SUSE Security Update: Security update for fribidi
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1898-1
Rating: moderate
References: #1196147 #1196148 #1196150
Cross-References: CVE-2022-25308 CVE-2022-25309 CVE-2022-25310
CVSS scores:
CVE-2022-25308 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CVE-2022-25309 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2022-25310 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for fribidi fixes the following issues:
- CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147).
- CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode
(bsc#1196148).
- CVE-2022-25310: Fixed NULL pointer dereference in
fribidi_remove_bidi_marks (bsc#1196150).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1898=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1898=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1898=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
fribidi-1.0.10-150400.3.3.1
fribidi-debuginfo-1.0.10-150400.3.3.1
fribidi-debugsource-1.0.10-150400.3.3.1
fribidi-devel-1.0.10-150400.3.3.1
libfribidi0-1.0.10-150400.3.3.1
libfribidi0-debuginfo-1.0.10-150400.3.3.1
- openSUSE Leap 15.4 (x86_64):
libfribidi0-32bit-1.0.10-150400.3.3.1
libfribidi0-32bit-debuginfo-1.0.10-150400.3.3.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (x86_64):
fribidi-debugsource-1.0.10-150400.3.3.1
libfribidi0-32bit-1.0.10-150400.3.3.1
libfribidi0-32bit-debuginfo-1.0.10-150400.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
fribidi-1.0.10-150400.3.3.1
fribidi-debuginfo-1.0.10-150400.3.3.1
fribidi-debugsource-1.0.10-150400.3.3.1
fribidi-devel-1.0.10-150400.3.3.1
libfribidi0-1.0.10-150400.3.3.1
libfribidi0-debuginfo-1.0.10-150400.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-25308.htmlhttps://www.suse.com/security/cve/CVE-2022-25309.htmlhttps://www.suse.com/security/cve/CVE-2022-25310.htmlhttps://bugzilla.suse.com/1196147https://bugzilla.suse.com/1196148https://bugzilla.suse.com/1196150
openSUSE Security Update: Security update for pcmanfm
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10001-1
Rating: moderate
References: #1039140
Cross-References: CVE-2017-8934
CVSS scores:
CVE-2017-8934 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for pcmanfm fixes the following issues:
update to 1.3.2:
* Fixed case when some keyboard shortcuts stopped working: Alt+Home, Alt+Up
* Fixed sytem reboot delayed for 90 seconds in some cases
new upstream release of pcmanfm 1.3.1
* fixed crash on reload while directory changes
* changed size of large thumbnails to 512
* added application/gzip to archivers.list
* added image/x-compressed-xcf to archivers.list
* allowed bigger sizes of icons and thumbnails
new upstream release of pcmanfm 1.3.0
* Fixed potential access violation, use runtime user dir instead
of tmp diri for single instance socket. boo#1039140 CVE-2017-8934
* Fixed an issue with losing icons on desktop, when file name has a
���[��� char.
* Added a missing tooltip for ���New Window��� toolbar button.
* Fixed an issue when single instance socket directory did not exist
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10001=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64):
pcmanfm-1.3.2-bp153.2.3.1
pcmanfm-devel-1.3.2-bp153.2.3.1
- openSUSE Backports SLE-15-SP3 (noarch):
pcmanfm-lang-1.3.2-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2017-8934.htmlhttps://bugzilla.suse.com/1039140
SUSE Security Update: Security update for helm-mirror
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1888-1
Rating: moderate
References: #1156646 #1197728
Cross-References: CVE-2019-18658
CVSS scores:
CVE-2019-18658 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-18658 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for helm-mirror fixes the following issues:
- Updated to version 0.3.1:
- CVE-2019-18658: Fixed a potential symbolic link issue in helm that
could be used to leak sensitive files (bsc#1156646).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1888=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1888=1
- SUSE Linux Enterprise Module for Containers 15-SP4:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-1888=1
- SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-1888=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
helm-mirror-0.3.1-150000.1.13.1
helm-mirror-debuginfo-0.3.1-150000.1.13.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
helm-mirror-0.3.1-150000.1.13.1
helm-mirror-debuginfo-0.3.1-150000.1.13.1
- SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64):
helm-mirror-0.3.1-150000.1.13.1
helm-mirror-debuginfo-0.3.1-150000.1.13.1
- SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64):
helm-mirror-0.3.1-150000.1.13.1
helm-mirror-debuginfo-0.3.1-150000.1.13.1
References:
https://www.suse.com/security/cve/CVE-2019-18658.htmlhttps://bugzilla.suse.com/1156646https://bugzilla.suse.com/1197728
SUSE Security Update: Security update for tiff
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1882-1
Rating: important
References: #1195964 #1195965 #1197066 #1197068 #1197072
#1197073 #1197074 #1197631
Cross-References: CVE-2022-0561 CVE-2022-0562 CVE-2022-0865
CVE-2022-0891 CVE-2022-0908 CVE-2022-0909
CVE-2022-0924 CVE-2022-1056
CVSS scores:
CVE-2022-0561 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0561 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0562 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0562 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0865 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0865 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0891 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CVE-2022-0891 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-0908 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0908 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0909 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0909 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0924 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0924 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-1056 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
This update for tiff fixes the following issues:
- CVE-2022-0561: Fixed null source pointer passed as an argument to
memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964).
- CVE-2022-0562: Fixed null source pointer passed as an argument to
memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965).
- CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc
(bsc#1197066).
- CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have
led to a denial-of-service via a crafted tiff file (bsc#1197072).
- CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have
led to a denial-of-service via a crafted tiff file (bsc#1197073).
- CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy
in TIFFFetchNormalTag() (bsc#1197074).
- CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could
have led to a denial-of-service via a crafted tiff file (bsc#1197631).
- CVE-2022-0891: Fixed heap buffer overflow in extractImageSection
(bsc#1197068).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1882=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1882=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1882=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1882=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1882=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1882=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1882=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1882=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1882=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1882=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1882=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1882=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1882=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1882=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1882=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1882=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1882=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1882=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1882=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1882=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1882=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1882=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1882=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1882=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1882=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1882=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-1882=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- openSUSE Leap 15.4 (x86_64):
libtiff-devel-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- openSUSE Leap 15.3 (x86_64):
libtiff-devel-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Manager Server 4.1 (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Manager Proxy 4.1 (x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server for SAP 15 (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64):
tiff-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
tiff-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Enterprise Storage 7 (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
- SUSE Enterprise Storage 6 (x86_64):
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
- SUSE CaaS Platform 4.0 (x86_64):
libtiff-devel-4.0.9-150000.45.8.1
libtiff5-32bit-4.0.9-150000.45.8.1
libtiff5-32bit-debuginfo-4.0.9-150000.45.8.1
libtiff5-4.0.9-150000.45.8.1
libtiff5-debuginfo-4.0.9-150000.45.8.1
tiff-debuginfo-4.0.9-150000.45.8.1
tiff-debugsource-4.0.9-150000.45.8.1
References:
https://www.suse.com/security/cve/CVE-2022-0561.htmlhttps://www.suse.com/security/cve/CVE-2022-0562.htmlhttps://www.suse.com/security/cve/CVE-2022-0865.htmlhttps://www.suse.com/security/cve/CVE-2022-0891.htmlhttps://www.suse.com/security/cve/CVE-2022-0908.htmlhttps://www.suse.com/security/cve/CVE-2022-0909.htmlhttps://www.suse.com/security/cve/CVE-2022-0924.htmlhttps://www.suse.com/security/cve/CVE-2022-1056.htmlhttps://bugzilla.suse.com/1195964https://bugzilla.suse.com/1195965https://bugzilla.suse.com/1197066https://bugzilla.suse.com/1197068https://bugzilla.suse.com/1197072https://bugzilla.suse.com/1197073https://bugzilla.suse.com/1197074https://bugzilla.suse.com/1197631
openSUSE Security Update: Security update for opera
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0156-1
Rating: important
References:
Cross-References: CVE-2022-1364 CVE-2022-1633 CVE-2022-1634
CVE-2022-1635 CVE-2022-1636 CVE-2022-1637
CVE-2022-1638 CVE-2022-1639 CVE-2022-1640
CVE-2022-1641
Affected Products:
openSUSE Leap 15.4:NonFree
______________________________________________________________________________
An update that fixes 10 vulnerabilities is now available.
Description:
This update for opera fixes the following issues:
Update to 87.0.4390.25:
- CHR-8870 Update chromium on desktop-stable-101-4390 to 101.0.4951.64
- DNA-99209 Enable #easy-files-multiupload on all streams
- DNA-99325 Use a preference to set number of recent searches and
recently closed in unfiltered dropdown
- DNA-99353 Translations for O87
- DNA-99365 Adding title to the first category duplicates categories
titles in the dropdown
- DNA-99385 Feedback button in filtered dropdown can overlap with
other web buttons for highlighted suggestion
- DNA-99391 Add bookmarks at the bottom of a bookmarks bar folder
- DNA-99491 Suggestion is not immediately removed form recent searches
view in dropdown.
- DNA-99501 Promote O87 to stable
- DNA-99504 ���Switch to tab��� button is not aligned to the right for
some categories in dropdown
- The update to chromium 101.0.4951.64 fixes following issues:
CVE-2022-1633, CVE-2022-1634, CVE-2022-1635, CVE-2022-1636,
CVE-2022-1637, CVE-2022-1638, CVE-2022-1639, CVE-2022-1640, CVE-2022-1641
- Complete Opera 87.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-87/
- Update to 86.0.4363.59
- DNA-99021 Crash in sidebar when extension of sidebar item was
uninstalled
- DNA-99359 Crash at opera::
ContinueShoppingExpiredProductRemoverImpl::RemoveExpiredProducts()
- Update to 86.0.4363.50
- DNA-68493 Opera doesn���t close address field drop-down when dragging
text from the address field
- DNA-99003 Crash at views::Widget::GetNativeView() const
- DNA-99133 BrowserSidebarWithProxyAuthTest.PreloadWithWebModalDialog
fails
- DNA-99230 Switching search engine with shortcut stopped working after
DNA-99178
- DNA-99317 Make history match appear on top
- Update to 86.0.4363.32
- DNA-98510 Blank icon in sidebar setup
- DNA-98525 Unable to drag tab to far right
- DNA-98893 Sound indicator is too precise in Google Meet
- DNA-98919 Shopping corner internal API access update
- DNA-98924 Tab tooltip gets stuck on screen
- DNA-98981 Enable easy-files-multiupload on developer stream
- DNA-99041 Move Shopping Corner to sidebar entry
- DNA-99061 Enable #address-bar-dropdown-categories on all streams
- DNA-99062 Create flag to show top sites and recently closed in
unfiltered suggestions
- DNA-99064 Hard to drag & drop current URL to a specific folder
on bookmarks bar when unfiltered dropdown is displayed
- DNA-99070 Make scroll button in Continue On scroll multiple items
- DNA-99089 Shopping corner tab is not preserved after restart
- DNA-99115 Request updating the Avro schema for sidebar event
- DNA-99117 Make sure shopping corner is enabled by default
- DNA-99178 Left/right not working in address bar dropdown
- DNA-99204 Hide Shopping Corner by default
- Update to 86.0.4363.23
- CHR-8843 Update chromium on desktop-stable-100-4363 to 100.0.4896.127
- DNA-98236 Turn on #snap-text-selection on all streams
- DNA-98507 DCHECK at address_bar_controller.cc(547)
- DNA-98528 Suggestions for internal pages disappear when typing their
full name
- DNA-98538 Change name of "Opera Crypto Wallet" to "Crypto Wallet"
- DNA-98540 Booking.com used instead of custom search engine
- DNA-98587 Favicon of booking suggestion in the city category is
unexpectedly changing
- DNA-98605 City suggestions should show URL in address field when
selected
- DNA-98608 #address-bar-dropdown-categories expired
- DNA-98616 Add recent searches to 'old' BABE
- DNA-98668 Switch to tab button leads to wrong tab
- DNA-98673 Improve suggestion removal handling in suggestion providers
- DNA-98681 Remove unused suggestion consumers
- DNA-98684 Have a dedicated SuggestionList for the new address bar
dropdown
- DNA-98685 Enable #native-crypto-wallet on developer
- DNA-98688 "Disable this feature" mini-menu settings is non-intuitive
- DNA-98690 Autocompleted text stayed in address field after removing
suggestion
- DNA-98738 Inline autocomplete suggestion for SD disappears after
typing 3rd letter of SD name
- DNA-98743 Blank dropdown after pressing space key
- DNA-98783 Improve showing suggestions with long URLs or page titles
- DNA-98785 "Switch to tab" button not shown for suggestions with www
subdomain when typing domain text
- DNA-98879 "Disable suggestions before typing" mini-menu option should
change to "Enable suggestions before typing" when being selected
- DNA-98917 Translations for O86
- DNA-98975 Turn on #snap-crop-tool on all channels
- DNA-98980 Enable #native-crypto-wallet on all streams
- DNA-99005 The sidebar item is not visible for already active crypto
wallet users when #native-crypto-wallet flag is enabled.
- DNA-99007 Crash at TemplateURLRef::ParseIfNecessary(SearchTermsData
const&) const
- DNA-99047 Promote O86 to stable
- The update to chromium 100.0.4896.127 fixes following issues:
CVE-2022-1364
- Complete Opera 86.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-86/
- Update to 85.0.4341.60
- DNA-98666 Set baidu as default search engine in China
- DNA-98707 Hint is not displayed for new crypto wallet sidebar icon
- DNA-98775 RichHintsSearchEngineCondition.testSogouSearchEngine errors
- Update to 85.0.4341.47
- DNA-98249 Add feature flag #native-crypto-wallet
- DNA-98250 Install extension on startup
- DNA-98251 Make Crypto Wallet setting enable / disable extension
- DNA-98252 Deactivate old desktop crypto wallet
- DNA-98253 Always show ���Crypto Wallet��� in Sidebar Setup
- DNA-98497 Crash when installing extension
- DNA-98506 Enable opera_feature_crypto_wallet_encryption
on desktop
- DNA-98510 Blank icon in sidebar setup
- DNA-98538 Change name of "Opera Crypto Wallet" to "Crypto Wallet"
- DNA-98685 Enable #native-crypto-wallet on developer
- DNA-98766 Crash at
opera::AddressBarControllerImpl::OpenNativeDropdown()
- DNA-98768 Crash at
extensions::ContentFilterPrivateIsWhitelistedFunction::Run()
- DNA-98770 Recent searches stay in address field after selecting entry
from dropdown
- DNA-98772 Screen sharing broken
- DNA-98803 Autofilled part appended after selecting address bar using
shortcut
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:NonFree:
zypper in -t patch openSUSE-2022-156=1
Package List:
- openSUSE Leap 15.4:NonFree (x86_64):
opera-87.0.4390.25-lp154.2.8.1
References:
https://www.suse.com/security/cve/CVE-2022-1364.htmlhttps://www.suse.com/security/cve/CVE-2022-1633.htmlhttps://www.suse.com/security/cve/CVE-2022-1634.htmlhttps://www.suse.com/security/cve/CVE-2022-1635.htmlhttps://www.suse.com/security/cve/CVE-2022-1636.htmlhttps://www.suse.com/security/cve/CVE-2022-1637.htmlhttps://www.suse.com/security/cve/CVE-2022-1638.htmlhttps://www.suse.com/security/cve/CVE-2022-1639.htmlhttps://www.suse.com/security/cve/CVE-2022-1640.htmlhttps://www.suse.com/security/cve/CVE-2022-1641.html