openSUSE Security Announce
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
May 2022
- 1 participants
- 77 discussions
SUSE-SU-2022:1762-1: moderate: Security update for ImageMagick
by opensuse-security@opensuse.org 20 May '22
by opensuse-security@opensuse.org 20 May '22
20 May '22
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1762-1
Rating: moderate
References: #1197147 #1199350
Cross-References: CVE-2022-28463
CVSS scores:
CVE-2022-28463 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28463 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for ImageMagick fixes the following issues:
Security issues fixed:
- CVE-2022-28463: Fixed buffer overflow in coders/cin.c (bsc#1199350).
Bugfixes:
- Use png_get_eXIf_1 when available (bsc#1197147).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1762=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1762=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1762=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1762=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
- openSUSE Leap 15.4 (x86_64):
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.26.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.26.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.26.1
ImageMagick-debuginfo-7.0.7.34-150200.10.26.1
ImageMagick-debugsource-7.0.7.34-150200.10.26.1
ImageMagick-devel-7.0.7.34-150200.10.26.1
ImageMagick-extra-7.0.7.34-150200.10.26.1
ImageMagick-extra-debuginfo-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.26.1
libMagick++-devel-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
perl-PerlMagick-7.0.7.34-150200.10.26.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.26.1
- openSUSE Leap 15.3 (noarch):
ImageMagick-doc-7.0.7.34-150200.10.26.1
- openSUSE Leap 15.3 (x86_64):
ImageMagick-devel-32bit-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.26.1
libMagick++-devel-32bit-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.26.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
ImageMagick-debuginfo-7.0.7.34-150200.10.26.1
ImageMagick-debugsource-7.0.7.34-150200.10.26.1
perl-PerlMagick-7.0.7.34-150200.10.26.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.26.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.26.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.26.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.26.1
ImageMagick-debuginfo-7.0.7.34-150200.10.26.1
ImageMagick-debugsource-7.0.7.34-150200.10.26.1
ImageMagick-devel-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.26.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.26.1
libMagick++-devel-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.26.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.26.1
References:
https://www.suse.com/security/cve/CVE-2022-28463.html
https://bugzilla.suse.com/1197147
https://bugzilla.suse.com/1199350
1
0
SUSE-SU-2022:1750-1: important: Security update for libxml2
by opensuse-security@opensuse.org 19 May '22
by opensuse-security@opensuse.org 19 May '22
19 May '22
SUSE Security Update: Security update for libxml2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1750-1
Rating: important
References: #1196490 #1199132
Cross-References: CVE-2022-23308 CVE-2022-29824
CVSS scores:
CVE-2022-23308 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-23308 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
CVE-2022-29824 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-29824 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Python2 15-SP3
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes
(bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an
out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*)
(bsc#1199132).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1750=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1750=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1750=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1750=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1750=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1750=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1750=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1750=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1750=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1750=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1750=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1750=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1750=1
- SUSE Linux Enterprise Module for Python2 15-SP3:
zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-1750=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1750=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1750=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1750=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1750=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1750=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1750=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1750=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1750=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1750=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1750=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-1750=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- openSUSE Leap 15.3 (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
libxml2-devel-32bit-2.9.7-150000.3.46.1
- openSUSE Leap 15.3 (noarch):
libxml2-doc-2.9.7-150000.3.46.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Manager Server 4.1 (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Manager Proxy 4.1 (x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server for SAP 15 (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64):
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Enterprise Storage 7 (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
- SUSE Enterprise Storage 6 (x86_64):
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
- SUSE CaaS Platform 4.0 (x86_64):
libxml2-2-2.9.7-150000.3.46.1
libxml2-2-32bit-2.9.7-150000.3.46.1
libxml2-2-32bit-debuginfo-2.9.7-150000.3.46.1
libxml2-2-debuginfo-2.9.7-150000.3.46.1
libxml2-debugsource-2.9.7-150000.3.46.1
libxml2-devel-2.9.7-150000.3.46.1
libxml2-tools-2.9.7-150000.3.46.1
libxml2-tools-debuginfo-2.9.7-150000.3.46.1
python-libxml2-python-debugsource-2.9.7-150000.3.46.1
python2-libxml2-python-2.9.7-150000.3.46.1
python2-libxml2-python-debuginfo-2.9.7-150000.3.46.1
python3-libxml2-python-2.9.7-150000.3.46.1
python3-libxml2-python-debuginfo-2.9.7-150000.3.46.1
References:
https://www.suse.com/security/cve/CVE-2022-23308.html
https://www.suse.com/security/cve/CVE-2022-29824.html
https://bugzilla.suse.com/1196490
https://bugzilla.suse.com/1199132
1
0
19 May '22
SUSE Security Update: Security update for php7
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1755-1
Rating: low
References: #1197644
Affected Products:
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Legacy Software 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP4
openSUSE Leap 15.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for php7 fixes the following issues:
- Fixed filter_var bypass vulnerability (bsc#1197644).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1755=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1755=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-1755=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
apache2-mod_php7-7.4.25-150400.4.3.1
apache2-mod_php7-debuginfo-7.4.25-150400.4.3.1
apache2-mod_php7-debugsource-7.4.25-150400.4.3.1
php7-7.4.25-150400.4.3.1
php7-bcmath-7.4.25-150400.4.3.1
php7-bcmath-debuginfo-7.4.25-150400.4.3.1
php7-bz2-7.4.25-150400.4.3.1
php7-bz2-debuginfo-7.4.25-150400.4.3.1
php7-calendar-7.4.25-150400.4.3.1
php7-calendar-debuginfo-7.4.25-150400.4.3.1
php7-cli-7.4.25-150400.4.3.1
php7-cli-debuginfo-7.4.25-150400.4.3.1
php7-ctype-7.4.25-150400.4.3.1
php7-ctype-debuginfo-7.4.25-150400.4.3.1
php7-curl-7.4.25-150400.4.3.1
php7-curl-debuginfo-7.4.25-150400.4.3.1
php7-dba-7.4.25-150400.4.3.1
php7-dba-debuginfo-7.4.25-150400.4.3.1
php7-debuginfo-7.4.25-150400.4.3.1
php7-debugsource-7.4.25-150400.4.3.1
php7-devel-7.4.25-150400.4.3.1
php7-dom-7.4.25-150400.4.3.1
php7-dom-debuginfo-7.4.25-150400.4.3.1
php7-embed-7.4.25-150400.4.3.1
php7-embed-debuginfo-7.4.25-150400.4.3.1
php7-embed-debugsource-7.4.25-150400.4.3.1
php7-enchant-7.4.25-150400.4.3.1
php7-enchant-debuginfo-7.4.25-150400.4.3.1
php7-exif-7.4.25-150400.4.3.1
php7-exif-debuginfo-7.4.25-150400.4.3.1
php7-fastcgi-7.4.25-150400.4.3.1
php7-fastcgi-debuginfo-7.4.25-150400.4.3.1
php7-fastcgi-debugsource-7.4.25-150400.4.3.1
php7-fileinfo-7.4.25-150400.4.3.1
php7-fileinfo-debuginfo-7.4.25-150400.4.3.1
php7-fpm-7.4.25-150400.4.3.1
php7-fpm-debuginfo-7.4.25-150400.4.3.1
php7-fpm-debugsource-7.4.25-150400.4.3.1
php7-ftp-7.4.25-150400.4.3.1
php7-ftp-debuginfo-7.4.25-150400.4.3.1
php7-gd-7.4.25-150400.4.3.1
php7-gd-debuginfo-7.4.25-150400.4.3.1
php7-gettext-7.4.25-150400.4.3.1
php7-gettext-debuginfo-7.4.25-150400.4.3.1
php7-gmp-7.4.25-150400.4.3.1
php7-gmp-debuginfo-7.4.25-150400.4.3.1
php7-iconv-7.4.25-150400.4.3.1
php7-iconv-debuginfo-7.4.25-150400.4.3.1
php7-intl-7.4.25-150400.4.3.1
php7-intl-debuginfo-7.4.25-150400.4.3.1
php7-json-7.4.25-150400.4.3.1
php7-json-debuginfo-7.4.25-150400.4.3.1
php7-ldap-7.4.25-150400.4.3.1
php7-ldap-debuginfo-7.4.25-150400.4.3.1
php7-mbstring-7.4.25-150400.4.3.1
php7-mbstring-debuginfo-7.4.25-150400.4.3.1
php7-mysql-7.4.25-150400.4.3.1
php7-mysql-debuginfo-7.4.25-150400.4.3.1
php7-odbc-7.4.25-150400.4.3.1
php7-odbc-debuginfo-7.4.25-150400.4.3.1
php7-opcache-7.4.25-150400.4.3.1
php7-opcache-debuginfo-7.4.25-150400.4.3.1
php7-openssl-7.4.25-150400.4.3.1
php7-openssl-debuginfo-7.4.25-150400.4.3.1
php7-pcntl-7.4.25-150400.4.3.1
php7-pcntl-debuginfo-7.4.25-150400.4.3.1
php7-pdo-7.4.25-150400.4.3.1
php7-pdo-debuginfo-7.4.25-150400.4.3.1
php7-pgsql-7.4.25-150400.4.3.1
php7-pgsql-debuginfo-7.4.25-150400.4.3.1
php7-phar-7.4.25-150400.4.3.1
php7-phar-debuginfo-7.4.25-150400.4.3.1
php7-posix-7.4.25-150400.4.3.1
php7-posix-debuginfo-7.4.25-150400.4.3.1
php7-readline-7.4.25-150400.4.3.1
php7-readline-debuginfo-7.4.25-150400.4.3.1
php7-shmop-7.4.25-150400.4.3.1
php7-shmop-debuginfo-7.4.25-150400.4.3.1
php7-snmp-7.4.25-150400.4.3.1
php7-snmp-debuginfo-7.4.25-150400.4.3.1
php7-soap-7.4.25-150400.4.3.1
php7-soap-debuginfo-7.4.25-150400.4.3.1
php7-sockets-7.4.25-150400.4.3.1
php7-sockets-debuginfo-7.4.25-150400.4.3.1
php7-sodium-7.4.25-150400.4.3.1
php7-sodium-debuginfo-7.4.25-150400.4.3.1
php7-sqlite-7.4.25-150400.4.3.1
php7-sqlite-debuginfo-7.4.25-150400.4.3.1
php7-sysvmsg-7.4.25-150400.4.3.1
php7-sysvmsg-debuginfo-7.4.25-150400.4.3.1
php7-sysvsem-7.4.25-150400.4.3.1
php7-sysvsem-debuginfo-7.4.25-150400.4.3.1
php7-sysvshm-7.4.25-150400.4.3.1
php7-sysvshm-debuginfo-7.4.25-150400.4.3.1
php7-test-7.4.25-150400.4.3.2
php7-tidy-7.4.25-150400.4.3.1
php7-tidy-debuginfo-7.4.25-150400.4.3.1
php7-tokenizer-7.4.25-150400.4.3.1
php7-tokenizer-debuginfo-7.4.25-150400.4.3.1
php7-xmlreader-7.4.25-150400.4.3.1
php7-xmlreader-debuginfo-7.4.25-150400.4.3.1
php7-xmlrpc-7.4.25-150400.4.3.1
php7-xmlrpc-debuginfo-7.4.25-150400.4.3.1
php7-xmlwriter-7.4.25-150400.4.3.1
php7-xmlwriter-debuginfo-7.4.25-150400.4.3.1
php7-xsl-7.4.25-150400.4.3.1
php7-xsl-debuginfo-7.4.25-150400.4.3.1
php7-zip-7.4.25-150400.4.3.1
php7-zip-debuginfo-7.4.25-150400.4.3.1
php7-zlib-7.4.25-150400.4.3.1
php7-zlib-debuginfo-7.4.25-150400.4.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64):
php7-embed-7.4.25-150400.4.3.1
php7-embed-debuginfo-7.4.25-150400.4.3.1
php7-embed-debugsource-7.4.25-150400.4.3.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64):
apache2-mod_php7-7.4.25-150400.4.3.1
apache2-mod_php7-debuginfo-7.4.25-150400.4.3.1
apache2-mod_php7-debugsource-7.4.25-150400.4.3.1
php7-7.4.25-150400.4.3.1
php7-bcmath-7.4.25-150400.4.3.1
php7-bcmath-debuginfo-7.4.25-150400.4.3.1
php7-bz2-7.4.25-150400.4.3.1
php7-bz2-debuginfo-7.4.25-150400.4.3.1
php7-calendar-7.4.25-150400.4.3.1
php7-calendar-debuginfo-7.4.25-150400.4.3.1
php7-cli-7.4.25-150400.4.3.1
php7-cli-debuginfo-7.4.25-150400.4.3.1
php7-ctype-7.4.25-150400.4.3.1
php7-ctype-debuginfo-7.4.25-150400.4.3.1
php7-curl-7.4.25-150400.4.3.1
php7-curl-debuginfo-7.4.25-150400.4.3.1
php7-dba-7.4.25-150400.4.3.1
php7-dba-debuginfo-7.4.25-150400.4.3.1
php7-debuginfo-7.4.25-150400.4.3.1
php7-debugsource-7.4.25-150400.4.3.1
php7-devel-7.4.25-150400.4.3.1
php7-dom-7.4.25-150400.4.3.1
php7-dom-debuginfo-7.4.25-150400.4.3.1
php7-enchant-7.4.25-150400.4.3.1
php7-enchant-debuginfo-7.4.25-150400.4.3.1
php7-exif-7.4.25-150400.4.3.1
php7-exif-debuginfo-7.4.25-150400.4.3.1
php7-fastcgi-7.4.25-150400.4.3.1
php7-fastcgi-debuginfo-7.4.25-150400.4.3.1
php7-fastcgi-debugsource-7.4.25-150400.4.3.1
php7-fileinfo-7.4.25-150400.4.3.1
php7-fileinfo-debuginfo-7.4.25-150400.4.3.1
php7-fpm-7.4.25-150400.4.3.1
php7-fpm-debuginfo-7.4.25-150400.4.3.1
php7-fpm-debugsource-7.4.25-150400.4.3.1
php7-ftp-7.4.25-150400.4.3.1
php7-ftp-debuginfo-7.4.25-150400.4.3.1
php7-gd-7.4.25-150400.4.3.1
php7-gd-debuginfo-7.4.25-150400.4.3.1
php7-gettext-7.4.25-150400.4.3.1
php7-gettext-debuginfo-7.4.25-150400.4.3.1
php7-gmp-7.4.25-150400.4.3.1
php7-gmp-debuginfo-7.4.25-150400.4.3.1
php7-iconv-7.4.25-150400.4.3.1
php7-iconv-debuginfo-7.4.25-150400.4.3.1
php7-intl-7.4.25-150400.4.3.1
php7-intl-debuginfo-7.4.25-150400.4.3.1
php7-json-7.4.25-150400.4.3.1
php7-json-debuginfo-7.4.25-150400.4.3.1
php7-ldap-7.4.25-150400.4.3.1
php7-ldap-debuginfo-7.4.25-150400.4.3.1
php7-mbstring-7.4.25-150400.4.3.1
php7-mbstring-debuginfo-7.4.25-150400.4.3.1
php7-mysql-7.4.25-150400.4.3.1
php7-mysql-debuginfo-7.4.25-150400.4.3.1
php7-odbc-7.4.25-150400.4.3.1
php7-odbc-debuginfo-7.4.25-150400.4.3.1
php7-opcache-7.4.25-150400.4.3.1
php7-opcache-debuginfo-7.4.25-150400.4.3.1
php7-openssl-7.4.25-150400.4.3.1
php7-openssl-debuginfo-7.4.25-150400.4.3.1
php7-pcntl-7.4.25-150400.4.3.1
php7-pcntl-debuginfo-7.4.25-150400.4.3.1
php7-pdo-7.4.25-150400.4.3.1
php7-pdo-debuginfo-7.4.25-150400.4.3.1
php7-pgsql-7.4.25-150400.4.3.1
php7-pgsql-debuginfo-7.4.25-150400.4.3.1
php7-phar-7.4.25-150400.4.3.1
php7-phar-debuginfo-7.4.25-150400.4.3.1
php7-posix-7.4.25-150400.4.3.1
php7-posix-debuginfo-7.4.25-150400.4.3.1
php7-readline-7.4.25-150400.4.3.1
php7-readline-debuginfo-7.4.25-150400.4.3.1
php7-shmop-7.4.25-150400.4.3.1
php7-shmop-debuginfo-7.4.25-150400.4.3.1
php7-snmp-7.4.25-150400.4.3.1
php7-snmp-debuginfo-7.4.25-150400.4.3.1
php7-soap-7.4.25-150400.4.3.1
php7-soap-debuginfo-7.4.25-150400.4.3.1
php7-sockets-7.4.25-150400.4.3.1
php7-sockets-debuginfo-7.4.25-150400.4.3.1
php7-sodium-7.4.25-150400.4.3.1
php7-sodium-debuginfo-7.4.25-150400.4.3.1
php7-sqlite-7.4.25-150400.4.3.1
php7-sqlite-debuginfo-7.4.25-150400.4.3.1
php7-sysvmsg-7.4.25-150400.4.3.1
php7-sysvmsg-debuginfo-7.4.25-150400.4.3.1
php7-sysvsem-7.4.25-150400.4.3.1
php7-sysvsem-debuginfo-7.4.25-150400.4.3.1
php7-sysvshm-7.4.25-150400.4.3.1
php7-sysvshm-debuginfo-7.4.25-150400.4.3.1
php7-tidy-7.4.25-150400.4.3.1
php7-tidy-debuginfo-7.4.25-150400.4.3.1
php7-tokenizer-7.4.25-150400.4.3.1
php7-tokenizer-debuginfo-7.4.25-150400.4.3.1
php7-xmlreader-7.4.25-150400.4.3.1
php7-xmlreader-debuginfo-7.4.25-150400.4.3.1
php7-xmlrpc-7.4.25-150400.4.3.1
php7-xmlrpc-debuginfo-7.4.25-150400.4.3.1
php7-xmlwriter-7.4.25-150400.4.3.1
php7-xmlwriter-debuginfo-7.4.25-150400.4.3.1
php7-xsl-7.4.25-150400.4.3.1
php7-xsl-debuginfo-7.4.25-150400.4.3.1
php7-zip-7.4.25-150400.4.3.1
php7-zip-debuginfo-7.4.25-150400.4.3.1
php7-zlib-7.4.25-150400.4.3.1
php7-zlib-debuginfo-7.4.25-150400.4.3.1
References:
https://bugzilla.suse.com/1197644
1
0
SUSE-SU-2022:1748-1: important: Security update for MozillaFirefox
by opensuse-security@opensuse.org 19 May '22
by opensuse-security@opensuse.org 19 May '22
19 May '22
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1748-1
Rating: important
References: #1198970
Cross-References: CVE-2022-29909 CVE-2022-29911 CVE-2022-29912
CVE-2022-29914 CVE-2022-29916 CVE-2022-29917
CVSS scores:
CVE-2022-29909 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-29911 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-29912 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-29914 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-29916 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-29917 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.9.0 ESR (MFSA 2022-17)(bsc#1198970):
- CVE-2022-29914: Fullscreen notification bypass using popups
- CVE-2022-29909: Bypassing permission prompt in nested browsing contexts
- CVE-2022-29916: Leaking browser history with CSS variables
- CVE-2022-29911: iframe Sandbox bypass
- CVE-2022-29912: Reader mode bypassed SameSite cookies
- CVE-2022-29917: Memory safety bugs fixed in Firefox 100 and Firefox ESR
91.9
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1748=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1748=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1748=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1748=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1748=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1748=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1748=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1748=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1748=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1748=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1748=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1748=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1748=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-branding-upstream-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-devel-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-branding-upstream-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-devel-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-devel-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- SUSE Manager Retail Branch Server 4.1 (x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-devel-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- SUSE Manager Proxy 4.1 (x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-devel-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-devel-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-devel-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-devel-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64):
MozillaFirefox-devel-91.9.0-150200.152.37.3
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64):
MozillaFirefox-devel-91.9.0-150200.152.37.3
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-devel-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-devel-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
- SUSE Enterprise Storage 7 (aarch64 x86_64):
MozillaFirefox-91.9.0-150200.152.37.3
MozillaFirefox-debuginfo-91.9.0-150200.152.37.3
MozillaFirefox-debugsource-91.9.0-150200.152.37.3
MozillaFirefox-devel-91.9.0-150200.152.37.3
MozillaFirefox-translations-common-91.9.0-150200.152.37.3
MozillaFirefox-translations-other-91.9.0-150200.152.37.3
References:
https://www.suse.com/security/cve/CVE-2022-29909.html
https://www.suse.com/security/cve/CVE-2022-29911.html
https://www.suse.com/security/cve/CVE-2022-29912.html
https://www.suse.com/security/cve/CVE-2022-29914.html
https://www.suse.com/security/cve/CVE-2022-29916.html
https://www.suse.com/security/cve/CVE-2022-29917.html
https://bugzilla.suse.com/1198970
1
0
SUSE-SU-2022:1727-1: moderate: Security update for ucode-intel
by opensuse-security@opensuse.org 18 May '22
by opensuse-security@opensuse.org 18 May '22
18 May '22
SUSE Security Update: Security update for ucode-intel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1727-1
Rating: moderate
References: #1198717 #1199423
Cross-References: CVE-2022-21151
CVSS scores:
CVE-2022-21151 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220510 release. (bsc#1199423) Updated to
Intel CPU Microcode 20220419 release. (bsc#1198717)
- CVE-2022-21151: Processor optimization removal or modification of
security-critical code for some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via
local access (bsc#1199423).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1727=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1727=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1727=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1727=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1727=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1727=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1727=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1727=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1727=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1727=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1727=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1727=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1727=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1727=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1727=1
Package List:
- openSUSE Leap 15.4 (x86_64):
ucode-intel-20220510-150200.14.1
- openSUSE Leap 15.3 (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Manager Server 4.1 (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Manager Proxy 4.1 (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Linux Enterprise Micro 5.2 (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Linux Enterprise Micro 5.1 (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
ucode-intel-20220510-150200.14.1
- SUSE Enterprise Storage 7 (x86_64):
ucode-intel-20220510-150200.14.1
References:
https://www.suse.com/security/cve/CVE-2022-21151.html
https://bugzilla.suse.com/1198717
https://bugzilla.suse.com/1199423
1
0
openSUSE-SU-2022:0141-1: moderate: Security update for autotrace
by opensuse-security@opensuse.org 18 May '22
by opensuse-security@opensuse.org 18 May '22
18 May '22
SUSE Security Update: Security update for autotrace
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0141-1
Rating: moderate
References: #1169614 #1182158 #1182159
Cross-References: CVE-2017-9182 CVE-2017-9190 CVE-2019-19004
CVE-2019-19005
CVSS scores:
CVE-2017-9182 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2017-9190 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19004 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2019-19005 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for autotrace fixes the following issues:
- CVE-2019-19004: Fixed a biWidth*biBitCnt integer overflow fix
(boo#1182158)
- CVE-2019-19005, CVE-2017-9182, CVE-2017-9190: Bitmap double free fix
(boo#1182159)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-141=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-141=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
permissions-20181225-23.12.1
permissions-debuginfo-20181225-23.12.1
permissions-debugsource-20181225-23.12.1
- openSUSE Leap 15.3 (noarch):
permissions-zypp-plugin-20181225-23.12.1
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
autotrace-0.31.1-bp153.2.3.1
autotrace-devel-0.31.1-bp153.2.3.1
libautotrace3-0.31.1-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2017-9182.html
https://www.suse.com/security/cve/CVE-2017-9190.html
https://www.suse.com/security/cve/CVE-2019-19004.html
https://www.suse.com/security/cve/CVE-2019-19005.html
https://bugzilla.suse.com/1169614
https://bugzilla.suse.com/1182158
https://bugzilla.suse.com/1182159
1
0
18 May '22
SUSE Security Update: Security update for php7
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1725-1
Rating: low
References: #1197644
Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for php7 fixes the following issues:
- Fixed filter_var bypass vulnerability (bsc#1197644).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1725=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
php7-wddx-7.2.5-150000.4.92.1
php7-wddx-debuginfo-7.2.5-150000.4.92.1
References:
https://bugzilla.suse.com/1197644
1
0
SUSE-SU-2022:1730-1: important: Security update for libslirp
by opensuse-security@opensuse.org 18 May '22
by opensuse-security@opensuse.org 18 May '22
18 May '22
SUSE Security Update: Security update for libslirp
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1730-1
Rating: important
References: #1187364 #1187366 #1187367 #1198773
Cross-References: CVE-2021-3592 CVE-2021-3594 CVE-2021-3595
CVSS scores:
CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for libslirp fixes the following issues:
- CVE-2021-3592: Fixed invalid pointer initialization may lead to
information disclosure (bootp) (bsc#1187364).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to
information disclosure (udp) (bsc#1187367).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to
information disclosure (tftp) (bsc#1187366).
- Fix a dhcp regression [bsc#1198773]
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1730=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1730=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1730=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1730=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1730=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1730=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libslirp-debugsource-4.3.1-150300.6.2
libslirp-devel-4.3.1-150300.6.2
libslirp0-4.3.1-150300.6.2
libslirp0-debuginfo-4.3.1-150300.6.2
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libslirp-debugsource-4.3.1-150300.6.2
libslirp-devel-4.3.1-150300.6.2
libslirp0-4.3.1-150300.6.2
libslirp0-debuginfo-4.3.1-150300.6.2
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libslirp-debugsource-4.3.1-150300.6.2
libslirp-devel-4.3.1-150300.6.2
libslirp0-4.3.1-150300.6.2
libslirp0-debuginfo-4.3.1-150300.6.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
libslirp-debugsource-4.3.1-150300.6.2
libslirp-devel-4.3.1-150300.6.2
libslirp0-4.3.1-150300.6.2
libslirp0-debuginfo-4.3.1-150300.6.2
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libslirp-debugsource-4.3.1-150300.6.2
libslirp0-4.3.1-150300.6.2
libslirp0-debuginfo-4.3.1-150300.6.2
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libslirp-debugsource-4.3.1-150300.6.2
libslirp0-4.3.1-150300.6.2
libslirp0-debuginfo-4.3.1-150300.6.2
References:
https://www.suse.com/security/cve/CVE-2021-3592.html
https://www.suse.com/security/cve/CVE-2021-3594.html
https://www.suse.com/security/cve/CVE-2021-3595.html
https://bugzilla.suse.com/1187364
https://bugzilla.suse.com/1187366
https://bugzilla.suse.com/1187367
https://bugzilla.suse.com/1198773
1
0
openSUSE-SU-2022:0136-1: moderate: Security update for MozillaFirefox
by opensuse-security@opensuse.org 18 May '22
by opensuse-security@opensuse.org 18 May '22
18 May '22
openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0136-1
Rating: moderate
References: #1191938 #1194547 #1199047
Cross-References: CVE-2020-27304 CVE-2021-4140 CVE-2022-22737
CVE-2022-22738 CVE-2022-22739 CVE-2022-22740
CVE-2022-22741 CVE-2022-22742 CVE-2022-22743
CVE-2022-22744 CVE-2022-22745 CVE-2022-22746
CVE-2022-22747 CVE-2022-22748 CVE-2022-22751
CVSS scores:
CVE-2020-27304 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22747 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 15 vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
- CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547).
- CVE-2022-22737: Fixed race condition when playing audio files
(bsc#1194547).
- CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur
(bsc#1194547).
- CVE-2022-22739: Fixed missing throttling on external protocol launch
dialog (bsc#1194547).
- CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner
(bsc#1194547).
- CVE-2022-22741: Fixed browser window spoof using fullscreen mode
(bsc#1194547).
- CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in
edit mode (bsc#1194547).
- CVE-2022-22743: Fixed browser window spoof using fullscreen mode
(bsc#1194547).
- CVE-2022-22744: Fixed possible command injection via the 'Copy as curl'
feature in DevTools (bsc#1194547).
- CVE-2022-22745: Fixed leaking cross-origin URLs through
securitypolicyviolation event (bsc#1194547).
- CVE-2022-22746: Fixed calling into reportValidity could have lead to
fullscreen window spoof (bsc#1194547).
- CVE-2022-22747: Fixed crash when handling empty pkcs7
sequence(bsc#1194547).
- CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog
(bsc#1194547).
- CVE-2022-22751: Fixed memory safety bugs (bsc#1194547).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-136=1 openSUSE-SLE-15.3-2022-136=1
Package List:
- openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64):
civetweb-1.15-lp153.2.3.1
civetweb-debuginfo-1.15-lp153.2.3.1
civetweb-debugsource-1.15-lp153.2.3.1
civetweb-devel-1.15-lp153.2.3.1
libcivetweb-cpp1_15_0-1.15-lp153.2.3.1
libcivetweb-cpp1_15_0-debuginfo-1.15-lp153.2.3.1
libcivetweb1_15_0-1.15-lp153.2.3.1
libcivetweb1_15_0-debuginfo-1.15-lp153.2.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.5.0-152.12.1
MozillaFirefox-branding-upstream-91.5.0-152.12.1
MozillaFirefox-debuginfo-91.5.0-152.12.1
MozillaFirefox-debugsource-91.5.0-152.12.1
MozillaFirefox-devel-91.5.0-152.12.1
MozillaFirefox-translations-common-91.5.0-152.12.1
MozillaFirefox-translations-other-91.5.0-152.12.1
References:
https://www.suse.com/security/cve/CVE-2020-27304.html
https://www.suse.com/security/cve/CVE-2021-4140.html
https://www.suse.com/security/cve/CVE-2022-22737.html
https://www.suse.com/security/cve/CVE-2022-22738.html
https://www.suse.com/security/cve/CVE-2022-22739.html
https://www.suse.com/security/cve/CVE-2022-22740.html
https://www.suse.com/security/cve/CVE-2022-22741.html
https://www.suse.com/security/cve/CVE-2022-22742.html
https://www.suse.com/security/cve/CVE-2022-22743.html
https://www.suse.com/security/cve/CVE-2022-22744.html
https://www.suse.com/security/cve/CVE-2022-22745.html
https://www.suse.com/security/cve/CVE-2022-22746.html
https://www.suse.com/security/cve/CVE-2022-22747.html
https://www.suse.com/security/cve/CVE-2022-22748.html
https://www.suse.com/security/cve/CVE-2022-22751.html
https://bugzilla.suse.com/1191938
https://bugzilla.suse.com/1194547
https://bugzilla.suse.com/1199047
1
0
openSUSE-SU-2022:0135-1: important: Security update for busybox
by opensuse-security@opensuse.org 18 May '22
by opensuse-security@opensuse.org 18 May '22
18 May '22
SUSE Security Update: Security update for busybox
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0135-1
Rating: important
References: #1064976 #1064978 #1069412 #1099260 #1099263
#1102912 #1121426 #1121428 #1184522 #1192869
#1198676 #1198677 #1198678 #1198679 #1198680
#1198703 #951562 #970662 #970663 #991940
Cross-References: CVE-2011-5325 CVE-2015-9261 CVE-2016-2147
CVE-2016-2148 CVE-2016-6301 CVE-2017-15873
CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500
CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747
CVE-2021-28831 CVE-2021-42373 CVE-2021-42374
CVE-2021-42375 CVE-2021-42376 CVE-2021-42377
CVE-2021-42378 CVE-2021-42379 CVE-2021-42380
CVE-2021-42381 CVE-2021-42382 CVE-2021-42383
CVE-2021-42384 CVE-2021-42385 CVE-2021-42386
CVE-2022-21465 CVE-2022-21471 CVE-2022-21487
CVE-2022-21488 CVE-2022-21491
CVSS scores:
CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2015-9261 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2015-9261 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2016-2147 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2016-2148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2016-6301 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2017-15873 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2017-15873 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2017-15874 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2017-15874 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2017-16544 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2017-16544 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-1000500 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2018-1000500 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2018-1000517 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2018-1000517 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2018-20679 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2018-20679 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2019-5747 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-28831 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28831 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-42373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-42374 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
CVE-2021-42375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-42376 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-42377 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42378 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42379 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42380 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42381 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42382 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42383 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42384 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42385 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42386 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-21465 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
CVE-2022-21465 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H
CVE-2022-21471 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2022-21471 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2022-21487 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2022-21487 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2022-21488 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
CVE-2022-21488 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
CVE-2022-21491 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-21491 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 32 vulnerabilities is now available.
Description:
This update for busybox fixes the following issues:
- CVE-2011-5325: Fixed tar directory traversal (bsc#951562).
- CVE-2015-9261: Fixed segfalts and application crashes in huft_build
(bsc#1102912).
- CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow
in udhcpc (bsc#970663).
- CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing
(bsc#970662).
- CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940).
- CVE-2017-15873: Fixed integer overflow in get_next_block function in
archival/libarchive/decompress_bunzip2.c (bsc#1064976).
- CVE-2017-15874: Fixed integer underflow in
archival/libarchive/decompress_unlzma.c (bsc#1064978).
- CVE-2017-16544: Fixed Insufficient sanitization of filenames when
autocompleting (bsc#1069412).
- CVE-2018-1000500 : Fixed missing SSL certificate validation in wget
(bsc#1099263).
- CVE-2018-1000517: Fixed heap-based buffer overflow in the
retrieve_file_data() (bsc#1099260).
- CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426).
- CVE-2019-5747: Fixed out of bounds read in udhcp components
(bsc#1121428).
- CVE-2021-28831: Fixed invalid free or segmentation fault via malformed
gzip data (bsc#1184522).
- CVE-2021-42373: Fixed NULL pointer dereference in man leading to DoS
when a section name is supplied but no page argument is given
(bsc#1192869).
- CVE-2021-42374: Fixed out-of-bounds heap read in unlzma leading to
information leak and DoS when crafted LZMA-compressed input is
decompressed (bsc#1192869).
- CVE-2021-42375: Fixed incorrect handling of a special element in ash
leading to DoS when processing a crafted shell command, due to the shell
mistaking specific characters for reserved characters (bsc#1192869).
- CVE-2021-42376: Fixed NULL pointer dereference in hush leading to DoS
when processing a crafted shell command (bsc#1192869).
- CVE-2021-42377: Fixed attacker-controlled pointer free in hush leading
to DoS and possible code execution when processing a crafted shell
command (bsc#1192869).
- CVE-2021-42378: Fixed use-after-free in awk leading to DoS and possibly
code execution when processing a crafted awk pattern in the getvar_i
function (bsc#1192869).
- CVE-2021-42379: Fixed use-after-free in awk leading to DoS and possibly
code execution when processing a crafted awk pattern in the
next_input_file function (bsc#1192869).
- CVE-2021-42380: Fixed use-after-free in awk leading to DoS and possibly
code execution when processing a crafted awk pattern in the clrvar
function (bsc#1192869).
- CVE-2021-42381: Fixed use-after-free in awk leading to DoS and possibly
code execution when processing a crafted awk pattern in the hash_init
function (bsc#1192869).
- CVE-2021-42382: Fixed use-after-free in awk leading to DoS and possibly
code execution when processing a crafted awk pattern in the getvar_s
function (bsc#1192869).
- CVE-2021-42383: Fixed use-after-free in awk leading to DoS and possibly
code execution when processing a crafted awk pattern in the evaluate
function (bsc#1192869).
- CVE-2021-42384: Fixed use-after-free in awk leading to DoS and possibly
code execution when processing a crafted awk pattern in the
handle_special function (bsc#1192869).
- CVE-2021-42385: Fixed use-after-free in awk leading to DoS and possibly
code execution when processing a crafted awk pattern in the evaluate
function (bsc#1192869).
- CVE-2021-42386: Fixed use-after-free in awk leading to DoS and possibly
code execution when processing a crafted awk pattern in the nvalloc
function (bsc#1192869).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-135=1 openSUSE-SLE-15.3-2022-135=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
busybox-1.34.1-4.9.1
busybox-static-1.34.1-4.9.1
- openSUSE Leap 15.3 (noarch):
virtualbox-guest-desktop-icons-6.1.34-lp153.2.27.2
virtualbox-guest-source-6.1.34-lp153.2.27.2
virtualbox-host-source-6.1.34-lp153.2.27.2
- openSUSE Leap 15.3 (x86_64):
python3-virtualbox-6.1.34-lp153.2.27.2
python3-virtualbox-debuginfo-6.1.34-lp153.2.27.2
virtualbox-6.1.34-lp153.2.27.2
virtualbox-debuginfo-6.1.34-lp153.2.27.2
virtualbox-debugsource-6.1.34-lp153.2.27.2
virtualbox-devel-6.1.34-lp153.2.27.2
virtualbox-guest-tools-6.1.34-lp153.2.27.2
virtualbox-guest-tools-debuginfo-6.1.34-lp153.2.27.2
virtualbox-guest-x11-6.1.34-lp153.2.27.2
virtualbox-guest-x11-debuginfo-6.1.34-lp153.2.27.2
virtualbox-kmp-debugsource-6.1.34-lp153.2.27.1
virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1
virtualbox-kmp-default-debuginfo-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1
virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1
virtualbox-kmp-preempt-debuginfo-6.1.34_k5.3.18_150300.59.63-lp153.2.27.1
virtualbox-qt-6.1.34-lp153.2.27.2
virtualbox-qt-debuginfo-6.1.34-lp153.2.27.2
virtualbox-vnc-6.1.34-lp153.2.27.2
virtualbox-websrv-6.1.34-lp153.2.27.2
virtualbox-websrv-debuginfo-6.1.34-lp153.2.27.2
References:
https://www.suse.com/security/cve/CVE-2011-5325.html
https://www.suse.com/security/cve/CVE-2015-9261.html
https://www.suse.com/security/cve/CVE-2016-2147.html
https://www.suse.com/security/cve/CVE-2016-2148.html
https://www.suse.com/security/cve/CVE-2016-6301.html
https://www.suse.com/security/cve/CVE-2017-15873.html
https://www.suse.com/security/cve/CVE-2017-15874.html
https://www.suse.com/security/cve/CVE-2017-16544.html
https://www.suse.com/security/cve/CVE-2018-1000500.html
https://www.suse.com/security/cve/CVE-2018-1000517.html
https://www.suse.com/security/cve/CVE-2018-20679.html
https://www.suse.com/security/cve/CVE-2019-5747.html
https://www.suse.com/security/cve/CVE-2021-28831.html
https://www.suse.com/security/cve/CVE-2021-42373.html
https://www.suse.com/security/cve/CVE-2021-42374.html
https://www.suse.com/security/cve/CVE-2021-42375.html
https://www.suse.com/security/cve/CVE-2021-42376.html
https://www.suse.com/security/cve/CVE-2021-42377.html
https://www.suse.com/security/cve/CVE-2021-42378.html
https://www.suse.com/security/cve/CVE-2021-42379.html
https://www.suse.com/security/cve/CVE-2021-42380.html
https://www.suse.com/security/cve/CVE-2021-42381.html
https://www.suse.com/security/cve/CVE-2021-42382.html
https://www.suse.com/security/cve/CVE-2021-42383.html
https://www.suse.com/security/cve/CVE-2021-42384.html
https://www.suse.com/security/cve/CVE-2021-42385.html
https://www.suse.com/security/cve/CVE-2021-42386.html
https://www.suse.com/security/cve/CVE-2022-21465.html
https://www.suse.com/security/cve/CVE-2022-21471.html
https://www.suse.com/security/cve/CVE-2022-21487.html
https://www.suse.com/security/cve/CVE-2022-21488.html
https://www.suse.com/security/cve/CVE-2022-21491.html
https://bugzilla.suse.com/1064976
https://bugzilla.suse.com/1064978
https://bugzilla.suse.com/1069412
https://bugzilla.suse.com/1099260
https://bugzilla.suse.com/1099263
https://bugzilla.suse.com/1102912
https://bugzilla.suse.com/1121426
https://bugzilla.suse.com/1121428
https://bugzilla.suse.com/1184522
https://bugzilla.suse.com/1192869
https://bugzilla.suse.com/1198676
https://bugzilla.suse.com/1198677
https://bugzilla.suse.com/1198678
https://bugzilla.suse.com/1198679
https://bugzilla.suse.com/1198680
https://bugzilla.suse.com/1198703
https://bugzilla.suse.com/951562
https://bugzilla.suse.com/970662
https://bugzilla.suse.com/970663
https://bugzilla.suse.com/991940
1
0