June 2022 - openSUSE Security Announce

SUSE-SU-2022:2139-1: important: Security update for golang-github-prometheus-alertmanager
by opensuse-security＠opensuse.org 20 Jun '22

20 Jun '22

SUSE Security Update: Security update for golang-github-prometheus-alertmanager ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2139-1 Rating: important References: #1181400 #1196338 SLE-24077 Cross-References: CVE-2022-21698 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Tools 15 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for golang-github-prometheus-alertmanager fixes the following issues: Update golang-github-prometheus-alertmanager from version 0.21.0 to version 0.23.0 (bsc#1196338, jsc#SLE-24077) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update required Go version to 1.16 - Use %autosetup macro - Update to version 0.23.0: * Release 0.23.0 * Release 0.23.0-rc.0 * amtool: Detect version drift and warn users (#2672) * Add ability to skip TLS verification for amtool (#2663) * Fix empty isEqual in amtool. (#2668) * Fix main tests (#2670) * cli: add new template render command (#2538) * OpsGenie: refer to alert instead of incident (#2609) * Docs: target_match and source_match are DEPRECATED (#2665) * Fix test not waiting for cluster member to be ready - Add go_modules to _service. - Added hardening to systemd service(s) with a modified prometheus-alertmanager.service (bsc#1181400) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2139=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2139=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-2139=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-2139=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-2139=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-2139=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2139=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1196338

1 0

openSUSE-SU-2022:10015-1: important: Security update for firejail
by opensuse-security＠opensuse.org 20 Jun '22

20 Jun '22

openSUSE Security Update: Security update for firejail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10015-1 Rating: important References: #1199148 Cross-References: CVE-2022-31214 CVSS scores: CVE-2022-31214 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for firejail fixes the following issues: firejail was updated to version 0.9.70: -CVE-2022-31214: - root escalation in --join logic (boo#1199148) Reported by Matthias Gerstner, working exploit code was provided to our development team. In the same time frame, the problem was independently reported by Birk Blechschmidt. Full working exploit code was also provided. - feature: enable shell tab completion with --tab (#4936) - feature: disable user profiles at compile time (#4990) - feature: Allow resolution of .local names with avahi-daemon in the apparmor - profile (#5088) - feature: always log seccomp errors (#5110) - feature: firecfg --guide, guided user configuration (#5111) - feature: --oom, kernel OutOfMemory-killer (#5122) - modif: --ids feature needs to be enabled at compile time (#5155) - modif: --nettrace only available to root user - rework: whitelist restructuring (#4985) - rework: firemon, speed up and lots of fixes - bugfix: --private-cwd not expanding macros, broken hyperrogue (#4910) - bugfix: nogroups + wrc prints confusing messages (#4930 #4933) - bugfix: openSUSE Leap - whitelist-run-common.inc (#4954) - bugfix: fix printing in evince (#5011) - bugfix: gcov: fix gcov functions always declared as dummy (#5028) - bugfix: Stop warning on safe supplementary group clean (#5114) - build: remove ultimately unused INSTALL and RANLIB check macros (#5133) - build: mkdeb.sh.in: pass remaining arguments to ./configure (#5154) - ci: replace centos (EOL) with almalinux (#4912) - ci: fix --version not printing compile-time features (#5147) - ci: print version after install & fix apparmor support on build_apparmor (#5148) - docs: Refer to firejail.config in configuration files (#4916) - docs: firejail.config: add warning about allow-tray (#4946) - docs: mention that the protocol command accumulates (#5043) - docs: mention inconsistent homedir bug involving --private=dir (#5052) - docs: mention capabilities(7) on --caps (#5078) - new profiles: onionshare, onionshare-cli, opera-developer, songrec - new profiles: node-gyp, npx, semver, ping-hardened - removed profiles: nvm Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10015=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): firejail-0.9.70-bp153.2.6.1 References: https://www.suse.com/security/cve/CVE-2022-31214.html https://bugzilla.suse.com/1199148

1 0

openSUSE-SU-2022:10017-1: important: Security update for chafa
by opensuse-security＠opensuse.org 20 Jun '22

20 Jun '22

openSUSE Security Update: Security update for chafa ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10017-1 Rating: important References: #1200510 Cross-References: CVE-2022-2061 Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for chafa fixes the following issues: - CVE-2022-2061: Fix heap based buffer overflow in lzw_decode (boo#1200510) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10017=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): chafa-1.8.0-bp154.3.3.1 chafa-devel-1.8.0-bp154.3.3.1 libchafa0-1.8.0-bp154.3.3.1 - openSUSE Backports SLE-15-SP4 (noarch): chafa-doc-1.8.0-bp154.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-2061.html https://bugzilla.suse.com/1200510

1 0

openSUSE-SU-2022:10016-1: important: Security update for firejail
by opensuse-security＠opensuse.org 20 Jun '22

20 Jun '22

openSUSE Security Update: Security update for firejail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10016-1 Rating: important References: #1199148 Cross-References: CVE-2022-31214 CVSS scores: CVE-2022-31214 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for firejail fixes the following issues: firejail was updated to version 0.9.70: - CVE-2022-31214 - root escalation in --join logic (boo#1199148) Reported by Matthias Gerstner, working exploit code was provided to our development team. In the same time frame, the problem was independently reported by Birk Blechschmidt. Full working exploit code was also provided. - feature: enable shell tab completion with --tab (#4936) - feature: disable user profiles at compile time (#4990) - feature: Allow resolution of .local names with avahi-daemon in the apparmor - profile (#5088) - feature: always log seccomp errors (#5110) - feature: firecfg --guide, guided user configuration (#5111) - feature: --oom, kernel OutOfMemory-killer (#5122) - modif: --ids feature needs to be enabled at compile time (#5155) - modif: --nettrace only available to root user - rework: whitelist restructuring (#4985) - rework: firemon, speed up and lots of fixes - bugfix: --private-cwd not expanding macros, broken hyperrogue (#4910) - bugfix: nogroups + wrc prints confusing messages (#4930 #4933) - bugfix: openSUSE Leap - whitelist-run-common.inc (#4954) - bugfix: fix printing in evince (#5011) - bugfix: gcov: fix gcov functions always declared as dummy (#5028) - bugfix: Stop warning on safe supplementary group clean (#5114) - build: remove ultimately unused INSTALL and RANLIB check macros (#5133) - build: mkdeb.sh.in: pass remaining arguments to ./configure (#5154) - ci: replace centos (EOL) with almalinux (#4912) - ci: fix --version not printing compile-time features (#5147) - ci: print version after install & fix apparmor support on build_apparmor (#5148) - docs: Refer to firejail.config in configuration files (#4916) - docs: firejail.config: add warning about allow-tray (#4946) - docs: mention that the protocol command accumulates (#5043) - docs: mention inconsistent homedir bug involving --private=dir (#5052) - docs: mention capabilities(7) on --caps (#5078) - new profiles: onionshare, onionshare-cli, opera-developer, songrec - new profiles: node-gyp, npx, semver, ping-hardened - removed profiles: nvm update to firejail 0.9.68: - security: on Ubuntu, the PPA is now recommended over the distro package (see README.md) (#4748) - security: bugfix: private-cwd leaks access to the entire filesystem (#4780); reported by Hugo Osvaldo Barrera - feature: remove (some) environment variables with auth-tokens (#4157) - feature: ALLOW_TRAY condition (#4510 #4599) - feature: add basic Firejail support to AppArmor base abstraction (#3226 #4628) - feature: intrusion detection system (--ids-init, --ids-check) - feature: deterministic shutdown command (--deterministic-exit-code, --deterministic-shutdown) (#928 #3042 #4635) - feature: noprinters command (#4607 #4827) - feature: network monitor (--nettrace) - feature: network locker (--netlock) (#4848) - feature: whitelist-ro profile command (#4740) - feature: disable pipewire with --nosound (#4855) - feature: Unset TMP if it doesn't exist inside of sandbox (#4151) - feature: Allow apostrophe in whitelist and blacklist (#4614) - feature: AppImage support in --build command (#4878) - modifs: exit code: distinguish fatal signals by adding 128 (#4533) - modifs: firecfg.config is now installed to /etc/firejail/ (#408 #4669) - modifs: close file descriptors greater than 2 (--keep-fd) (#4845) - modifs: nogroups now stopped causing certain system groups to be dropped, - which are now controlled by the relevant "no" options instead (such as - nosound -> drop audio group), which fixes device access issues on systems - not using (e)logind (such as with seatd) (#4632 #4725 #4732 #4851) - removal: --disable-whitelist at compile time - removal: whitelist=yes/no in /etc/firejail/firejail.config - bugfix: Fix sndio support (#4362 #4365) - bugfix: Error mounting tmpfs (MS_REMOUNT flag not being cleared) (#4387) - bugfix: --build clears the environment (#4460 #4467) - bugfix: firejail hangs with net parameter (#3958 #4476) - bugfix: Firejail does not work with a custom hosts file (#2758 #4560) - bugfix: --tracelog and --trace override /etc/ld.so.preload (#4558 #4586) - bugfix: PATH_MAX is undeclared on musl libc (#4578 #4579 #4583 #4606) - bugfix: firejail symlinks are not skipped with private-bin + globs (#4626) - bugfix: Firejail rejects empty arguments (#4395) - bugfix: firecfg does not work with symlinks (discord.desktop) (#4235) - bugfix: Seccomp list output goes to stdout instead of stderr (#4328) - bugfix: private-etc does not work with symlinks (#4887) - bugfix: Hardware key not detected on keepassxc (#4883) - build: allow building with address sanitizer (#4594) - build: Stop linking pthread (#4695) - build: Configure cleanup and improvements (#4712) - ci: add profile checks for sorting disable-programs.inc and - firecfg.config and for the required arguments in private-etc (#2739 #4643) - ci: pin GitHub actions to SHAs and use Dependabot to update them (#4774) - docs: Add new command checklist to CONTRIBUTING.md (#4413) - docs: Rework bug report issue template and add both a question and a - feature request template (#4479 #4515 #4561) - docs: fix contradictory descriptions of machine-id ("preserves" vs "spoofs") (#4689) - docs: Document that private-bin and private-etc always accumulate (#4078) - new includes: whitelist-run-common.inc (#4288), disable-X11.inc (#4462) - new includes: disable-proc.inc (#4521) - removed includes: disable-passwordmgr.inc (#4454 #4461) - new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim - new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl - new profiles: yt-dlp, goldendict, goldendict, bundle, cmake - new profiles: make, meson, pip, codium, telnet, ftp, OpenStego - new profiles: imv, retroarch, torbrowser, CachyBrowser, - new profiles: notable, RPCS3, wget2, raincat, conitop, 1passwd, - new profiles: Seafile, neovim, com.github.tchx84.Flatseal Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10016=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): firejail-0.9.70-bp154.2.3.1 firejail-bash-completion-0.9.70-bp154.2.3.1 firejail-zsh-completion-0.9.70-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-31214.html https://bugzilla.suse.com/1199148

1 0

openSUSE-SU-2022:10014-1: moderate: Security update for tensorflow2
by opensuse-security＠opensuse.org 18 Jun '22

18 Jun '22

openSUSE Security Update: Security update for tensorflow2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10014-1 Rating: moderate References: #1173128 #1173314 #1178287 #1178564 #1179455 #1181864 #1186860 #1189423 Cross-References: CVE-2020-26266 CVE-2020-26267 CVE-2020-26268 CVE-2020-26270 CVE-2020-26271 CVE-2021-37635 CVE-2021-37636 CVE-2021-37637 CVE-2021-37638 CVE-2021-37639 CVE-2021-37640 CVE-2021-37641 CVE-2021-37642 CVE-2021-37643 CVE-2021-37644 CVE-2021-37645 CVE-2021-37646 CVE-2021-37647 CVE-2021-37648 CVE-2021-37649 CVE-2021-37650 CVE-2021-37651 CVE-2021-37652 CVE-2021-37653 CVE-2021-37654 CVE-2021-37655 CVE-2021-37656 CVE-2021-37657 CVE-2021-37658 CVE-2021-37659 CVE-2021-37660 CVE-2021-37661 CVE-2021-37662 CVE-2021-37663 CVE-2021-37664 CVE-2021-37665 CVE-2021-37666 CVE-2021-37667 CVE-2021-37668 CVE-2021-37669 CVE-2021-37670 CVE-2021-37671 CVE-2021-37672 CVE-2021-37673 CVE-2021-37674 CVE-2021-37675 CVE-2021-37676 CVE-2021-37677 CVE-2021-37678 CVE-2021-37679 CVE-2021-37680 CVE-2021-37681 CVE-2021-37682 CVE-2021-37683 CVE-2021-37684 CVE-2021-37685 CVE-2021-37686 CVE-2021-37687 CVE-2021-37688 CVE-2021-37689 CVE-2021-37690 CVE-2021-37691 CVE-2021-37692 CVSS scores: CVE-2020-26266 (NVD) : 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2020-26268 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2020-26270 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2020-26271 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-37639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes 63 vulnerabilities is now available. Description: This update for tensorflow fixes the following issues: Update to TF2 2.6.0 which fixes multiple CVEs (boo#1189423). - Introduction of bazel6.3 and basel-skylib1.0.3 as build dependencies. The latter has been adapted to all a version in its package name (if %set_ver_suffix is set to 1). This allows multiple versions to exist for one product (not installed). NOTE: basel-skylib1.0.3 does not exist in oS:Factory: basel-skylib in oS:Factory - the base version - is 1.0.3. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10014=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 s390x x86_64): tensorflow2-lite-2.6.0-bp153.2.3.1 tensorflow2-lite-debuginfo-2.6.0-bp153.2.3.1 tensorflow2-lite-debugsource-2.6.0-bp153.2.3.1 tensorflow2-lite-devel-2.6.0-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): bazel3.7-3.7.2-bp153.2.1 libtensorflow2-2.6.0-bp153.2.3.1 libtensorflow2-debuginfo-2.6.0-bp153.2.3.1 libtensorflow2-gnu-hpc-2.6.0-bp153.2.3.1 libtensorflow2-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1 libtensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1 libtensorflow2-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1 libtensorflow_cc2-2.6.0-bp153.2.3.1 libtensorflow_cc2-debuginfo-2.6.0-bp153.2.3.1 libtensorflow_cc2-gnu-hpc-2.6.0-bp153.2.3.1 libtensorflow_cc2-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1 libtensorflow_cc2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1 libtensorflow_cc2-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1 libtensorflow_framework2-2.6.0-bp153.2.3.1 libtensorflow_framework2-debuginfo-2.6.0-bp153.2.3.1 libtensorflow_framework2-gnu-hpc-2.6.0-bp153.2.3.1 libtensorflow_framework2-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1 libtensorflow_framework2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1 libtensorflow_framework2-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1 tensorflow2-2.6.0-bp153.2.3.1 tensorflow2-debuginfo-2.6.0-bp153.2.3.1 tensorflow2-debugsource-2.6.0-bp153.2.3.1 tensorflow2-devel-2.6.0-bp153.2.3.1 tensorflow2-doc-2.6.0-bp153.2.3.1 tensorflow2-gnu-hpc-2.6.0-bp153.2.3.1 tensorflow2-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1 tensorflow2_2_6_0-gnu-hpc-2.6.0-bp153.2.3.1 tensorflow2_2_6_0-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1 tensorflow2_2_6_0-gnu-hpc-debugsource-2.6.0-bp153.2.3.1 tensorflow2_2_6_0-gnu-hpc-devel-2.6.0-bp153.2.3.1 tensorflow2_2_6_0-gnu-hpc-doc-2.6.0-bp153.2.3.1 tensorflow2_2_6_0-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1 tensorflow2_2_6_0-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1 tensorflow2_2_6_0-gnu-openmpi2-hpc-debugsource-2.6.0-bp153.2.3.1 tensorflow2_2_6_0-gnu-openmpi2-hpc-devel-2.6.0-bp153.2.3.1 tensorflow2_2_6_0-gnu-openmpi2-hpc-doc-2.6.0-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (ppc64le): bazel3.7-3.7.2-bp153.4.1 - openSUSE Backports SLE-15-SP3 (x86_64): libiomp5-2.6.0-bp153.2.3.1 libiomp5-debuginfo-2.6.0-bp153.2.3.1 libiomp5-gnu-hpc-2.6.0-bp153.2.3.1 libiomp5-gnu-hpc-debuginfo-2.6.0-bp153.2.3.1 libiomp5-gnu-openmpi2-hpc-2.6.0-bp153.2.3.1 libiomp5-gnu-openmpi2-hpc-debuginfo-2.6.0-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (noarch): bazel-skylib1.0.3-source-1.0.3-bp153.2.1 References: https://www.suse.com/security/cve/CVE-2020-26266.html https://www.suse.com/security/cve/CVE-2020-26267.html https://www.suse.com/security/cve/CVE-2020-26268.html https://www.suse.com/security/cve/CVE-2020-26270.html https://www.suse.com/security/cve/CVE-2020-26271.html https://www.suse.com/security/cve/CVE-2021-37635.html https://www.suse.com/security/cve/CVE-2021-37636.html https://www.suse.com/security/cve/CVE-2021-37637.html https://www.suse.com/security/cve/CVE-2021-37638.html https://www.suse.com/security/cve/CVE-2021-37639.html https://www.suse.com/security/cve/CVE-2021-37640.html https://www.suse.com/security/cve/CVE-2021-37641.html https://www.suse.com/security/cve/CVE-2021-37642.html https://www.suse.com/security/cve/CVE-2021-37643.html https://www.suse.com/security/cve/CVE-2021-37644.html https://www.suse.com/security/cve/CVE-2021-37645.html https://www.suse.com/security/cve/CVE-2021-37646.html https://www.suse.com/security/cve/CVE-2021-37647.html https://www.suse.com/security/cve/CVE-2021-37648.html https://www.suse.com/security/cve/CVE-2021-37649.html https://www.suse.com/security/cve/CVE-2021-37650.html https://www.suse.com/security/cve/CVE-2021-37651.html https://www.suse.com/security/cve/CVE-2021-37652.html https://www.suse.com/security/cve/CVE-2021-37653.html https://www.suse.com/security/cve/CVE-2021-37654.html https://www.suse.com/security/cve/CVE-2021-37655.html https://www.suse.com/security/cve/CVE-2021-37656.html https://www.suse.com/security/cve/CVE-2021-37657.html https://www.suse.com/security/cve/CVE-2021-37658.html https://www.suse.com/security/cve/CVE-2021-37659.html https://www.suse.com/security/cve/CVE-2021-37660.html https://www.suse.com/security/cve/CVE-2021-37661.html https://www.suse.com/security/cve/CVE-2021-37662.html https://www.suse.com/security/cve/CVE-2021-37663.html https://www.suse.com/security/cve/CVE-2021-37664.html https://www.suse.com/security/cve/CVE-2021-37665.html https://www.suse.com/security/cve/CVE-2021-37666.html https://www.suse.com/security/cve/CVE-2021-37667.html https://www.suse.com/security/cve/CVE-2021-37668.html https://www.suse.com/security/cve/CVE-2021-37669.html https://www.suse.com/security/cve/CVE-2021-37670.html https://www.suse.com/security/cve/CVE-2021-37671.html https://www.suse.com/security/cve/CVE-2021-37672.html https://www.suse.com/security/cve/CVE-2021-37673.html https://www.suse.com/security/cve/CVE-2021-37674.html https://www.suse.com/security/cve/CVE-2021-37675.html https://www.suse.com/security/cve/CVE-2021-37676.html https://www.suse.com/security/cve/CVE-2021-37677.html https://www.suse.com/security/cve/CVE-2021-37678.html https://www.suse.com/security/cve/CVE-2021-37679.html https://www.suse.com/security/cve/CVE-2021-37680.html https://www.suse.com/security/cve/CVE-2021-37681.html https://www.suse.com/security/cve/CVE-2021-37682.html https://www.suse.com/security/cve/CVE-2021-37683.html https://www.suse.com/security/cve/CVE-2021-37684.html https://www.suse.com/security/cve/CVE-2021-37685.html https://www.suse.com/security/cve/CVE-2021-37686.html https://www.suse.com/security/cve/CVE-2021-37687.html https://www.suse.com/security/cve/CVE-2021-37688.html https://www.suse.com/security/cve/CVE-2021-37689.html https://www.suse.com/security/cve/CVE-2021-37690.html https://www.suse.com/security/cve/CVE-2021-37691.html https://www.suse.com/security/cve/CVE-2021-37692.html https://bugzilla.suse.com/1173128 https://bugzilla.suse.com/1173314 https://bugzilla.suse.com/1178287 https://bugzilla.suse.com/1178564 https://bugzilla.suse.com/1179455 https://bugzilla.suse.com/1181864 https://bugzilla.suse.com/1186860 https://bugzilla.suse.com/1189423

1 0

SUSE-SU-2022:2111-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 17 Jun '22

17 Jun '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2111-1 Rating: important References: #1028340 #1055710 #1065729 #1071995 #1084513 #1087082 #1114648 #1158266 #1172456 #1177282 #1182171 #1183723 #1187055 #1191647 #1191958 #1195065 #1195651 #1196018 #1196367 #1196426 #1196999 #1197219 #1197343 #1197663 #1198400 #1198516 #1198577 #1198660 #1198687 #1198742 #1198777 #1198825 #1199012 #1199063 #1199314 #1199399 #1199426 #1199505 #1199507 #1199605 #1199650 #1200143 #1200144 #1200249 Cross-References: CVE-2017-13695 CVE-2018-7755 CVE-2019-19377 CVE-2019-20811 CVE-2020-26541 CVE-2021-20292 CVE-2021-20321 CVE-2021-33061 CVE-2021-38208 CVE-2021-39711 CVE-2021-43389 CVE-2022-1011 CVE-2022-1184 CVE-2022-1353 CVE-2022-1419 CVE-2022-1516 CVE-2022-1652 CVE-2022-1729 CVE-2022-1734 CVE-2022-1974 CVE-2022-1975 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-22942 CVE-2022-28748 CVE-2022-30594 CVSS scores: CVE-2017-13695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-13695 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2018-7755 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-7755 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-20811 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2019-20811 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-20292 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20321 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-20321 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38208 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-43389 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43389 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1353 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1353 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1516 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1516 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 30 vulnerabilities and has 14 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated. The following security bugs were fixed: - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2017-13695: Fixed a bug that caused a stack dump allowing local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table. (bnc#1055710) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012). - CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647). - CVE-2019-20811: Fixed issue in rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, where a reference count is mishandled (bnc#1172456). - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018). - CVE-2018-7755: Fixed an issue in the fd_locked_ioctl function in drivers/block/floppy.c. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR (bnc#1084513). - CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065). - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2021-43389: Fixed an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055). - CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516). - CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723). - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282) - CVE-2022-1975: Fixed a bug that allows an attacker to crash the linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605). The following non-security bugs were fixed: - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - net: ena: A typo fix in the file ena_com.h (bsc#1198777). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1198777). - net: ena: Add debug prints for invalid req_id resets (bsc#1198777). - net: ena: add device distinct log prefix to files (bsc#1198777). - net: ena: add jiffies of last napi call to stats (bsc#1198777). - net: ena: aggregate doorbell common operations into a function (bsc#1198777). - net: ena: aggregate stats increase into a function (bsc#1198777). - net: ena: Change ENI stats support check to use capabilities field (bsc#1198777). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198777). - net: ena: Change the name of bad_csum variable (bsc#1198777). - net: ena: Extract recurring driver reset code into a function (bsc#1198777). - net: ena: fix coding style nits (bsc#1198777). - net: ena: fix DMA mapping function issues in XDP (bsc#1198777). - net: ena: Fix error handling when calculating max IO queues number (bsc#1198777). - net: ena: fix inaccurate print type (bsc#1198777). - net: ena: Fix undefined state when tx request id is out of bounds (bsc#1198777). - net: ena: Fix wrong rx request id by resetting device (bsc#1198777). - net: ena: Improve error logging in driver (bsc#1198777). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198777). - net: ena: introduce XDP redirect implementation (bsc#1198777). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198777). - net: ena: Move reset completion print to the reset function (bsc#1198777). - net: ena: optimize data access in fast-path code (bsc#1198777). - net: ena: re-organize code to improve readability (bsc#1198777). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198777). - net: ena: remove extra words from comments (bsc#1198777). - net: ena: Remove module param and change message severity (bsc#1198777). - net: ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198777). - net: ena: Remove redundant return code check (bsc#1198777). - net: ena: Remove unused code (bsc#1198777). - net: ena: store values in their appropriate variables types (bsc#1198777). - net: ena: Update XDP verdict upon failure (bsc#1198777). - net: ena: use build_skb() in RX path (bsc#1198777). - net: ena: use constant value for net_device allocation (bsc#1198777). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198777). - net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1198777). - net: ena: use xdp_frame in XDP TX flow (bsc#1198777). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1198777). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). - powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609). - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900 bsc#1198660 ltc#197803). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729 bsc#1198660 ltc#197803). - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - x86/pm: Save the MSR validity status at context setup (bsc#1114648). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1114648). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2111=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2111=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2111=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2111=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2111=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2111=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2111=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2111=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2111=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2111=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-4.12.14-150100.197.114.2 kernel-vanilla-base-4.12.14-150100.197.114.2 kernel-vanilla-base-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-debugsource-4.12.14-150100.197.114.2 kernel-vanilla-devel-4.12.14-150100.197.114.2 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-livepatch-devel-4.12.14-150100.197.114.2 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.114.2 kernel-debug-base-debuginfo-4.12.14-150100.197.114.2 - openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.114.2 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.114.2 - openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-150100.197.114.2 kernel-zfcpdump-man-4.12.14-150100.197.114.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-4.12.14-150100.197.114.2 kernel-vanilla-base-4.12.14-150100.197.114.2 kernel-vanilla-base-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-debugsource-4.12.14-150100.197.114.2 kernel-vanilla-devel-4.12.14-150100.197.114.2 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.114.2 kernel-vanilla-livepatch-devel-4.12.14-150100.197.114.2 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.114.2 kernel-debug-base-debuginfo-4.12.14-150100.197.114.2 - openSUSE Leap 15.3 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.114.2 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.114.2 - openSUSE Leap 15.3 (s390x): kernel-default-man-4.12.14-150100.197.114.2 kernel-zfcpdump-man-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 reiserfs-kmp-default-4.12.14-150100.197.114.2 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 reiserfs-kmp-default-4.12.14-150100.197.114.2 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-150100.197.114.2 kernel-zfcpdump-debuginfo-4.12.14-150100.197.114.2 kernel-zfcpdump-debugsource-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 reiserfs-kmp-default-4.12.14-150100.197.114.2 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-livepatch-4.12.14-150100.197.114.2 kernel-default-livepatch-devel-4.12.14-150100.197.114.2 kernel-livepatch-4_12_14-150100_197_114-default-1-150100.3.3.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150100.197.114.2 cluster-md-kmp-default-debuginfo-4.12.14-150100.197.114.2 dlm-kmp-default-4.12.14-150100.197.114.2 dlm-kmp-default-debuginfo-4.12.14-150100.197.114.2 gfs2-kmp-default-4.12.14-150100.197.114.2 gfs2-kmp-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 ocfs2-kmp-default-4.12.14-150100.197.114.2 ocfs2-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 reiserfs-kmp-default-4.12.14-150100.197.114.2 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-150100.197.114.2 kernel-default-base-4.12.14-150100.197.114.2 kernel-default-base-debuginfo-4.12.14-150100.197.114.2 kernel-default-debuginfo-4.12.14-150100.197.114.2 kernel-default-debugsource-4.12.14-150100.197.114.2 kernel-default-devel-4.12.14-150100.197.114.2 kernel-default-devel-debuginfo-4.12.14-150100.197.114.2 kernel-obs-build-4.12.14-150100.197.114.2 kernel-obs-build-debugsource-4.12.14-150100.197.114.2 kernel-syms-4.12.14-150100.197.114.2 reiserfs-kmp-default-4.12.14-150100.197.114.2 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.114.2 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-150100.197.114.2 kernel-docs-4.12.14-150100.197.114.2 kernel-macros-4.12.14-150100.197.114.2 kernel-source-4.12.14-150100.197.114.2 References: https://www.suse.com/security/cve/CVE-2017-13695.html https://www.suse.com/security/cve/CVE-2018-7755.html https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2019-20811.html https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-20292.html https://www.suse.com/security/cve/CVE-2021-20321.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-38208.html https://www.suse.com/security/cve/CVE-2021-39711.html https://www.suse.com/security/cve/CVE-2021-43389.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1353.html https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1516.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-30594.html https://bugzilla.suse.com/1028340 https://bugzilla.suse.com/1055710 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1084513 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1172456 https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1182171 https://bugzilla.suse.com/1183723 https://bugzilla.suse.com/1187055 https://bugzilla.suse.com/1191647 https://bugzilla.suse.com/1191958 https://bugzilla.suse.com/1195065 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196367 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196999 https://bugzilla.suse.com/1197219 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1197663 https://bugzilla.suse.com/1198400 https://bugzilla.suse.com/1198516 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198660 https://bugzilla.suse.com/1198687 https://bugzilla.suse.com/1198742 https://bugzilla.suse.com/1198777 https://bugzilla.suse.com/1198825 https://bugzilla.suse.com/1199012 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199399 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200249

1 0

SUSE-SU-2022:2107-1: important: Security update for mariadb
by opensuse-security＠opensuse.org 16 Jun '22

16 Jun '22

SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2107-1 Rating: important References: #1198603 #1198604 #1198606 #1198607 #1198610 #1198611 #1198612 #1198613 #1198629 #1199928 Cross-References: CVE-2021-46669 CVE-2022-21427 CVE-2022-27377 CVE-2022-27378 CVE-2022-27380 CVE-2022-27381 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27445 CVSS scores: CVE-2021-46669 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21427 (NVD) : 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-27377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27377 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27378 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27380 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27380 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27381 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27381 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27383 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27383 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27384 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27384 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27386 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27387 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27387 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27445 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27445 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for mariadb fixes the following issues: - CVE-2021-46669 (bsc#1199928) - CVE-2022-21427 (bsc#1199928) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27445 (bsc#1198629) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2107=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2107=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2107=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2107=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2107=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2107=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2107=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2107=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2107=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2107=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2107=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE Enterprise Storage 6 (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 - SUSE CaaS Platform 4.0 (x86_64): libmysqld-devel-10.2.44-150000.3.54.1 libmysqld19-10.2.44-150000.3.54.1 libmysqld19-debuginfo-10.2.44-150000.3.54.1 mariadb-10.2.44-150000.3.54.1 mariadb-client-10.2.44-150000.3.54.1 mariadb-client-debuginfo-10.2.44-150000.3.54.1 mariadb-debuginfo-10.2.44-150000.3.54.1 mariadb-debugsource-10.2.44-150000.3.54.1 mariadb-tools-10.2.44-150000.3.54.1 mariadb-tools-debuginfo-10.2.44-150000.3.54.1 - SUSE CaaS Platform 4.0 (noarch): mariadb-errormessages-10.2.44-150000.3.54.1 References: https://www.suse.com/security/cve/CVE-2021-46669.html https://www.suse.com/security/cve/CVE-2022-21427.html https://www.suse.com/security/cve/CVE-2022-27377.html https://www.suse.com/security/cve/CVE-2022-27378.html https://www.suse.com/security/cve/CVE-2022-27380.html https://www.suse.com/security/cve/CVE-2022-27381.html https://www.suse.com/security/cve/CVE-2022-27383.html https://www.suse.com/security/cve/CVE-2022-27384.html https://www.suse.com/security/cve/CVE-2022-27386.html https://www.suse.com/security/cve/CVE-2022-27387.html https://www.suse.com/security/cve/CVE-2022-27445.html https://bugzilla.suse.com/1198603 https://bugzilla.suse.com/1198604 https://bugzilla.suse.com/1198606 https://bugzilla.suse.com/1198607 https://bugzilla.suse.com/1198610 https://bugzilla.suse.com/1198611 https://bugzilla.suse.com/1198612 https://bugzilla.suse.com/1198613 https://bugzilla.suse.com/1198629 https://bugzilla.suse.com/1199928

1 0

SUSE-SU-2022:2102-1: important: Security update for vim
by opensuse-security＠opensuse.org 16 Jun '22

16 Jun '22

SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2102-1 Rating: important References: #1070955 #1191770 #1192167 #1192902 #1192903 #1192904 #1193466 #1193905 #1194093 #1194216 #1194217 #1194388 #1194872 #1194885 #1195004 #1195203 #1195332 #1195354 #1196361 #1198596 #1198748 #1199331 #1199333 #1199334 #1199651 #1199655 #1199693 #1199745 #1199747 #1199936 #1200010 #1200011 #1200012 Cross-References: CVE-2017-17087 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVSS scores: CVE-2017-17087 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-17087 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3778 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3778 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3796 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H CVE-2021-3796 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3872 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3872 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3875 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3875 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3903 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3903 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3927 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3927 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3928 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3928 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3968 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3973 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3974 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3974 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3984 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3984 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-4019 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4019 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-4069 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4069 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2021-4136 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4136 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4166 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2021-4166 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2021-4192 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4192 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-4193 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-4193 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-46059 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0128 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0128 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-0213 (NVD) : 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-0213 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0261 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0261 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0319 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-0319 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-0351 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0351 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-0359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0359 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-0361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0361 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-0392 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0392 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2022-0407 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0407 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0413 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0413 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0696 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0696 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1381 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1381 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1420 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-1420 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1616 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1616 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1619 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1619 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1620 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1620 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1733 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1733 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-1735 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1735 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1771 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-1771 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1785 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1785 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1796 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1796 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1851 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1851 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1897 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1897 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1898 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1898 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1927 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1927 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 45 vulnerabilities is now available. Description: This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2102=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2102=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2102=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2102=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2102=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2102=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2102=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2102=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2102=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2102=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2102=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2102=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2102=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2102=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2102=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2102=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2102=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2102=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2102=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2102=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2102=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2102=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - openSUSE Leap 15.4 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - openSUSE Leap 15.3 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Manager Server 4.1 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Manager Retail Branch Server 4.1 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Manager Proxy 4.1 (x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Manager Proxy 4.1 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Micro 5.2 (noarch): vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 vim-small-8.2.5038-150000.5.21.1 vim-small-debuginfo-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise Micro 5.1 (noarch): vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Enterprise Storage 7 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 - SUSE Enterprise Storage 6 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE CaaS Platform 4.0 (noarch): vim-data-8.2.5038-150000.5.21.1 vim-data-common-8.2.5038-150000.5.21.1 - SUSE CaaS Platform 4.0 (x86_64): gvim-8.2.5038-150000.5.21.1 gvim-debuginfo-8.2.5038-150000.5.21.1 vim-8.2.5038-150000.5.21.1 vim-debuginfo-8.2.5038-150000.5.21.1 vim-debugsource-8.2.5038-150000.5.21.1 References: https://www.suse.com/security/cve/CVE-2017-17087.html https://www.suse.com/security/cve/CVE-2021-3778.html https://www.suse.com/security/cve/CVE-2021-3796.html https://www.suse.com/security/cve/CVE-2021-3872.html https://www.suse.com/security/cve/CVE-2021-3875.html https://www.suse.com/security/cve/CVE-2021-3903.html https://www.suse.com/security/cve/CVE-2021-3927.html https://www.suse.com/security/cve/CVE-2021-3928.html https://www.suse.com/security/cve/CVE-2021-3968.html https://www.suse.com/security/cve/CVE-2021-3973.html https://www.suse.com/security/cve/CVE-2021-3974.html https://www.suse.com/security/cve/CVE-2021-3984.html https://www.suse.com/security/cve/CVE-2021-4019.html https://www.suse.com/security/cve/CVE-2021-4069.html https://www.suse.com/security/cve/CVE-2021-4136.html https://www.suse.com/security/cve/CVE-2021-4166.html https://www.suse.com/security/cve/CVE-2021-4192.html https://www.suse.com/security/cve/CVE-2021-4193.html https://www.suse.com/security/cve/CVE-2021-46059.html https://www.suse.com/security/cve/CVE-2022-0128.html https://www.suse.com/security/cve/CVE-2022-0213.html https://www.suse.com/security/cve/CVE-2022-0261.html https://www.suse.com/security/cve/CVE-2022-0318.html https://www.suse.com/security/cve/CVE-2022-0319.html https://www.suse.com/security/cve/CVE-2022-0351.html https://www.suse.com/security/cve/CVE-2022-0359.html https://www.suse.com/security/cve/CVE-2022-0361.html https://www.suse.com/security/cve/CVE-2022-0392.html https://www.suse.com/security/cve/CVE-2022-0407.html https://www.suse.com/security/cve/CVE-2022-0413.html https://www.suse.com/security/cve/CVE-2022-0696.html https://www.suse.com/security/cve/CVE-2022-1381.html https://www.suse.com/security/cve/CVE-2022-1420.html https://www.suse.com/security/cve/CVE-2022-1616.html https://www.suse.com/security/cve/CVE-2022-1619.html https://www.suse.com/security/cve/CVE-2022-1620.html https://www.suse.com/security/cve/CVE-2022-1733.html https://www.suse.com/security/cve/CVE-2022-1735.html https://www.suse.com/security/cve/CVE-2022-1771.html https://www.suse.com/security/cve/CVE-2022-1785.html https://www.suse.com/security/cve/CVE-2022-1796.html https://www.suse.com/security/cve/CVE-2022-1851.html https://www.suse.com/security/cve/CVE-2022-1897.html https://www.suse.com/security/cve/CVE-2022-1898.html https://www.suse.com/security/cve/CVE-2022-1927.html https://bugzilla.suse.com/1070955 https://bugzilla.suse.com/1191770 https://bugzilla.suse.com/1192167 https://bugzilla.suse.com/1192902 https://bugzilla.suse.com/1192903 https://bugzilla.suse.com/1192904 https://bugzilla.suse.com/1193466 https://bugzilla.suse.com/1193905 https://bugzilla.suse.com/1194093 https://bugzilla.suse.com/1194216 https://bugzilla.suse.com/1194217 https://bugzilla.suse.com/1194388 https://bugzilla.suse.com/1194872 https://bugzilla.suse.com/1194885 https://bugzilla.suse.com/1195004 https://bugzilla.suse.com/1195203 https://bugzilla.suse.com/1195332 https://bugzilla.suse.com/1195354 https://bugzilla.suse.com/1196361 https://bugzilla.suse.com/1198596 https://bugzilla.suse.com/1198748 https://bugzilla.suse.com/1199331 https://bugzilla.suse.com/1199333 https://bugzilla.suse.com/1199334 https://bugzilla.suse.com/1199651 https://bugzilla.suse.com/1199655 https://bugzilla.suse.com/1199693 https://bugzilla.suse.com/1199745 https://bugzilla.suse.com/1199747 https://bugzilla.suse.com/1199936 https://bugzilla.suse.com/1200010 https://bugzilla.suse.com/1200011 https://bugzilla.suse.com/1200012

1 0

SUSE-SU-2022:2108-1: important: Security update for rubygem-actionpack-5_1, rubygem-activesupport-5_1
by opensuse-security＠opensuse.org 16 Jun '22

16 Jun '22

SUSE Security Update: Security update for rubygem-actionpack-5_1, rubygem-activesupport-5_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2108-1 Rating: important References: #1185780 #1196182 Cross-References: CVE-2021-22904 CVE-2022-23633 CVSS scores: CVE-2021-22904 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22904 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23633 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-23633 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-actionpack-5_1 and rubygem-activesupport-5_1 fixes the following issues: - CVE-2021-22904: Fixed possible DoS Vulnerability in Action Controller Token Authentication (bsc#1185780) - CVE-2022-23633: Fixed possible exposure of information vulnerability in Action Pack (bsc#1196182) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2108=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2108=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2108=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2108=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2108=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2108=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2108=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-actionpack-5_1-5.1.4-150000.3.12.1 ruby2.5-rubygem-activesupport-5_1-5.1.4-150000.3.6.1 References: https://www.suse.com/security/cve/CVE-2021-22904.html https://www.suse.com/security/cve/CVE-2022-23633.html https://bugzilla.suse.com/1185780 https://bugzilla.suse.com/1196182

1 0

openSUSE-SU-2022:10005-1: important: Security update for chromium
by opensuse-security＠opensuse.org 15 Jun '22

15 Jun '22

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10005-1 Rating: important References: #1199893 Cross-References: CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856 CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861 CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866 CVE-2022-1867 CVE-2022-1868 CVE-2022-1869 CVE-2022-1870 CVE-2022-1871 CVE-2022-1872 CVE-2022-1873 CVE-2022-1874 CVE-2022-1875 CVE-2022-1876 Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes 24 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 102.0.5001.61 (boo#1199893) * CVE-2022-1853: Use after free in Indexed DB * CVE-2022-1854: Use after free in ANGLE * CVE-2022-1855: Use after free in Messaging * CVE-2022-1856: Use after free in User Education * CVE-2022-1857: Insufficient policy enforcement in File System API * CVE-2022-1858: Out of bounds read in DevTools * CVE-2022-1859: Use after free in Performance Manager * CVE-2022-1860: Use after free in UI Foundations * CVE-2022-1861: Use after free in Sharing * CVE-2022-1862: Inappropriate implementation in Extensions * CVE-2022-1863: Use after free in Tab Groups * CVE-2022-1864: Use after free in WebApp Installs * CVE-2022-1865: Use after free in Bookmarks * CVE-2022-1866: Use after free in Tablet Mode * CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer * CVE-2022-1868: Inappropriate implementation in Extensions API * CVE-2022-1869: Type Confusion in V8 * CVE-2022-1870: Use after free in App Service * CVE-2022-1871: Insufficient policy enforcement in File System API * CVE-2022-1872: Insufficient policy enforcement in Extensions API * CVE-2022-1873: Insufficient policy enforcement in COOP * CVE-2022-1874: Insufficient policy enforcement in Safe Browsing * CVE-2022-1875: Inappropriate implementation in PDF * CVE-2022-1876: Heap buffer overflow in DevTools - Chromium 101.0.4951.67 * fixes for other platforms Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10005=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): chromedriver-102.0.5005.61-bp154.2.5.3 chromedriver-debuginfo-102.0.5005.61-bp154.2.5.3 chromium-102.0.5005.61-bp154.2.5.3 chromium-debuginfo-102.0.5005.61-bp154.2.5.3 References: https://www.suse.com/security/cve/CVE-2022-1853.html https://www.suse.com/security/cve/CVE-2022-1854.html https://www.suse.com/security/cve/CVE-2022-1855.html https://www.suse.com/security/cve/CVE-2022-1856.html https://www.suse.com/security/cve/CVE-2022-1857.html https://www.suse.com/security/cve/CVE-2022-1858.html https://www.suse.com/security/cve/CVE-2022-1859.html https://www.suse.com/security/cve/CVE-2022-1860.html https://www.suse.com/security/cve/CVE-2022-1861.html https://www.suse.com/security/cve/CVE-2022-1862.html https://www.suse.com/security/cve/CVE-2022-1863.html https://www.suse.com/security/cve/CVE-2022-1864.html https://www.suse.com/security/cve/CVE-2022-1865.html https://www.suse.com/security/cve/CVE-2022-1866.html https://www.suse.com/security/cve/CVE-2022-1867.html https://www.suse.com/security/cve/CVE-2022-1868.html https://www.suse.com/security/cve/CVE-2022-1869.html https://www.suse.com/security/cve/CVE-2022-1870.html https://www.suse.com/security/cve/CVE-2022-1871.html https://www.suse.com/security/cve/CVE-2022-1872.html https://www.suse.com/security/cve/CVE-2022-1873.html https://www.suse.com/security/cve/CVE-2022-1874.html https://www.suse.com/security/cve/CVE-2022-1875.html https://www.suse.com/security/cve/CVE-2022-1876.html https://bugzilla.suse.com/1199893

1 0