#51198).
- Increased compatibility for the DNS protocol in the net module
(go#51161).
- Fixed an issue with histograms in the runtime/metrics module
(go#50733).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1164=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1164=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1164=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1164=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1164=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1164=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1164=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1164=1
- SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1164=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1164=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1164=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1164=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1164=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
- openSUSE Leap 15.4 (aarch64 x86_64):
go1.16-race-1.16.15-150000.1.46.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
- openSUSE Leap 15.3 (aarch64 x86_64):
go1.16-race-1.16.15-150000.1.46.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
- SUSE Manager Server 4.1 (x86_64):
go1.16-race-1.16.15-150000.1.46.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
go1.16-race-1.16.15-150000.1.46.1
- SUSE Manager Proxy 4.1 (x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
go1.16-race-1.16.15-150000.1.46.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
go1.16-race-1.16.15-150000.1.46.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64):
go1.16-race-1.16.15-150000.1.46.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
go1.16-race-1.16.15-150000.1.46.1
- SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
go1.16-race-1.16.15-150000.1.46.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
go1.16-race-1.16.15-150000.1.46.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
go1.16-race-1.16.15-150000.1.46.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
go1.16-race-1.16.15-150000.1.46.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
go1.16-1.16.15-150000.1.46.1
go1.16-doc-1.16.15-150000.1.46.1
go1.16-race-1.16.15-150000.1.46.1
References:
https://www.suse.com/security/cve/CVE-2022-24921.html
https://bugzilla.suse.com/1182345
https://bugzilla.suse.com/1183043
https://bugzilla.suse.com/1196732
1
0
SUSE-SU-2022:1157-1: important: Security update for libsolv, libzypp, zypper
by opensuse-security@opensuse.org 12 Apr '22
by opensuse-security@opensuse.org 12 Apr '22
12 Apr '22
SUSE Security Update: Security update for libsolv, libzypp, zypper
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1157-1
Rating: important
References: #1184501 #1194848 #1195999 #1196061 #1196317
#1196368 #1196514 #1196925 #1197134
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP2
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Installer 15-SP2
SUSE Linux Enterprise Micro 5.0
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor
change
- support strict repository priorities new solver flag:
SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ("requires"
is a keyword in C++20)
- support setting/reading userdata in solv files new functions:
repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function new function:
pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501) Pay attention that header and
payload are secured by a valid signature and report more detailed which
signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381) A previously
released ISO image may need a bit more time to release it's loop device.
So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol
(bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1157=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1157=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1157=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1157=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1157=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1157=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1157=1
- SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1157=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1157=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1157=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1157=1
- SUSE Linux Enterprise Micro 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1157=1
- SUSE Linux Enterprise Installer 15-SP2:
zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-1157=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1157=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1157=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1157=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-demo-0.7.22-150200.12.1
libsolv-demo-debuginfo-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
libzypp-devel-doc-17.30.0-150200.36.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
python-solv-0.7.22-150200.12.1
python-solv-debuginfo-0.7.22-150200.12.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- openSUSE Leap 15.3 (noarch):
zypper-aptitude-1.14.52-150200.30.2
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Manager Server 4.1 (noarch):
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Manager Retail Branch Server 4.1 (noarch):
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Manager Proxy 4.1 (x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Manager Proxy 4.1 (noarch):
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch):
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Linux Enterprise Micro 5.1 (noarch):
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Linux Enterprise Micro 5.0 (noarch):
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64):
libsolv-tools-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libsolv-debuginfo-0.7.22-150200.12.1
libsolv-debugsource-0.7.22-150200.12.1
libsolv-devel-0.7.22-150200.12.1
libsolv-devel-debuginfo-0.7.22-150200.12.1
libsolv-tools-0.7.22-150200.12.1
libsolv-tools-debuginfo-0.7.22-150200.12.1
libzypp-17.30.0-150200.36.1
libzypp-debuginfo-17.30.0-150200.36.1
libzypp-debugsource-17.30.0-150200.36.1
libzypp-devel-17.30.0-150200.36.1
perl-solv-0.7.22-150200.12.1
perl-solv-debuginfo-0.7.22-150200.12.1
python3-solv-0.7.22-150200.12.1
python3-solv-debuginfo-0.7.22-150200.12.1
ruby-solv-0.7.22-150200.12.1
ruby-solv-debuginfo-0.7.22-150200.12.1
zypper-1.14.52-150200.30.2
zypper-debuginfo-1.14.52-150200.30.2
zypper-debugsource-1.14.52-150200.30.2
- SUSE Enterprise Storage 7 (noarch):
zypper-log-1.14.52-150200.30.2
zypper-needs-restarting-1.14.52-150200.30.2
References:
https://bugzilla.suse.com/1184501
https://bugzilla.suse.com/1194848
https://bugzilla.suse.com/1195999
https://bugzilla.suse.com/1196061
https://bugzilla.suse.com/1196317
https://bugzilla.suse.com/1196368
https://bugzilla.suse.com/1196514
https://bugzilla.suse.com/1196925
https://bugzilla.suse.com/1197134
1
0
SUSE-SU-2022:1163-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 12 Apr '22
by opensuse-security@opensuse.org 12 Apr '22
12 Apr '22
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1163-1
Rating: important
References: #1065729 #1156395 #1175667 #1177028 #1178134
#1179639 #1180153 #1189562 #1194589 #1194625
#1194649 #1194943 #1195051 #1195353 #1195640
#1195926 #1196018 #1196130 #1196196 #1196478
#1196488 #1196761 #1196823 #1196956 #1197227
#1197243 #1197245 #1197300 #1197302 #1197331
#1197343 #1197366 #1197389 #1197460 #1197462
#1197501 #1197534 #1197661 #1197675 #1197677
#1197702 #1197811 #1197812 #1197815 #1197817
#1197819 #1197820 #1197888 #1197889 #1197894
#1198027 #1198028 #1198029 #1198030 #1198031
#1198032 #1198033 #1198077
Cross-References: CVE-2021-39698 CVE-2021-45402 CVE-2021-45868
CVE-2022-0850 CVE-2022-0854 CVE-2022-1011
CVE-2022-1016 CVE-2022-1048 CVE-2022-1055
CVE-2022-1195 CVE-2022-1198 CVE-2022-1199
CVE-2022-1205 CVE-2022-23036 CVE-2022-23037
CVE-2022-23038 CVE-2022-23039 CVE-2022-23040
CVE-2022-23041 CVE-2022-23042 CVE-2022-27223
CVE-2022-27666 CVE-2022-28388 CVE-2022-28389
CVE-2022-28390
CVSS scores:
CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-45402 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-45402 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2022-0854 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-0854 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1195 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1198 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1199 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1205 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-27223 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-27223 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 25 vulnerabilities and has 33 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels
DMA subsystem. This flaw allowed a local user to read random memory from
the kernel space. (bnc#1196823)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the
netfilter subsystem. This vulnerability gives an attacker a powerful
primitive that can be used to both read from and write to relative stack
data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities
that allow an attacker to crash the linux kernel by simulating Amateur
Radio. (bsc#1198028)
- CVE-2022-1205: Fixed null pointer dereference and use-after-free
vulnerabilities that allow an attacker to crash the linux kernel by
simulating Amateur Radio. (bsc#1198027)
- CVE-2022-1198: Fixed an use-after-free vulnerability that allow an
attacker to crash the linux kernel by simulating Amateur Radio
(bsc#1198030).
- CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a
local attacker with a user privilege to execute a denial of service.
(bsc#1198029)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c
vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c
vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c
vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to
use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock.
(bsc#1197331)
- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow
a local attacker to gain privilege escalation. (bnc#1197702)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in
iov_iter.c. (bsc#1196761)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP
transformation code. This flaw allowed a local attacker with a normal
user privilege to overwrite kernel heap objects and may cause a local
privilege escalation. (bnc#1197462)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c
which could lead to an use-after-free if there is a corrupted quota
file. (bnc#1197366)
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a
local attacker to retireve (partial) /etc/shadow hashes or any other
data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
- CVE-2022-27223: Fixed an out-of-array access in
/usb/gadget/udc/udc-xilinx.c. (bsc#1197245)
- CVE-2021-39698: Fixed a possible memory corruption due to a use after
free in aio_poll_complete_work. This could lead to local escalation of
privilege with no additional execution privileges needed. (bsc#1196956)
- CVE-2021-45402: Fixed a pointer leak in check_alu_op() of
kernel/bpf/verifier.c. (bsc#1196130).
-
CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,
CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have
lead to read/write access to memory pages or denial of service. These
issues are related to the Xen PV device frontend drivers. (bsc#1196488)
The following non-security bugs were fixed:
- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
(git-fixes).
- ACPI: APEI: fix return value of __setup handlers (git-fixes).
- ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
(git-fixes).
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
(git-fixes).
- ACPI: docs: enumeration: Discourage to use custom _DSM methods
(git-fixes).
- ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
- ACPI: properties: Consistently return -ENOENT if there are no more
references (git-fixes).
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
(git-fixes).
- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
- ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
(git-fixes).
- ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
- ALSA: spi: Add check for clk_enable() (git-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
(git-fixes).
- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
- ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
(git-fixes).
- ASoC: codecs: wcd934x: Add missing of_node_put() in
wcd934x_codec_parse_data (git-fixes).
- ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put
(git-fixes).
- ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
(git-fixes).
- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
- ASoC: fsi: Add check for clk_enable (git-fixes).
- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
(git-fixes).
- ASoC: msm8916-wcd-analog: Fix error handling in
pm8916_wcd_analog_spmi_probe (git-fixes).
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in
msm8916_wcd_digital_probe (git-fixes).
- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
- ASoC: rt5663: check the return value of devm_kzalloc() in
rt5663_parse_dp() (git-fixes).
- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
- ASoC: SOF: topology: remove redundant code (git-fixes).
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
- ASoC: topology: Allow TLV control to be either read or write (git-fixes).
- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior
(git-fixes).
- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
- ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes).
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
(bsc#1196018).
- block: update io_ticks when io hang (bsc#1197817).
- block/wbt: fix negative inflight counter when remove scsi device
(bsc#1197819).
- bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
- bpf: Remove config check to enable bpf support for branch records
(git-fixes bsc#1177028).
- btrfs: avoid unnecessary lock and leaf splits when updating inode in the
log (bsc#1194649).
- btrfs: avoid unnecessary log mutex contention when syncing log
(bsc#1194649).
- btrfs: avoid unnecessary logging of xattrs during fast fsyncs
(bsc#1194649).
- btrfs: check error value from btrfs_update_inode in tree log
(bsc#1194649).
- btrfs: check if a log root exists before locking the log_mutex on unlink
(bsc#1194649).
- btrfs: check if a log tree exists at inode_logged() (bsc#1194649).
- btrfs: do not commit delayed inode when logging a file in full sync mode
(bsc#1194649).
- btrfs: do not log new dentries when logging that a new name exists
(bsc#1194649).
- btrfs: eliminate some false positives when checking if inode was logged
(bsc#1194649).
- btrfs: fix race leading to unnecessary transaction commit when logging
inode (bsc#1194649).
- btrfs: fix race that causes unnecessary logging of ancestor inodes
(bsc#1194649).
- btrfs: fix race that makes inode logging fallback to transaction commit
(bsc#1194649).
- btrfs: fix race that results in logging old extents during a fast fsync
(bsc#1194649).
- btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649).
- btrfs: remove no longer needed full sync flag check at inode_logged()
(bsc#1194649).
- btrfs: Remove unnecessary check from join_running_log_trans
(bsc#1194649).
- btrfs: remove unnecessary directory inode item update when deleting dir
entry (bsc#1194649).
- btrfs: remove unnecessary list head initialization when syncing log
(bsc#1194649).
- btrfs: skip unnecessary searches for xattrs when logging an inode
(bsc#1194649).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error
path (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error
path (git-fixes).
- can: mcba_usb: properly check endpoint type (git-fixes).
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device
when fully ready (git-fixes).
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
- clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
- clk: bcm2835: Remove unused variable (git-fixes).
- clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
- clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
- clk: Initialize orphan req_rate (git-fixes).
- clk: loongson1: Terminate clk_div_table with sentinel element
(git-fixes).
- clk: nxp: Remove unused variable (git-fixes).
- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
- clk: tegra: tegra124-emc: Fix missing put_device() call in
emc_ensure_emc_driver (git-fixes).
- clk: uniphier: Fix fixed-rate initialization (git-fixes).
- clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
- clocksource/drivers/timer-of: Check return value of of_iomap in
timer_of_base_init() (git-fixes).
- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
- crypto: authenc - Fix sleep in atomic context in decrypt_tail
(git-fixes).
- crypto: cavium/nitrox - do not cast parameter in bit operations
(git-fixes).
- crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
- crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
- crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
- crypto: qat - do not cast parameter in bit operations (git-fixes).
- crypto: rsa-pkcs1pad - correctly get hash from source scatterlist
(git-fixes).
- crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete()
(git-fixes).
- crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
- crypto: vmx - add missing dependencies (git-fixes).
- dma/pool: create dma atomic pool only if dma zone has managed pages
(bsc#1197501).
- driver core: dd: fix return value of __setup handler (git-fixes).
- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
- drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug
(git-fixes).
- drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq
function (git-fixes).
- drm/bridge: dw-hdmi: use safe format when first in bridge chain
(git-fixes).
- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe
(git-fixes).
- drm/doc: overview before functions for drm_writeback.c (git-fixes).
- drm/i915: Fix dbuf slice config lookup (git-fixes).
- drm/i915/gem: add missing boundary check in vm_access (git-fixes).
- drm/imx: parallel-display: Remove bus flags check in
imx_pd_bridge_atomic_check() (git-fixes).
- drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes).
- drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops
(git-fixes).
- drm/msm/dpu: add DSPP blocks teardown (git-fixes).
- drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl()
(git-fixes).
- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes).
- drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes).
- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
- drm/vc4: crtc: Make sure the HDMI controller is powered when disabling
(git-fixes).
- drm/vrr: Set VRR capable prop only if it is attached to connector
(git-fixes).
- Drop HID multitouch fix patch (bsc#1197243),
- ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
- ecryptfs: Fix typo in message (bsc#1197811).
- EDAC: Fix calculation of returned address and next offset in
edac_align_ptr() (bsc#1178134).
- ext2: correct max file size computing (bsc#1197820).
- firmware: google: Properly state IOMEM dependency (git-fixes).
- firmware: qcom: scm: Remove reassignment to desc following initializer
(git-fixes).
- fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815).
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes).
- gpio: ts4900: Do not set DAT and OE together (git-fixes).
- gpiolib: acpi: Convert ACPI value of debounce to microseconds
(git-fixes).
- HID: multitouch: fix Dell Precision 7550 and 7750 button type
(bsc#1197243).
- hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
- hwmon: (pmbus) Add Vin unit off handling (git-fixes).
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
(git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259).
- iio: accel: mma8452: use the correct logic to get mma8452_data
(git-fixes).
- iio: adc: Add check for devm_request_threaded_irq (git-fixes).
- iio: afe: rescale: use s64 for temporary scale calculations (git-fixes).
- iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes).
- iio: inkern: apply consumer scale when no channel scale is available
(git-fixes).
- iio: inkern: make a best effort on offset calculation (git-fixes).
- Input: aiptek - properly check endpoint type (git-fixes).
- iwlwifi: do not advertise TWT support (git-fixes).
- kernel-binary.spec: Do not use the default certificate path
(bsc#1194943).
- KVM: SVM: Do not flush cache if hardware enforces cache coherency across
encryption domains (bsc#1178134).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- mac80211: fix potential double free on mesh join (git-fixes).
- mac80211: refuse aggregations sessions before authorized (git-fixes).
- media: aspeed: Correct value for h-total-pixels (git-fixes).
- media: bttv: fix WARNING regression on tunerless devices (git-fixes).
- media: coda: Fix missing put_device() call in coda_get_vdoa_data
(git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
- media: em28xx: initialize refcount before kref_get (git-fixes).
- media: hantro: Fix overfill bottom register field name (git-fixes).
- media: Revert "media: em28xx: add missing em28xx_close_extension"
(git-fixes).
- media: stk1160: If start stream fails, return buffers with
VB2_BUF_STATE_QUEUED (git-fixes).
- media: usb: go7007: s2250-board: fix leak in probe() (git-fixes).
- media: video/hdmi: handle short reads of hdmi info frame (git-fixes).
- membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
- memory: emif: Add check for setup_interrupts (git-fixes).
- memory: emif: check the pointer temp in get_device_details() (git-fixes).
- misc: alcor_pci: Fix an error handling path (git-fixes).
- misc: sgi-gru: Do not cast parameter in bit operations (git-fixes).
- mm_zone: add function to check if managed dma zone exists (bsc#1197501).
- mm/page_alloc.c: do not warn allocation failure on zone DMA if no
managed pages (bsc#1197501).
- mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
- mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes).
- net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add
(git-fixes).
- net: enetc: initialize the RFS and RSS memories (git-fixes).
- net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx()
(git-fixes).
- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
- net: phy: DP83822: clear MISR2 register to disable interrupts
(git-fixes).
- net: phy: marvell: Fix invalid comparison in the resume and suspend
functions (git-fixes).
- net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
(bsc#1196018).
- net: watchdog: hold device global xmit lock during tx disable
(git-fixes).
- net/smc: Fix loop in smc_listen (git-fixes).
- net/smc: fix using of uninitialized completions (git-fixes).
- net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes).
- net/smc: Make sure the link_id is unique (git-fixes).
- net/smc: Reset conn->lgr when link group registration fails (git-fixes).
- netfilter: conntrack: do not refresh sctp entries in closed state
(bsc#1197389).
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- NFC: port100: fix use-after-free in port100_send_complete (git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
- NFS: Do not skip directory entries when doing uncached readdir
(git-fixes).
- NFS: Ensure the server had an up to date ctime before hardlinking
(git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
- NFS: Use of mapping_set_error() results in spurious errors (git-fixes).
- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client
(git-fixes).
- NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
- NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
(git-fixes).
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
(git-fixes).
- pinctrl: mediatek: paris: Fix "argument" argument type for
mtk_pinconf_get() (git-fixes).
- pinctrl: mediatek: paris: Fix pingroup pin config state readback
(git-fixes).
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
(git-fixes).
- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes).
- pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE()
(git-fixes).
- pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes).
- pinctrl: samsung: drop pin banks references on error paths (git-fixes).
- pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
(git-fixes).
- PM: hibernate: fix __setup handler error handling (git-fixes).
- PM: suspend: fix return value of __setup handler (git-fixes).
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties()
(bsc#1179639 ltc#189002 git-fixes).
- powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395).
- powerpc/perf: Expose Performance Monitor Counter SPR's as part of
extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct
(bsc#1198077 ltc#197299).
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
(bsc#1065729).
- powerpc/sysdev: fix incorrect use to determine if list is empty
(bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- printk: Add panic_in_progress helper (bsc#1197894).
- printk: disable optimistic spin during panic (bsc#1197894).
- pwm: lpc18xx-sct: Initialize driver data and hardware before
pwmchip_add() (git-fixes).
- regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes).
- remoteproc: qcom_wcnss: Add missing of_node_put() in
wcnss_alloc_memory_region (git-fixes).
- remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region
(git-fixes).
- Revert "build initrd without systemd" (bsc#1197300).
- Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" (bsc#1197243).
- Revert "module, async: async_synchronize_full() on module init iff async
is used" (bsc#1197888).
- Revert "Revert "build initrd without systemd" (bsc#1197300)"
- Revert "usb: dwc3: gadget: Use list_replace_init() before traversing
lists" (git-fixes).
- s390/bpf: Perform r1 range checking before accessing jit->seen_reg
(git-fixes).
- s390/gmap: do not unconditionally call pte_unmap_unlock() in
__gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390/hypfs: include z/VM guests with access control group set
(bsc#1195640 LTC#196352).
- s390/kexec_file: fix error handling when applying relocations
(git-fixes).
- s390/kexec: fix memory leak of ipl report buffer (git-fixes).
- s390/kexec: fix return code handling (git-fixes).
- s390/mm: fix VMA and page table handling code in storage key handling
functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions (git-fixes).
- s390/module: fix loading modules with a lot of relocations (git-fixes).
- s390/pci_mmio: fully validate the VMA before calling follow_pte()
(git-fixes).
- s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677
LTC#197378).
- scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity error
(bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults
(bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675
bsc#1196478).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download
(bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
(bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths
(bsc#1197675).
- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped()
(bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
- scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management failure
(bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test
(bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID processing
(bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
- serial: 8250_lpss: Balance reference count for PCI DMA device
(git-fixes).
- serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes).
- serial: 8250: Fix race condition in RTS-after-send handling (git-fixes).
- serial: core: Fix the definition name in the comment of UPF_* flags
(git-fixes).
- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
- soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes).
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes).
- soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes).
- spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes).
- spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes).
- staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes).
- staging:iio:adc:ad7280a: Fix handing of device address bit reversing
(git-fixes).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- team: protect features update by RCU to avoid deadlock (git-fixes).
- thermal: int340x: Check for NULL after calling kmemdup() (git-fixes).
- thermal: int340x: Increase bitmap size (git-fixes).
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
(git-fixes).
- Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m ->
VIRTIO_PCI=y
- usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
- usb: bdc: Fix a resource leak in the error handling path of
'bdc_probe()' (git-fixes).
- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
- usb: bdc: remove duplicated error message (git-fixes).
- usb: bdc: Use devm_clk_get_optional() (git-fixes).
- usb: bdc: use devm_platform_ioremap_resource() to simplify code
(git-fixes).
- usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes).
- usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes).
- usb: dwc2: gadget: Fix kill_all_requests race (git-fixes).
- usb: dwc3: gadget: Use list_replace_init() before traversing lists
(git-fixes).
- usb: dwc3: meson-g12a: Disable the regulator in the error handling path
of the probe (git-fixes).
- usb: dwc3: qcom: add IRQ check (git-fixes).
- usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes).
- usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
(git-fixes).
- usb: gadget: rndis: prevent integer overflow in rndis_set_response()
(git-fixes).
- usb: host: xen-hcd: add missing unlock in error path (git-fixes).
- usb: hub: Fix locking issues with address0_mutex (git-fixes).
- usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes).
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe()
(git-fixes).
- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to
avoid black screen (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to
avoid black screen (git-fixes).
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
(git-fixes).
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes).
- VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
- wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes).
- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes).
- wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes).
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes).
- x86/cpu: Add hardware-enforced cache coherency as a CPUID feature
(bsc#1178134).
- x86/mm/pat: Do not flush cache if hardware enforces cache coherency
across encryption domnains (bsc#1178134).
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
(bsc#1178134).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134).
- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done()
(bsc#1196488, XSA-396).
- xhci: fix garbage USBSTS being logged in some cases (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1163=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1163=1
Package List:
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-150300.38.53.1
kernel-source-azure-5.3.18-150300.38.53.1
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-150300.38.53.1
cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.53.1
dlm-kmp-azure-5.3.18-150300.38.53.1
dlm-kmp-azure-debuginfo-5.3.18-150300.38.53.1
gfs2-kmp-azure-5.3.18-150300.38.53.1
gfs2-kmp-azure-debuginfo-5.3.18-150300.38.53.1
kernel-azure-5.3.18-150300.38.53.1
kernel-azure-debuginfo-5.3.18-150300.38.53.1
kernel-azure-debugsource-5.3.18-150300.38.53.1
kernel-azure-devel-5.3.18-150300.38.53.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.53.1
kernel-azure-extra-5.3.18-150300.38.53.1
kernel-azure-extra-debuginfo-5.3.18-150300.38.53.1
kernel-azure-livepatch-devel-5.3.18-150300.38.53.1
kernel-azure-optional-5.3.18-150300.38.53.1
kernel-azure-optional-debuginfo-5.3.18-150300.38.53.1
kernel-syms-azure-5.3.18-150300.38.53.1
kselftests-kmp-azure-5.3.18-150300.38.53.1
kselftests-kmp-azure-debuginfo-5.3.18-150300.38.53.1
ocfs2-kmp-azure-5.3.18-150300.38.53.1
ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.53.1
reiserfs-kmp-azure-5.3.18-150300.38.53.1
reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.53.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch):
kernel-devel-azure-5.3.18-150300.38.53.1
kernel-source-azure-5.3.18-150300.38.53.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64):
kernel-azure-5.3.18-150300.38.53.1
kernel-azure-debuginfo-5.3.18-150300.38.53.1
kernel-azure-debugsource-5.3.18-150300.38.53.1
kernel-azure-devel-5.3.18-150300.38.53.1
kernel-azure-devel-debuginfo-5.3.18-150300.38.53.1
kernel-syms-azure-5.3.18-150300.38.53.1
References:
https://www.suse.com/security/cve/CVE-2021-39698.html
https://www.suse.com/security/cve/CVE-2021-45402.html
https://www.suse.com/security/cve/CVE-2021-45868.html
https://www.suse.com/security/cve/CVE-2022-0850.html
https://www.suse.com/security/cve/CVE-2022-0854.html
https://www.suse.com/security/cve/CVE-2022-1011.html
https://www.suse.com/security/cve/CVE-2022-1016.html
https://www.suse.com/security/cve/CVE-2022-1048.html
https://www.suse.com/security/cve/CVE-2022-1055.html
https://www.suse.com/security/cve/CVE-2022-1195.html
https://www.suse.com/security/cve/CVE-2022-1198.html
https://www.suse.com/security/cve/CVE-2022-1199.html
https://www.suse.com/security/cve/CVE-2022-1205.html
https://www.suse.com/security/cve/CVE-2022-23036.html
https://www.suse.com/security/cve/CVE-2022-23037.html
https://www.suse.com/security/cve/CVE-2022-23038.html
https://www.suse.com/security/cve/CVE-2022-23039.html
https://www.suse.com/security/cve/CVE-2022-23040.html
https://www.suse.com/security/cve/CVE-2022-23041.html
https://www.suse.com/security/cve/CVE-2022-23042.html
https://www.suse.com/security/cve/CVE-2022-27223.html
https://www.suse.com/security/cve/CVE-2022-27666.html
https://www.suse.com/security/cve/CVE-2022-28388.html
https://www.suse.com/security/cve/CVE-2022-28389.html
https://www.suse.com/security/cve/CVE-2022-28390.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1175667
https://bugzilla.suse.com/1177028
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1179639
https://bugzilla.suse.com/1180153
https://bugzilla.suse.com/1189562
https://bugzilla.suse.com/1194589
https://bugzilla.suse.com/1194625
https://bugzilla.suse.com/1194649
https://bugzilla.suse.com/1194943
https://bugzilla.suse.com/1195051
https://bugzilla.suse.com/1195353
https://bugzilla.suse.com/1195640
https://bugzilla.suse.com/1195926
https://bugzilla.suse.com/1196018
https://bugzilla.suse.com/1196130
https://bugzilla.suse.com/1196196
https://bugzilla.suse.com/1196478
https://bugzilla.suse.com/1196488
https://bugzilla.suse.com/1196761
https://bugzilla.suse.com/1196823
https://bugzilla.suse.com/1196956
https://bugzilla.suse.com/1197227
https://bugzilla.suse.com/1197243
https://bugzilla.suse.com/1197245
https://bugzilla.suse.com/1197300
https://bugzilla.suse.com/1197302
https://bugzilla.suse.com/1197331
https://bugzilla.suse.com/1197343
https://bugzilla.suse.com/1197366
https://bugzilla.suse.com/1197389
https://bugzilla.suse.com/1197460
https://bugzilla.suse.com/1197462
https://bugzilla.suse.com/1197501
https://bugzilla.suse.com/1197534
https://bugzilla.suse.com/1197661
https://bugzilla.suse.com/1197675
https://bugzilla.suse.com/1197677
https://bugzilla.suse.com/1197702
https://bugzilla.suse.com/1197811
https://bugzilla.suse.com/1197812
https://bugzilla.suse.com/1197815
https://bugzilla.suse.com/1197817
https://bugzilla.suse.com/1197819
https://bugzilla.suse.com/1197820
https://bugzilla.suse.com/1197888
https://bugzilla.suse.com/1197889
https://bugzilla.suse.com/1197894
https://bugzilla.suse.com/1198027
https://bugzilla.suse.com/1198028
https://bugzilla.suse.com/1198029
https://bugzilla.suse.com/1198030
https://bugzilla.suse.com/1198031
https://bugzilla.suse.com/1198032
https://bugzilla.suse.com/1198033
https://bugzilla.suse.com/1198077
1
0
12 Apr '22
SUSE Security Update: Security update for xz
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1158-1
Rating: important
References: #1198062
Cross-References: CVE-2022-1271
CVSS scores:
CVE-2022-1271 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.0
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Realtime Extension 15-SP2
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames
(ZDI-CAN-16587). (bsc#1198062)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1158=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1158=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1158=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1158=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1158=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1158=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1158=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1158=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1158=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1158=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1158=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1158=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1158=1
- SUSE Linux Enterprise Realtime Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1158=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1158=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1158=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1158=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1158=1
- SUSE Linux Enterprise Micro 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1158=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1158=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1158=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1158=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1158=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1158=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1158=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1158=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-1158=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- openSUSE Leap 15.4 (noarch):
xz-lang-5.2.3-150000.4.7.1
- openSUSE Leap 15.4 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
xz-devel-32bit-5.2.3-150000.4.7.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- openSUSE Leap 15.3 (noarch):
xz-lang-5.2.3-150000.4.7.1
- openSUSE Leap 15.3 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
xz-devel-32bit-5.2.3-150000.4.7.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Manager Server 4.1 (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Manager Server 4.1 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Manager Proxy 4.1 (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Manager Proxy 4.1 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server for SAP 15 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
- SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Enterprise Storage 7 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Enterprise Storage 7 (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE Enterprise Storage 6 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
- SUSE Enterprise Storage 6 (noarch):
xz-lang-5.2.3-150000.4.7.1
- SUSE CaaS Platform 4.0 (x86_64):
liblzma5-32bit-5.2.3-150000.4.7.1
liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1
liblzma5-5.2.3-150000.4.7.1
liblzma5-debuginfo-5.2.3-150000.4.7.1
xz-5.2.3-150000.4.7.1
xz-debuginfo-5.2.3-150000.4.7.1
xz-debugsource-5.2.3-150000.4.7.1
xz-devel-5.2.3-150000.4.7.1
xz-static-devel-5.2.3-150000.4.7.1
- SUSE CaaS Platform 4.0 (noarch):
xz-lang-5.2.3-150000.4.7.1
References:
https://www.suse.com/security/cve/CVE-2022-1271.html
https://bugzilla.suse.com/1198062
1
0
SUSE-SU-2022:1162-1: important: Security update for subversion
by opensuse-security@opensuse.org 12 Apr '22
by opensuse-security@opensuse.org 12 Apr '22
12 Apr '22
SUSE Security Update: Security update for subversion
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1162-1
Rating: important
References: #1197939 #1197940
Cross-References: CVE-2021-28544 CVE-2022-24070
CVSS scores:
CVE-2021-28544 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-24070 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for subversion fixes the following issues:
- CVE-2022-24070: Fixed a memory corruption issue in mod_dav_svn as used
by Apache HTTP server. This could be exploited by a remote attacker to
cause a denial of service (bsc#1197940).
- CVE-2021-28544: Fixed an information leak issue where Subversion servers
may reveal the original path of files protected by path-based
authorization (bsc#1197939).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1162=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1162=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1162=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1162=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1162=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
subversion-python-ctypes-1.10.6-150300.10.8.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libsvn_auth_gnome_keyring-1-0-1.10.6-150300.10.8.1
libsvn_auth_gnome_keyring-1-0-debuginfo-1.10.6-150300.10.8.1
libsvn_auth_kwallet-1-0-1.10.6-150300.10.8.1
libsvn_auth_kwallet-1-0-debuginfo-1.10.6-150300.10.8.1
subversion-1.10.6-150300.10.8.1
subversion-debuginfo-1.10.6-150300.10.8.1
subversion-debugsource-1.10.6-150300.10.8.1
subversion-devel-1.10.6-150300.10.8.1
subversion-perl-1.10.6-150300.10.8.1
subversion-perl-debuginfo-1.10.6-150300.10.8.1
subversion-python-1.10.6-150300.10.8.1
subversion-python-ctypes-1.10.6-150300.10.8.1
subversion-python-debuginfo-1.10.6-150300.10.8.1
subversion-ruby-1.10.6-150300.10.8.1
subversion-ruby-debuginfo-1.10.6-150300.10.8.1
subversion-server-1.10.6-150300.10.8.1
subversion-server-debuginfo-1.10.6-150300.10.8.1
subversion-tools-1.10.6-150300.10.8.1
subversion-tools-debuginfo-1.10.6-150300.10.8.1
- openSUSE Leap 15.3 (noarch):
subversion-bash-completion-1.10.6-150300.10.8.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
subversion-debuginfo-1.10.6-150300.10.8.1
subversion-debugsource-1.10.6-150300.10.8.1
subversion-server-1.10.6-150300.10.8.1
subversion-server-debuginfo-1.10.6-150300.10.8.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
subversion-debuginfo-1.10.6-150300.10.8.1
subversion-debugsource-1.10.6-150300.10.8.1
subversion-perl-1.10.6-150300.10.8.1
subversion-perl-debuginfo-1.10.6-150300.10.8.1
subversion-python-1.10.6-150300.10.8.1
subversion-python-debuginfo-1.10.6-150300.10.8.1
subversion-tools-1.10.6-150300.10.8.1
subversion-tools-debuginfo-1.10.6-150300.10.8.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
subversion-bash-completion-1.10.6-150300.10.8.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
subversion-1.10.6-150300.10.8.1
subversion-debuginfo-1.10.6-150300.10.8.1
subversion-debugsource-1.10.6-150300.10.8.1
subversion-devel-1.10.6-150300.10.8.1
References:
https://www.suse.com/security/cve/CVE-2021-28544.html
https://www.suse.com/security/cve/CVE-2022-24070.html
https://bugzilla.suse.com/1197939
https://bugzilla.suse.com/1197940
1
0