May 2022 - openSUSE Security Announce - openSUSE Mailing Lists

SUSE-SU-2022:1512-1: important: Security update for ruby2.5
by opensuse-security＠opensuse.org 03 May '22

03 May '22

SUSE Security Update: Security update for ruby2.5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1512-1 Rating: important References: #1188160 #1188161 #1190375 #1193035 #1198441 Cross-References: CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-41817 CVE-2022-28739 CVSS scores: CVE-2021-31799 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31799 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31810 (NVD) : 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2021-31810 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-32066 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-32066 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-41817 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-28739 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1512=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1512=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1512=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1512=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1512=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1512=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1512=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1512=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1512=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1512=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1512=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1512=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1512=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1512=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1512=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1512=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1512=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1512=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1512=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1512=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-doc-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - openSUSE Leap 15.4 (noarch): ruby2.5-doc-ri-2.5.9-150000.4.23.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-doc-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - openSUSE Leap 15.3 (noarch): ruby2.5-doc-ri-2.5.9-150000.4.23.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Manager Proxy 4.1 (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 - SUSE CaaS Platform 4.0 (x86_64): libruby2_5-2_5-2.5.9-150000.4.23.1 libruby2_5-2_5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-2.5.9-150000.4.23.1 ruby2.5-debuginfo-2.5.9-150000.4.23.1 ruby2.5-debugsource-2.5.9-150000.4.23.1 ruby2.5-devel-2.5.9-150000.4.23.1 ruby2.5-devel-extra-2.5.9-150000.4.23.1 ruby2.5-stdlib-2.5.9-150000.4.23.1 ruby2.5-stdlib-debuginfo-2.5.9-150000.4.23.1 References: https://www.suse.com/security/cve/CVE-2021-31799.html https://www.suse.com/security/cve/CVE-2021-31810.html https://www.suse.com/security/cve/CVE-2021-32066.html https://www.suse.com/security/cve/CVE-2021-41817.html https://www.suse.com/security/cve/CVE-2022-28739.html https://bugzilla.suse.com/1188160 https://bugzilla.suse.com/1188161 https://bugzilla.suse.com/1190375 https://bugzilla.suse.com/1193035 https://bugzilla.suse.com/1198441

1 0

SUSE-SU-2022:1513-1: important: Security update for java-11-openjdk
by opensuse-security＠opensuse.org 03 May '22

03 May '22

SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1513-1 Rating: important References: #1198671 #1198672 #1198673 #1198674 #1198675 Cross-References: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVSS scores: CVE-2022-21426 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21434 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21434 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21443 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21443 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21476 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21476 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21496 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21496 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198672). - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198674). - CVE-2022-21496: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198673). - CVE-2022-21443: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198675). - CVE-2022-21476: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198671). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1513=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1513=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1513=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1513=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1513=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1513=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1513=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1513=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1513=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1513=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1513=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1513=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1513=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1513=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1513=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1513=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1513=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1513=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1513=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1513=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1513=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-accessibility-11.0.15.0-150000.3.80.1 java-11-openjdk-accessibility-debuginfo-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 java-11-openjdk-jmods-11.0.15.0-150000.3.80.1 java-11-openjdk-src-11.0.15.0-150000.3.80.1 - openSUSE Leap 15.4 (noarch): java-11-openjdk-javadoc-11.0.15.0-150000.3.80.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-accessibility-11.0.15.0-150000.3.80.1 java-11-openjdk-accessibility-debuginfo-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 java-11-openjdk-jmods-11.0.15.0-150000.3.80.1 java-11-openjdk-src-11.0.15.0-150000.3.80.1 - openSUSE Leap 15.3 (noarch): java-11-openjdk-javadoc-11.0.15.0-150000.3.80.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Manager Proxy 4.1 (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): java-11-openjdk-javadoc-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-jmods-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): java-11-openjdk-javadoc-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 - SUSE CaaS Platform 4.0 (x86_64): java-11-openjdk-11.0.15.0-150000.3.80.1 java-11-openjdk-debugsource-11.0.15.0-150000.3.80.1 java-11-openjdk-demo-11.0.15.0-150000.3.80.1 java-11-openjdk-devel-11.0.15.0-150000.3.80.1 java-11-openjdk-headless-11.0.15.0-150000.3.80.1 References: https://www.suse.com/security/cve/CVE-2022-21426.html https://www.suse.com/security/cve/CVE-2022-21434.html https://www.suse.com/security/cve/CVE-2022-21443.html https://www.suse.com/security/cve/CVE-2022-21476.html https://www.suse.com/security/cve/CVE-2022-21496.html https://bugzilla.suse.com/1198671 https://bugzilla.suse.com/1198672 https://bugzilla.suse.com/1198673 https://bugzilla.suse.com/1198674 https://bugzilla.suse.com/1198675

1 0

SUSE-SU-2022:1506-1: moderate: Security update for xen
by opensuse-security＠opensuse.org 03 May '22

03 May '22

SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1506-1 Rating: moderate References: #1197423 #1197425 #1197426 Cross-References: CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVSS scores: CVE-2022-26356 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-26356 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-26357 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26357 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1506=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1506=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1506=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1506=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1506=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): xen-4.14.4_04-150300.3.24.1 xen-debugsource-4.14.4_04-150300.3.24.1 xen-devel-4.14.4_04-150300.3.24.1 xen-doc-html-4.14.4_04-150300.3.24.1 xen-libs-4.14.4_04-150300.3.24.1 xen-libs-debuginfo-4.14.4_04-150300.3.24.1 xen-tools-4.14.4_04-150300.3.24.1 xen-tools-debuginfo-4.14.4_04-150300.3.24.1 xen-tools-domU-4.14.4_04-150300.3.24.1 xen-tools-domU-debuginfo-4.14.4_04-150300.3.24.1 - openSUSE Leap 15.3 (noarch): xen-tools-xendomains-wait-disk-4.14.4_04-150300.3.24.1 - openSUSE Leap 15.3 (x86_64): xen-libs-32bit-4.14.4_04-150300.3.24.1 xen-libs-32bit-debuginfo-4.14.4_04-150300.3.24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.4_04-150300.3.24.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.4_04-150300.3.24.1 xen-debugsource-4.14.4_04-150300.3.24.1 xen-devel-4.14.4_04-150300.3.24.1 xen-tools-4.14.4_04-150300.3.24.1 xen-tools-debuginfo-4.14.4_04-150300.3.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.4_04-150300.3.24.1 xen-libs-4.14.4_04-150300.3.24.1 xen-libs-debuginfo-4.14.4_04-150300.3.24.1 xen-tools-domU-4.14.4_04-150300.3.24.1 xen-tools-domU-debuginfo-4.14.4_04-150300.3.24.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): xen-debugsource-4.14.4_04-150300.3.24.1 xen-libs-4.14.4_04-150300.3.24.1 xen-libs-debuginfo-4.14.4_04-150300.3.24.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.4_04-150300.3.24.1 xen-libs-4.14.4_04-150300.3.24.1 xen-libs-debuginfo-4.14.4_04-150300.3.24.1 References: https://www.suse.com/security/cve/CVE-2022-26356.html https://www.suse.com/security/cve/CVE-2022-26357.html https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://bugzilla.suse.com/1197423 https://bugzilla.suse.com/1197425 https://bugzilla.suse.com/1197426

1 0

SUSE-SU-2022:1510-1: important: Security update for amazon-ssm-agent
by opensuse-security＠opensuse.org 03 May '22

03 May '22

SUSE Security Update: Security update for amazon-ssm-agent ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1510-1 Rating: important References: #1196556 Cross-References: CVE-2022-29527 CVSS scores: CVE-2022-29527 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for amazon-ssm-agent fixes the following issues: - CVE-2022-29527: Fixed unsafe file creation mode of ssm-agent-users sudoer file (bsc#1196556). Update to version 3.1.1260.0 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1510=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1510=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-1510=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1510=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1510=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1510=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-1510=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - openSUSE Leap 15.3 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 x86_64): amazon-ssm-agent-3.1.1260.0-150000.5.9.2 References: https://www.suse.com/security/cve/CVE-2022-29527.html https://bugzilla.suse.com/1196556

1 0

SUSE-SU-2022:1485-1: moderate: Security update for python39
by opensuse-security＠opensuse.org 02 May '22

02 May '22

SUSE Security Update: Security update for python39 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1485-1 Rating: moderate References: #1186819 #1189241 #1189287 #1189356 #1193179 SLE-23849 Cross-References: CVE-2021-3572 CVE-2021-3733 CVE-2021-3737 CVSS scores: CVE-2021-3572 (NVD) : 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N CVE-2021-3733 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3733 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3737 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3737 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities, contains one feature and has two fixes is now available. Description: This update for python39 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). - Update to 3.9.10 (jsc#SLE-23849) - Remove shebangs from from python-base libraries in _libdir. (bsc#1193179) - Update to 3.9.9: * Core and Builtins + bpo-30570: Fixed a crash in issubclass() from infinite recursion when searching pathological __bases__ tuples. + bpo-45494: Fix parser crash when reporting errors involving invalid continuation characters. Patch by Pablo Galindo. + bpo-45385: Fix reference leak from descr_check. Patch by Dong-hee Na. + bpo-45167: Fix deepcopying of types.GenericAlias objects. + bpo-44219: Release the GIL while performing isatty system calls on arbitrary file descriptors. In particular, this affects os.isatty(), os.device_encoding() and io.TextIOWrapper. By extension, io.open() in text mode is also affected. This change solves a deadlock in os.isatty(). Patch by Vincent Michel in bpo-44219. + bpo-44959: Added fallback to extension modules with '.sl' suffix on HP-UX + bpo-44050: Extensions that indicate they use global state (by setting m_size to -1) can again be used in multiple interpreters. This reverts to behavior of Python 3.8. + bpo-45121: Fix issue where Protocol.__init__ raises RecursionError when it's called directly or via super(). Patch provided by Yurii Karabas. + bpo-45083: When the interpreter renders an exception, its name now has a complete qualname. Previously only the class name was concatenated to the module name, which sometimes resulted in an incorrect full name being displayed. + bpo-45738: Fix computation of error location for invalid continuation characters in the parser. Patch by Pablo Galindo. + Library + bpo-45678: Fix bug in Python 3.9 that meant functools.singledispatchmethod failed to properly wrap the attributes of the target method. Patch by Alex Waygood. + bpo-45679: Fix caching of multi-value typing.Literal. Literal[True, 2] is no longer equal to Literal[1, 2]. + bpo-45438: Fix typing.Signature string representation for generic builtin types. + bpo-45581: sqlite3.connect() now correctly raises MemoryError if the underlying SQLite API signals memory error. Patch by Erlend E. Aasland. + bpo-39679: Fix bug in functools.singledispatchmethod that caused it to fail when attempting to register a classmethod() or staticmethod() using type annotations. Patch contributed by Alex Waygood. + bpo-45515: Add references to zoneinfo in the datetime documentation, mostly replacing outdated references to dateutil.tz. Change by Paul Ganssle. + bpo-45467: Fix incremental decoder and stream reader in the "raw-unicode-escape" codec. Previously they failed if the escape sequence was split. + bpo-45461: Fix incremental decoder and stream reader in the "unicode-escape" codec. Previously they failed if the escape sequence was split. + bpo-45239: Fixed email.utils.parsedate_tz() crashing with UnboundLocalError on certain invalid input instead of returning None. Patch by Ben Hoyt. + bpo-44904: Fix bug in the doctest module that caused it to fail if a docstring included an example with a classmethod property. Patch by Alex Waygood. + bpo-45406: Make inspect.getmodule() catch FileNotFoundError raised by :'func:inspect.getabsfile, and return None to indicate that the module could not be determined. + bpo-45262: Prevent use-after-free in asyncio. Make sure the cached running loop holder gets cleared on dealloc to prevent use-after-free in get_running_loop + bpo-45386: Make xmlrpc.client more robust to C runtimes where the underlying C strftime function results in a ValueError when testing for year formatting options. + bpo-45371: Fix clang rpath issue in distutils. The UnixCCompiler now uses correct clang option to add a runtime library directory (rpath) to a shared library. + bpo-20028: Improve error message of csv.Dialect when initializing. Patch by Vajrasky Kok and Dong-hee Na. + bpo-45343: Update bundled pip to 21.2.4 and setuptools to 58.1.0 + bpo-41710: On Unix, if the sem_clockwait() function is available in the C library (glibc 2.30 and newer), the threading.Lock.acquire() method now uses the monotonic clock (time.CLOCK_MONOTONIC) for the timeout, rather than using the system clock (time.CLOCK_REALTIME), to not be affected by system clock changes. Patch by Victor Stinner. + bpo-45328: Fixed http.client.HTTPConnection to work properly in OSs that don't support the TCP_NODELAY socket option. + bpo-1596321: Fix the threading._shutdown() function when the threading module was imported first from a thread different than the main thread: no longer log an error at Python exit. + bpo-45274: Fix a race condition in the Thread.join() method of the threading module. If the function is interrupted by a signal and the signal handler raises an exception, make sure that the thread remains in a consistent state to prevent a deadlock. Patch by Victor Stinner. + bpo-45238: Fix unittest.IsolatedAsyncioTestCase.debug(): it runs now asynchronous methods and callbacks. + bpo-36674: unittest.TestCase.debug() raises now a unittest.SkipTest if the class or the test method are decorated with the skipping decorator. + bpo-45235: Fix an issue where argparse would not preserve values in a provided namespace when using a subparser with defaults. + bpo-45234: Fixed a regression in copyfile(), copy(), copy2() raising FileNotFoundError when source is a directory, which should raise IsADirectoryError + bpo-45228: Fix stack buffer overflow in parsing J1939 network address. + bpo-45192: Fix the tempfile._infer_return_type function so that the dir argument of the tempfile functions accepts an object implementing the os.PathLike protocol. + bpo-45160: When tracing a tkinter variable used by a ttk OptionMenu, callbacks are no longer made twice. + bpo-35474: Calling mimetypes.guess_all_extensions() with strict=False no longer affects the result of the following call with strict=True. Also, mutating the returned list no longer affects the global state. + bpo-45166: typing.get_type_hints() now works with Final wrapped in ForwardRef. + bpo-45097: Remove deprecation warnings about the loop argument in asyncio incorrectly emitted in cases when the user does not pass the loop argument. + bpo-45081: Fix issue when dataclasses that inherit from typing.Protocol subclasses have wrong __init__. Patch provided by Yurii Karabas. + bpo-24444: Fixed an error raised in argparse help display when help for an option is set to 1+ blank spaces or when choices arg is an empty container. + bpo-45021: Fix a potential deadlock at shutdown of forked children when using concurrent.futures module + bpo-45030: Fix integer overflow in pickling and copying the range iterator. + bpo-39039: tarfile.open raises ReadError when a zlib error occurs during file extraction. + bpo-44594: Fix an edge case of ExitStack and AsyncExitStack exception chaining. They will now match with block behavior when __context__ is explicitly set to None when the exception is in flight. * Documentation + bpo-45726: Improve documentation for functools.singledispatch() and functools.singledispatchmethod. + bpo-45680: Amend the docs on GenericAlias objects to clarify that non-container classes can also implement __class_getitem__. Patch contributed by Alex Waygood. + bpo-45655: Add a new "relevant PEPs" section to the top of the documentation for the typing module. Patch by Alex Waygood. + bpo-45604: Add level argument to multiprocessing.log_to_stderr function docs. + bpo-45464: Mention in the documentation of Built-in Exceptions that inheriting from multiple exception types in a single subclass is not recommended due to possible memory layout incompatibility. + bpo-45449: Add note about PEP 585 in collections.abc. + bpo-45516: Add protocol description to the importlib.abc.Traversable documentation. + bpo-20692: Add Programming FAQ entry explaining that int literal attribute access requires either a space after or parentheses around the literal. + bpo-45216: Remove extra documentation listing methods in difflib. It was rendering twice in pydoc and was outdated in some places. + bpo-45772: socket.socket documentation is corrected to a class from a function. + bpo-45392: Update the docstring of the type built-in to remove a redundant line and to mention keyword arguments for the constructor. * Tests + bpo-45578: Add tests for dis.distb() + bpo-45577: Add subtests for all pickle protocols in test_zoneinfo. + bpo-43592: test.libregrtest now raises the soft resource limit for the maximum number of file descriptors when the default is too low for our test suite as was often the case on macOS. + bpo-40173: Fix test.support.import_helper.import_fresh_module(). + bpo-45280: Add a test case for empty typing.NamedTuple. + bpo-45269: Cover case when invalid markers type is supplied to c_make_encoder. + bpo-45209: Fix UserWarning: resource_tracker warning in _test_multiprocessing._TestSharedMemory.test_shared_memory_cleaned_after_pr ocess_termination + bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don't expect it in the output. Patch by Victor Stinner. + bpo-45156: Fixes infinite loop on unittest.mock.seal() of mocks created by create_autospec(). + bpo-45042: Fixes that test classes decorated with @hashlib_helper.requires_hashdigest were skipped all the time. + bpo-45235: Reverted an argparse bugfix that caused regression in the handling of default arguments for subparsers. This prevented leaf level arguments from taking precedence over root level arguments. + bpo-45765: In importlib.metadata, fix distribution discovery for an empty path. + bpo-45644: In-place JSON file formatting using python3 -m json.tool infile infile now works correctly, previously it left the file empty. Patch by Chris Wesseling. * Build + bpo-43158: setup.py now uses values from configure script to build the _uuid extension module. Configure now detects util-linux's libuuid, too. + bpo-45571: Modules/Setup now use PY_CFLAGS_NODIST instead of PY_CFLAGS to compile shared modules. + bpo-45532: Update sys.version to use main as fallback information. Patch by Jeong YunWon. + bpo-45405: Prevent internal configure error when running configure with recent versions of non-Apple clang. Patch by David Bohman. + bpo-45220: Avoid building with the Windows 11 SDK previews automatically. This may be overridden by setting the DefaultWindowsSDKVersion environment variable before building. * C API + bpo-44687: BufferedReader.peek() no longer raises ValueError when the entire file has already been buffered. + bpo-44751: Remove crypt.h include from the public Python.h header. - rpm-build-python dependency is available on the current Factory, not with SLE. - BuildRequire rpm-build-python: The provider to inject python(abi) has been moved there. rpm-build pulls rpm-build-python automatically in when building anything against python3-base, but this implies that the initial build of python3-base does not trigger the automatic installation. - Update to 3.9.7: - Security - Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - Add auditing events to the marshal module, and stop raising code.__init__ events for every unmarshalled code object. Directly instantiated code objects will continue to raise an event, and audit event handlers should inspect or collect the raw marshal data. This reduces a significant performance overhead when loading from .pyc files. - Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - Core and Builtins - Fixed pickling of range iterators that iterated for over 2**32 times. - Fix a race in WeakKeyDictionary, WeakValueDictionary and WeakSet when two threads attempt to commit the last pending removal. This fixes asyncio.create_task and fixes a data loss in asyncio.run where shutdown_asyncgens is not run - Fixed a corner case bug where the result of float.fromhex('0x.8p-1074') was rounded the wrong way. - Refine the syntax error for trailing commas in import statements. Patch by Pablo Galindo. - Restore behaviour of complex exponentiation with integer-valued exponent of type float or complex. - Correct the ast locations of f-strings with format specs and repeated expressions. Patch by Pablo Galindo - Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END). - Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo. - Fix bug where PyErr_SetObject hangs when the current exception has a cycle in its context chain. - Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo. - Fix undefined behaviour in complex object exponentiation. - Remove uses of PyObject_GC_Del() in error path when initializing types.GenericAlias. - Remove the pass-through for hash() of weakref.proxy objects to prevent unintended consequences when the original referred object dies while the proxy is part of a hashable object. Patch by Pablo Galindo. - Fix ltrace functionality when exceptions are raised. Patch by Pablo Galindo - Fix a crash at Python exit when a deallocator function removes the last strong reference to a heap type. Patch by Victor Stinner. - Fix crash when using passing a non-exception to a generator's throw() method. Patch by Noah Oxer - Library - run() now always return a TestResult instance. Previously it returned None if the test class or method was decorated with a skipping decorator. - Fix bugs in cleaning up classes and modules in unittest: - Functions registered with addModuleCleanup() were not called unless the user defines tearDownModule() in their test module. - Functions registered with addClassCleanup() were not called if tearDownClass is set to None. - Buffering in TestResult did not work with functions registered with addClassCleanup() and addModuleCleanup(). - Errors in functions registered with addClassCleanup() and addModuleCleanup() were not handled correctly in buffered and debug modes. - Errors in setUpModule() and functions registered with addModuleCleanup() were reported in wrong order. - And several lesser bugs. - Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee. - Fix a crash in the signal handler of the faulthandler module: no longer modify the reference count of frame objects. Patch by Victor Stinner. - Method stopTestRun() is now always called in pair with method startTestRun() for TestResult objects implicitly created in run(). Previously it was not called for test methods and classes decorated with a skipping decorator. - argparse.BooleanOptionalAction's default value is no longer printed twice when used with argparse.ArgumentDefaultsHelpFormatter. - Upgrade bundled pip to 21.2.3 and setuptools to 57.4.0 - Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner. - The @functools.total_ordering() decorator now works with metaclasses. - sqlite3 user-defined functions and aggregators returning strings with embedded NUL characters are no longer truncated. Patch by Erlend E. Aasland. - Always show loop= arg deprecations in asyncio.gather() and asyncio.sleep() - Non-protocol subclasses of typing.Protocol ignore now the __init__ method inherited from protocol base classes. - The tokenize.tokenize() doesn't incorrectly generate a NEWLINE token if the source doesn't end with a new line character but the last line is a comment, as the function is already generating a NL token. Patch by Pablo Galindo - Fix http.client.HTTPSConnection fails to download >2GiB data. - rcompleter does not call getattr() on property objects to avoid the side-effect of evaluating the corresponding method. - weakref.proxy objects referencing non-iterators now raise TypeError rather than dereferencing the null tp_iternext slot and crashing. - The implementation of collections.abc.Set._hash() now matches that of frozenset.__hash__(). - Fixed issue in compileall.compile_file() when sys.stdout is redirected. Patch by Stefan H��lzl. - Give priority to using the current class constructor in inspect.signature(). Patch by Weipeng Hong. - Fix memory leak in _tkinter._flatten() if it is called with a sequence or set, but not list or tuple. - Update shutil.copyfile() to raise FileNotFoundError instead of confusing IsADirectoryError when a path ending with a os.path.sep does not exist; shutil.copy() and shutil.copy2() are also affected. - handle StopIteration subclass raised from @contextlib.contextmanager generator - Make the implementation consistency of indexOf() between C and Python versions. Patch by Dong-hee Na. - Fixes TypedDict to work with typing.get_type_hints() and postponed evaluation of annotations across modules. - Fix bug with pdb's handling of import error due to a package which does not have a __main__ module - Fixed an exception thrown while parsing a malformed multipart email by email.message.EmailMessage. - pathlib.PureWindowsPath.is_reserved() now identifies a greater range of reserved filenames, including those with trailing spaces or colons. - Handle exceptions from parsing the arg of pdb's run/restart command. - The sqlite3 context manager now performs a rollback (thus releasing the database lock) if commit failed. Patch by Luca Citi and Erlend E. Aasland. - Improved string handling for sqlite3 user-defined functions and aggregates: - It is now possible to pass strings with embedded null characters to UDFs - Conversion failures now correctly raise MemoryError - Patch by Erlend E. Aasland. - Handle RecursionError in TracebackException's constructor, so that long exceptions chains are truncated instead of causing traceback formatting to fail. - Fix email.message.EmailMessage.set_content() when called with binary data and 7bit content transfer encoding. - The compresslevel and preset keyword arguments of tarfile.open() are now both documented and tested. - Fixed a Y2k38 bug in the compileall module where it would fail to compile files with a modification time after the year 2038. - Fix test___all__ on platforms lacking a shared memory implementation. - Pass multiprocessing BaseProxy argument manager_owned through AutoProxy. - email.utils.getaddresses() now accepts email.header.Header objects along with string values. Patch by Zackery Spytz. - lib2to3 now recognizes async generators everywhere. - Fix TypeError when required subparsers without dest do not receive arguments. Patch by Anthony Sottile. - Documentation - Removed the othergui.rst file, any references to it, and the list of GUI frameworks in the FAQ. In their place I've added links to the Python Wiki page on GUI frameworks. - Update the definition of __future__ in the glossary by replacing the confusing word "pseudo-module" with a more accurate description. - Add typical examples to os.path.splitext docs - Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory. - Update of three expired hyperlinks in Doc/distributing/index.rst: "Project structure", "Building and packaging the project", and "Uploading the project to the Python Packaging Index". - Updated the docstring and docs of filecmp.cmp() to be more accurate and less confusing especially in respect to shallow arg. - Match the docstring and python implementation of countOf() to the behavior of its c implementation. - List all kwargs for textwrap.wrap(), textwrap.fill(), and textwrap.shorten(). Now, there are nav links to attributes of TextWrap, which makes navigation much easier while minimizing duplication in the documentation. - Clarify that atexit uses equality comparisons internally. - Documentation of csv.Dialect is more descriptive. - Fix documentation for the return type of sysconfig.get_path(). - Add a "Security Considerations" index which links to standard library modules that have explicitly documented security considerations. - Remove the unqualified claim that tkinter is threadsafe. It has not been true for several years and likely never was. An explanation of what is true may be added later, after more discussion, and possibly after patching _tkinter.c, - Tests - Add calls of gc.collect() in tests to support PyPy. - Made tests relying on the _asyncio C extension module optional to allow running on alternative Python implementations. Patch by Serhiy Storchaka. - Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don't expect it in the output. - Add ability to wholesale silence DeprecationWarnings while running the regression test suite. - Notify users running test_decimal regression tests on macOS of potential harmless "malloc can't allocate region" messages spewed by test_decimal. - Fixed floating point precision issue in turtle tests. - Regression tests, when run with -w, are now re-running only the affected test methods instead of re-running the entire test file. - Add test for nested queues when using multiprocessing shared objects AutoProxy[Queue] inside ListProxy and DictProxy - Add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling - bpo-44022 (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely reading potential HTTP headers after a 100 Continue status response from the server. - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1485=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1485=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1485=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1485=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.10-150300.4.8.1 libpython3_9-1_0-debuginfo-3.9.10-150300.4.8.1 python39-3.9.10-150300.4.8.2 python39-base-3.9.10-150300.4.8.1 python39-base-debuginfo-3.9.10-150300.4.8.1 python39-core-debugsource-3.9.10-150300.4.8.1 python39-curses-3.9.10-150300.4.8.2 python39-curses-debuginfo-3.9.10-150300.4.8.2 python39-dbm-3.9.10-150300.4.8.2 python39-dbm-debuginfo-3.9.10-150300.4.8.2 python39-debuginfo-3.9.10-150300.4.8.2 python39-debugsource-3.9.10-150300.4.8.2 python39-devel-3.9.10-150300.4.8.1 python39-doc-3.9.10-150300.4.8.1 python39-doc-devhelp-3.9.10-150300.4.8.1 python39-idle-3.9.10-150300.4.8.2 python39-testsuite-3.9.10-150300.4.8.1 python39-testsuite-debuginfo-3.9.10-150300.4.8.1 python39-tk-3.9.10-150300.4.8.2 python39-tk-debuginfo-3.9.10-150300.4.8.2 python39-tools-3.9.10-150300.4.8.1 - openSUSE Leap 15.4 (x86_64): libpython3_9-1_0-32bit-3.9.10-150300.4.8.1 libpython3_9-1_0-32bit-debuginfo-3.9.10-150300.4.8.1 python39-32bit-3.9.10-150300.4.8.2 python39-32bit-debuginfo-3.9.10-150300.4.8.2 python39-base-32bit-3.9.10-150300.4.8.1 python39-base-32bit-debuginfo-3.9.10-150300.4.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.10-150300.4.8.1 libpython3_9-1_0-debuginfo-3.9.10-150300.4.8.1 python39-3.9.10-150300.4.8.2 python39-base-3.9.10-150300.4.8.1 python39-base-debuginfo-3.9.10-150300.4.8.1 python39-core-debugsource-3.9.10-150300.4.8.1 python39-curses-3.9.10-150300.4.8.2 python39-curses-debuginfo-3.9.10-150300.4.8.2 python39-dbm-3.9.10-150300.4.8.2 python39-dbm-debuginfo-3.9.10-150300.4.8.2 python39-debuginfo-3.9.10-150300.4.8.2 python39-debugsource-3.9.10-150300.4.8.2 python39-devel-3.9.10-150300.4.8.1 python39-doc-3.9.10-150300.4.8.1 python39-doc-devhelp-3.9.10-150300.4.8.1 python39-idle-3.9.10-150300.4.8.2 python39-testsuite-3.9.10-150300.4.8.1 python39-testsuite-debuginfo-3.9.10-150300.4.8.1 python39-tk-3.9.10-150300.4.8.2 python39-tk-debuginfo-3.9.10-150300.4.8.2 python39-tools-3.9.10-150300.4.8.1 - openSUSE Leap 15.3 (x86_64): libpython3_9-1_0-32bit-3.9.10-150300.4.8.1 libpython3_9-1_0-32bit-debuginfo-3.9.10-150300.4.8.1 python39-32bit-3.9.10-150300.4.8.2 python39-32bit-debuginfo-3.9.10-150300.4.8.2 python39-base-32bit-3.9.10-150300.4.8.1 python39-base-32bit-debuginfo-3.9.10-150300.4.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python39-core-debugsource-3.9.10-150300.4.8.1 python39-tools-3.9.10-150300.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_9-1_0-3.9.10-150300.4.8.1 libpython3_9-1_0-debuginfo-3.9.10-150300.4.8.1 python39-3.9.10-150300.4.8.2 python39-base-3.9.10-150300.4.8.1 python39-base-debuginfo-3.9.10-150300.4.8.1 python39-core-debugsource-3.9.10-150300.4.8.1 python39-curses-3.9.10-150300.4.8.2 python39-curses-debuginfo-3.9.10-150300.4.8.2 python39-dbm-3.9.10-150300.4.8.2 python39-dbm-debuginfo-3.9.10-150300.4.8.2 python39-debuginfo-3.9.10-150300.4.8.2 python39-debugsource-3.9.10-150300.4.8.2 python39-devel-3.9.10-150300.4.8.1 python39-idle-3.9.10-150300.4.8.2 python39-tk-3.9.10-150300.4.8.2 python39-tk-debuginfo-3.9.10-150300.4.8.2 References: https://www.suse.com/security/cve/CVE-2021-3572.html https://www.suse.com/security/cve/CVE-2021-3733.html https://www.suse.com/security/cve/CVE-2021-3737.html https://bugzilla.suse.com/1186819 https://bugzilla.suse.com/1189241 https://bugzilla.suse.com/1189287 https://bugzilla.suse.com/1189356 https://bugzilla.suse.com/1193179

1 0

SUSE-SU-2022:1484-1: important: Security update for git
by opensuse-security＠opensuse.org 02 May '22

02 May '22

SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1484-1 Rating: important References: #1181400 #1198234 Cross-References: CVE-2022-24765 CVSS scores: CVE-2022-24765 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24765 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1484=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1484=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1484=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1484=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1484=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1484=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.12.1 git-arch-2.35.3-150300.10.12.1 git-core-2.35.3-150300.10.12.1 git-core-debuginfo-2.35.3-150300.10.12.1 git-credential-gnome-keyring-2.35.3-150300.10.12.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.12.1 git-credential-libsecret-2.35.3-150300.10.12.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.12.1 git-cvs-2.35.3-150300.10.12.1 git-daemon-2.35.3-150300.10.12.1 git-daemon-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 git-email-2.35.3-150300.10.12.1 git-gui-2.35.3-150300.10.12.1 git-p4-2.35.3-150300.10.12.1 git-svn-2.35.3-150300.10.12.1 git-web-2.35.3-150300.10.12.1 gitk-2.35.3-150300.10.12.1 perl-Git-2.35.3-150300.10.12.1 - openSUSE Leap 15.4 (noarch): git-doc-2.35.3-150300.10.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.12.1 git-arch-2.35.3-150300.10.12.1 git-core-2.35.3-150300.10.12.1 git-core-debuginfo-2.35.3-150300.10.12.1 git-credential-gnome-keyring-2.35.3-150300.10.12.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.12.1 git-credential-libsecret-2.35.3-150300.10.12.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.12.1 git-cvs-2.35.3-150300.10.12.1 git-daemon-2.35.3-150300.10.12.1 git-daemon-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 git-email-2.35.3-150300.10.12.1 git-gui-2.35.3-150300.10.12.1 git-p4-2.35.3-150300.10.12.1 git-svn-2.35.3-150300.10.12.1 git-web-2.35.3-150300.10.12.1 gitk-2.35.3-150300.10.12.1 perl-Git-2.35.3-150300.10.12.1 - openSUSE Leap 15.3 (noarch): git-doc-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.12.1 git-arch-2.35.3-150300.10.12.1 git-cvs-2.35.3-150300.10.12.1 git-daemon-2.35.3-150300.10.12.1 git-daemon-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 git-email-2.35.3-150300.10.12.1 git-gui-2.35.3-150300.10.12.1 git-svn-2.35.3-150300.10.12.1 git-web-2.35.3-150300.10.12.1 gitk-2.35.3-150300.10.12.1 perl-Git-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): git-doc-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.12.1 git-arch-2.35.3-150300.10.12.1 git-cvs-2.35.3-150300.10.12.1 git-daemon-2.35.3-150300.10.12.1 git-daemon-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 git-email-2.35.3-150300.10.12.1 git-gui-2.35.3-150300.10.12.1 git-svn-2.35.3-150300.10.12.1 git-web-2.35.3-150300.10.12.1 gitk-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): git-doc-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.12.1 git-core-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.12.1 git-core-debuginfo-2.35.3-150300.10.12.1 git-debuginfo-2.35.3-150300.10.12.1 git-debugsource-2.35.3-150300.10.12.1 perl-Git-2.35.3-150300.10.12.1 References: https://www.suse.com/security/cve/CVE-2022-24765.html https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1198234

1 0

openSUSE-SU-2022:0123-1: important: Security update for opera
by opensuse-security＠opensuse.org 01 May '22

01 May '22

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0123-1 Rating: important References: Cross-References: CVE-2022-1364 Affected Products: openSUSE Leap 15.3:NonFree ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for opera fixes the following issues: Update to 86.0.4363.23: - CHR-8843 Update chromium on desktop-stable-100-4363 to 100.0.4896.127 - DNA-98236 Turn on #snap-text-selection on all streams - DNA-98507 DCHECK at address_bar_controller.cc(547) - DNA-98528 Suggestions for internal pages disappear when typing their full name - DNA-98538 Change name of "Opera Crypto Wallet" to "Crypto Wallet" - DNA-98540 Booking.com used instead of custom search engine - DNA-98587 Favicon of booking suggestion in the city category is unexpectedly changing - DNA-98605 City suggestions should show URL in address field when selected - DNA-98608 #address-bar-dropdown-categories expired - DNA-98616 Add recent searches to 'old' BABE - DNA-98668 Switch to tab button leads to wrong tab - DNA-98673 Improve suggestion removal handling in suggestion providers - DNA-98681 Remove unused suggestion consumers - DNA-98684 Have a dedicated SuggestionList for the new address bar dropdown - DNA-98685 Enable #native-crypto-wallet on developer - DNA-98688 "Disable this feature" mini-menu settings is non-intuitive - DNA-98690 Autocompleted text stayed in address field after removing suggestion - DNA-98738 Inline autocomplete suggestion for SD disappears after typing 3rd letter of SD name - DNA-98743 Blank dropdown after pressing space key - DNA-98783 Improve showing suggestions with long URLs or page titles - DNA-98785 "Switch to tab" button not shown for suggestions with www subdomain when typing domain text - DNA-98879 "Disable suggestions before typing" mini-menu option should change to "Enable suggestions before typing" when being selected - DNA-98917 Translations for O86 - DNA-98975 Turn on #snap-crop-tool on all channels - DNA-98980 Enable #native-crypto-wallet on all streams - DNA-99005 The sidebar item is not visible for already active crypto wallet users when #native-crypto-wallet flag is enabled. - DNA-99007 Crash at TemplateURLRef::ParseIfNecessary(SearchTermsData const&) const - DNA-99047 Promote O86 to stable - The update to chromium 100.0.4896.127 fixes following issues: CVE-2022-1364 - Complete Opera 86.0 changelog at: https://blogs.opera.com/desktop/changelog-for-86/ Update to 85.0.4341.60: - DNA-98666 Set baidu as default search engine in China - DNA-98707 Hint is not displayed for new crypto wallet sidebar icon - DNA-98775 RichHintsSearchEngineCondition.testSogouSearchEngine errors Update to 85.0.4341.47: - DNA-98249 Add feature flag #native-crypto-wallet - DNA-98250 Install extension on startup - DNA-98251 Make Crypto Wallet setting enable / disable extension - DNA-98252 Deactivate old desktop crypto wallet - DNA-98253 Always show ��Crypto Wallet�� in Sidebar Setup - DNA-98497 Crash when installing extension - DNA-98506 Enable opera_feature_crypto_wallet_encryption on desktop - DNA-98510 Blank icon in sidebar setup - DNA-98538 Change name of "Opera Crypto Wallet" to "Crypto Wallet" - DNA-98685 Enable #native-crypto-wallet on developer - DNA-98766 Crash at opera::AddressBarControllerImpl::OpenNativeDropdown() - DNA-98768 Crash at extensions::ContentFilterPrivateIsWhitelistedFunction::Run() - DNA-98770 Recent searches stay in address field after selecting entry from dropdown - DNA-98772 Screen sharing broken - DNA-98803 Autofilled part appended after selecting address bar using shortcut Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3:NonFree: zypper in -t patch openSUSE-2022-123=1 Package List: - openSUSE Leap 15.3:NonFree (x86_64): opera-86.0.4363.23-lp153.2.45.1 References: https://www.suse.com/security/cve/CVE-2022-1364.html

1 0