June 2022 - openSUSE Security Announce

SUSE-SU-2022:2071-1: important: Security update for webkit2gtk3
by opensuse-security＠opensuse.org 14 Jun '22

14 Jun '22

SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2071-1 Rating: important References: #1199287 #1200106 Cross-References: CVE-2022-26700 CVE-2022-26709 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-30293 CVSS scores: CVE-2022-26700 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26709 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26716 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26717 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-26719 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30293 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30293 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 (bsc#1200106) - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287). - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26709: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26716: Fixed use after free issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26717: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). - CVE-2022-26719: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted web content (bsc#1200106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2071=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2071=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2071=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2071=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_1-0-debuginfo-2.36.3-150400.4.3.1 libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1 libjavascriptcoregtk-5_0-0-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1 libwebkit2gtk-5_0-0-debuginfo-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1 typelib-1_0-WebKit2WebExtension-5_0-2.36.3-150400.4.3.1 webkit-jsc-4-2.36.3-150400.4.3.1 webkit-jsc-4-debuginfo-2.36.3-150400.4.3.1 webkit-jsc-4.1-2.36.3-150400.4.3.1 webkit-jsc-4.1-debuginfo-2.36.3-150400.4.3.1 webkit-jsc-5.0-2.36.3-150400.4.3.1 webkit-jsc-5.0-debuginfo-2.36.3-150400.4.3.1 webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk3-debugsource-2.36.3-150400.4.3.1 webkit2gtk3-devel-2.36.3-150400.4.3.1 webkit2gtk3-minibrowser-2.36.3-150400.4.3.1 webkit2gtk3-minibrowser-debuginfo-2.36.3-150400.4.3.1 webkit2gtk3-soup2-debugsource-2.36.3-150400.4.3.1 webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1 webkit2gtk3-soup2-minibrowser-2.36.3-150400.4.3.1 webkit2gtk3-soup2-minibrowser-debuginfo-2.36.3-150400.4.3.1 webkit2gtk4-debugsource-2.36.3-150400.4.3.1 webkit2gtk4-devel-2.36.3-150400.4.3.1 webkit2gtk4-minibrowser-2.36.3-150400.4.3.1 webkit2gtk4-minibrowser-debuginfo-2.36.3-150400.4.3.1 - openSUSE Leap 15.4 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_1-0-32bit-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-32bit-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-32bit-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-32bit-debuginfo-2.36.3-150400.4.3.1 - openSUSE Leap 15.4 (noarch): WebKit2GTK-4.0-lang-2.36.3-150400.4.3.1 WebKit2GTK-4.1-lang-2.36.3-150400.4.3.1 WebKit2GTK-5.0-lang-2.36.3-150400.4.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1 libjavascriptcoregtk-5_0-0-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1 libwebkit2gtk-5_0-0-debuginfo-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1 webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk4-debugsource-2.36.3-150400.4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_1-0-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1 libwebkit2gtk-4_1-0-debuginfo-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1 typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1 webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk3-debugsource-2.36.3-150400.4.3.1 webkit2gtk3-devel-2.36.3-150400.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1 libwebkit2gtk-4_0-37-debuginfo-2.36.3-150400.4.3.1 typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1 webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1 webkit2gtk3-soup2-debugsource-2.36.3-150400.4.3.1 webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1 References: https://www.suse.com/security/cve/CVE-2022-26700.html https://www.suse.com/security/cve/CVE-2022-26709.html https://www.suse.com/security/cve/CVE-2022-26716.html https://www.suse.com/security/cve/CVE-2022-26717.html https://www.suse.com/security/cve/CVE-2022-26719.html https://www.suse.com/security/cve/CVE-2022-30293.html https://bugzilla.suse.com/1199287 https://bugzilla.suse.com/1200106

1 0

SUSE-SU-2022:2070-1: important: Security update for python-Twisted
by opensuse-security＠opensuse.org 14 Jun '22

14 Jun '22

SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2070-1 Rating: important References: #1196739 Cross-References: CVE-2022-21716 CVSS scores: CVE-2022-21716 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21716 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2070=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2070=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2070=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2070=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2070=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2070=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2070=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2070=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2070=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2070=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2070=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2070=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2070=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.12.1 python-Twisted-debugsource-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.12.1 python-Twisted-debugsource-19.10.0-150200.3.12.1 python-Twisted-doc-19.10.0-150200.3.12.1 python2-Twisted-19.10.0-150200.3.12.1 python2-Twisted-debuginfo-19.10.0-150200.3.12.1 python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Manager Proxy 4.1 (x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.12.1 python-Twisted-debugsource-19.10.0-150200.3.12.1 python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debugsource-19.10.0-150200.3.12.1 python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python3-Twisted-19.10.0-150200.3.12.1 python3-Twisted-debuginfo-19.10.0-150200.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-21716.html https://bugzilla.suse.com/1196739

1 0

SUSE-SU-2022:2063-1: moderate: Security update for gimp
by opensuse-security＠opensuse.org 13 Jun '22

13 Jun '22

SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2063-1 Rating: moderate References: #1199653 Cross-References: CVE-2022-30067 CVSS scores: CVE-2022-30067 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-30067 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gimp fixes the following issues: - CVE-2022-30067: Fixed uncontrolled memory consumption via crafted XCF file (bsc#1199653). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2063=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2063=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2063=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gimp-2.10.12-150300.9.3.1 gimp-debuginfo-2.10.12-150300.9.3.1 gimp-debugsource-2.10.12-150300.9.3.1 gimp-devel-2.10.12-150300.9.3.1 gimp-devel-debuginfo-2.10.12-150300.9.3.1 gimp-plugin-aa-2.10.12-150300.9.3.1 gimp-plugin-aa-debuginfo-2.10.12-150300.9.3.1 libgimp-2_0-0-2.10.12-150300.9.3.1 libgimp-2_0-0-debuginfo-2.10.12-150300.9.3.1 libgimpui-2_0-0-2.10.12-150300.9.3.1 libgimpui-2_0-0-debuginfo-2.10.12-150300.9.3.1 - openSUSE Leap 15.3 (noarch): gimp-lang-2.10.12-150300.9.3.1 - openSUSE Leap 15.3 (x86_64): libgimp-2_0-0-32bit-2.10.12-150300.9.3.1 libgimp-2_0-0-32bit-debuginfo-2.10.12-150300.9.3.1 libgimpui-2_0-0-32bit-2.10.12-150300.9.3.1 libgimpui-2_0-0-32bit-debuginfo-2.10.12-150300.9.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gimp-2.10.12-150300.9.3.1 gimp-debuginfo-2.10.12-150300.9.3.1 gimp-debugsource-2.10.12-150300.9.3.1 gimp-devel-2.10.12-150300.9.3.1 gimp-devel-debuginfo-2.10.12-150300.9.3.1 libgimp-2_0-0-2.10.12-150300.9.3.1 libgimp-2_0-0-debuginfo-2.10.12-150300.9.3.1 libgimpui-2_0-0-2.10.12-150300.9.3.1 libgimpui-2_0-0-debuginfo-2.10.12-150300.9.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): gimp-lang-2.10.12-150300.9.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): gimp-debuginfo-2.10.12-150300.9.3.1 gimp-debugsource-2.10.12-150300.9.3.1 libgimp-2_0-0-2.10.12-150300.9.3.1 libgimp-2_0-0-debuginfo-2.10.12-150300.9.3.1 libgimpui-2_0-0-2.10.12-150300.9.3.1 libgimpui-2_0-0-debuginfo-2.10.12-150300.9.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64): gimp-2.10.12-150300.9.3.1 gimp-devel-2.10.12-150300.9.3.1 gimp-devel-debuginfo-2.10.12-150300.9.3.1 gimp-plugin-aa-2.10.12-150300.9.3.1 gimp-plugin-aa-debuginfo-2.10.12-150300.9.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): gimp-lang-2.10.12-150300.9.3.1 References: https://www.suse.com/security/cve/CVE-2022-30067.html https://bugzilla.suse.com/1199653

1 0

SUSE-SU-2022:2065-1: important: Security update for xen
by opensuse-security＠opensuse.org 13 Jun '22

13 Jun '22

SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2065-1 Rating: important References: #1027519 #1197426 #1199965 #1199966 Cross-References: CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVSS scores: CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26362 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426) - CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965) - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2065=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2065=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2065=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2065=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2065=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): xen-4.14.5_02-150300.3.29.1 xen-debugsource-4.14.5_02-150300.3.29.1 xen-devel-4.14.5_02-150300.3.29.1 xen-doc-html-4.14.5_02-150300.3.29.1 xen-libs-4.14.5_02-150300.3.29.1 xen-libs-debuginfo-4.14.5_02-150300.3.29.1 xen-tools-4.14.5_02-150300.3.29.1 xen-tools-debuginfo-4.14.5_02-150300.3.29.1 xen-tools-domU-4.14.5_02-150300.3.29.1 xen-tools-domU-debuginfo-4.14.5_02-150300.3.29.1 - openSUSE Leap 15.3 (x86_64): xen-libs-32bit-4.14.5_02-150300.3.29.1 xen-libs-32bit-debuginfo-4.14.5_02-150300.3.29.1 - openSUSE Leap 15.3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_02-150300.3.29.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.5_02-150300.3.29.1 xen-debugsource-4.14.5_02-150300.3.29.1 xen-devel-4.14.5_02-150300.3.29.1 xen-tools-4.14.5_02-150300.3.29.1 xen-tools-debuginfo-4.14.5_02-150300.3.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.5_02-150300.3.29.1 xen-libs-4.14.5_02-150300.3.29.1 xen-libs-debuginfo-4.14.5_02-150300.3.29.1 xen-tools-domU-4.14.5_02-150300.3.29.1 xen-tools-domU-debuginfo-4.14.5_02-150300.3.29.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): xen-debugsource-4.14.5_02-150300.3.29.1 xen-libs-4.14.5_02-150300.3.29.1 xen-libs-debuginfo-4.14.5_02-150300.3.29.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.5_02-150300.3.29.1 xen-libs-4.14.5_02-150300.3.29.1 xen-libs-debuginfo-4.14.5_02-150300.3.29.1 References: https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1197426 https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966

1 0

SUSE-SU-2022:2064-1: important: Security update for grub2
by opensuse-security＠opensuse.org 13 Jun '22

13 Jun '22

SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2064-1 Rating: important References: #1191184 #1191185 #1191186 #1193282 #1197948 #1198460 #1198493 #1198495 #1198496 #1198581 Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVSS scores: CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28735 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has three fixes is now available. Description: This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2064=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2064=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-2064=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2064=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2064=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): grub2-2.04-150300.22.20.2 grub2-branding-upstream-2.04-150300.22.20.2 grub2-debuginfo-2.04-150300.22.20.2 - openSUSE Leap 15.3 (aarch64 s390x x86_64): grub2-debugsource-2.04-150300.22.20.2 - openSUSE Leap 15.3 (noarch): grub2-arm64-efi-2.04-150300.22.20.2 grub2-arm64-efi-debug-2.04-150300.22.20.2 grub2-i386-pc-2.04-150300.22.20.2 grub2-i386-pc-debug-2.04-150300.22.20.2 grub2-powerpc-ieee1275-2.04-150300.22.20.2 grub2-powerpc-ieee1275-debug-2.04-150300.22.20.2 grub2-snapper-plugin-2.04-150300.22.20.2 grub2-systemd-sleep-plugin-2.04-150300.22.20.2 grub2-x86_64-efi-2.04-150300.22.20.2 grub2-x86_64-efi-debug-2.04-150300.22.20.2 grub2-x86_64-xen-2.04-150300.22.20.2 - openSUSE Leap 15.3 (s390x): grub2-s390x-emu-2.04-150300.22.20.2 grub2-s390x-emu-debug-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): grub2-x86_64-xen-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): grub2-arm64-efi-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.04-150300.22.20.2 grub2-debuginfo-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): grub2-arm64-efi-2.04-150300.22.20.2 grub2-i386-pc-2.04-150300.22.20.2 grub2-powerpc-ieee1275-2.04-150300.22.20.2 grub2-snapper-plugin-2.04-150300.22.20.2 grub2-systemd-sleep-plugin-2.04-150300.22.20.2 grub2-x86_64-efi-2.04-150300.22.20.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): grub2-s390x-emu-2.04-150300.22.20.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): grub2-2.04-150300.22.20.2 grub2-debuginfo-2.04-150300.22.20.2 grub2-debugsource-2.04-150300.22.20.2 - SUSE Linux Enterprise Micro 5.2 (noarch): grub2-arm64-efi-2.04-150300.22.20.2 grub2-i386-pc-2.04-150300.22.20.2 grub2-snapper-plugin-2.04-150300.22.20.2 grub2-x86_64-efi-2.04-150300.22.20.2 grub2-x86_64-xen-2.04-150300.22.20.2 - SUSE Linux Enterprise Micro 5.2 (s390x): grub2-s390x-emu-2.04-150300.22.20.2 References: https://www.suse.com/security/cve/CVE-2021-3695.html https://www.suse.com/security/cve/CVE-2021-3696.html https://www.suse.com/security/cve/CVE-2021-3697.html https://www.suse.com/security/cve/CVE-2022-28733.html https://www.suse.com/security/cve/CVE-2022-28734.html https://www.suse.com/security/cve/CVE-2022-28735.html https://www.suse.com/security/cve/CVE-2022-28736.html https://bugzilla.suse.com/1191184 https://bugzilla.suse.com/1191185 https://bugzilla.suse.com/1191186 https://bugzilla.suse.com/1193282 https://bugzilla.suse.com/1197948 https://bugzilla.suse.com/1198460 https://bugzilla.suse.com/1198493 https://bugzilla.suse.com/1198495 https://bugzilla.suse.com/1198496 https://bugzilla.suse.com/1198581

1 0

SUSE-SU-2022:2062-1: important: Security update for MozillaThunderbird
by opensuse-security＠opensuse.org 13 Jun '22

13 Jun '22

SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2062-1 Rating: important References: #1199768 #1200027 Cross-References: CVE-2022-1529 CVE-2022-1802 CVE-2022-1834 CVE-2022-31736 CVE-2022-31737 CVE-2022-31738 CVE-2022-31739 CVE-2022-31740 CVE-2022-31741 CVE-2022-31742 CVE-2022-31747 CVSS scores: CVE-2022-1529 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1802 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1834 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31736 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31737 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31738 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31739 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31740 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31742 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-31747 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 91.9.1 MFSA 2022-19 (bsc#1199768): - CVE-2022-1802: Prototype pollution in Top-Level Await implementation (bmo#1770137). - CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution (bmo#1770048). Update to Mozilla Thunderbird 91.10 MFSA 2022-22 (bsc#1200027): - CVE-2022-31736: Cross-Origin resource's length leaked (bmo#1735923) - CVE-2022-31737: Heap buffer overflow in WebGL (bmo#1743767) - CVE-2022-31738: Browser window spoof using fullscreen mode (bmo#1756388) - CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files (bmo#1765049) - CVE-2022-31740: Register allocation problem in WASM on arm64 (bmo#1766806) - CVE-2022-31741: Uninitialized variable leads to invalid memory read (bmo#1767590) - CVE-2022-1834: Braille space character caused incorrect sender email to be shown for a digitally signed email (bmo#1767816) - CVE-2022-31742: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (bmo#1730434) - CVE-2022-31747: Memory safety bugs fixed in Thunderbird 91.10 (bmo#1760765, bmo#1765610, bmo#1766283, bmo#1767365, bmo#1768559, bmo#1768734) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2062=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2062=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2062=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2062=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2062=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2062=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.10.0-150200.8.73.1 MozillaThunderbird-debuginfo-91.10.0-150200.8.73.1 MozillaThunderbird-debugsource-91.10.0-150200.8.73.1 MozillaThunderbird-translations-common-91.10.0-150200.8.73.1 MozillaThunderbird-translations-other-91.10.0-150200.8.73.1 References: https://www.suse.com/security/cve/CVE-2022-1529.html https://www.suse.com/security/cve/CVE-2022-1802.html https://www.suse.com/security/cve/CVE-2022-1834.html https://www.suse.com/security/cve/CVE-2022-31736.html https://www.suse.com/security/cve/CVE-2022-31737.html https://www.suse.com/security/cve/CVE-2022-31738.html https://www.suse.com/security/cve/CVE-2022-31739.html https://www.suse.com/security/cve/CVE-2022-31740.html https://www.suse.com/security/cve/CVE-2022-31741.html https://www.suse.com/security/cve/CVE-2022-31742.html https://www.suse.com/security/cve/CVE-2022-31747.html https://bugzilla.suse.com/1199768 https://bugzilla.suse.com/1200027

1 0

SUSE-SU-2022:2056-1: important: Security update for u-boot
by opensuse-security＠opensuse.org 13 Jun '22

13 Jun '22

SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2056-1 Rating: important References: #1200363 #1200364 Cross-References: CVE-2022-30552 CVE-2022-30790 CVSS scores: CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (CVE-2022-30552, bsc#1200363) - A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (CVE-2022-30790, bsc#1200364) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2056=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2056=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2056=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2056=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2056=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2056=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2056=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2056=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2056=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2056=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2056=1 Package List: - openSUSE Leap 15.4 (aarch64): u-boot-xilinxzynqmpgeneric-2020.01-150200.10.12.1 u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.12.1 - openSUSE Leap 15.3 (aarch64): u-boot-xilinxzynqmpgeneric-2020.01-150200.10.12.1 u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.12.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Manager Proxy 4.1 (x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64): u-boot-rpiarm64-2020.01-150200.10.12.1 u-boot-rpiarm64-doc-2020.01-150200.10.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64): u-boot-rpiarm64-2020.01-150200.10.12.1 u-boot-rpiarm64-doc-2020.01-150200.10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64): u-boot-rpiarm64-2020.01-150200.10.12.1 u-boot-rpiarm64-doc-2020.01-150200.10.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): u-boot-tools-2020.01-150200.10.12.1 u-boot-tools-debuginfo-2020.01-150200.10.12.1 - SUSE Enterprise Storage 7 (aarch64): u-boot-rpiarm64-2020.01-150200.10.12.1 u-boot-rpiarm64-doc-2020.01-150200.10.12.1 References: https://www.suse.com/security/cve/CVE-2022-30552.html https://www.suse.com/security/cve/CVE-2022-30790.html https://bugzilla.suse.com/1200363 https://bugzilla.suse.com/1200364

1 0

SUSE-SU-2022:2047-1: moderate: Security update for netty3
by opensuse-security＠opensuse.org 13 Jun '22

13 Jun '22

SUSE Security Update: Security update for netty3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2047-1 Rating: moderate References: #1193672 #1197787 Cross-References: CVE-2021-43797 CVSS scores: CVE-2021-43797 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-43797 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for netty3 fixes the following issues: - CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to insufficient validation against control characters (bsc#1193672). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2047=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2047=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2047=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2047=1 Package List: - openSUSE Leap 15.4 (noarch): netty3-3.10.6-150200.3.3.2 netty3-javadoc-3.10.6-150200.3.3.2 - openSUSE Leap 15.3 (noarch): netty3-3.10.6-150200.3.3.2 netty3-javadoc-3.10.6-150200.3.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): netty3-3.10.6-150200.3.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): netty3-3.10.6-150200.3.3.2 References: https://www.suse.com/security/cve/CVE-2021-43797.html https://bugzilla.suse.com/1193672 https://bugzilla.suse.com/1197787

1 0

SUSE-SU-2022:2053-1: important: Security update for u-boot
by opensuse-security＠opensuse.org 13 Jun '22

13 Jun '22

SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2053-1 Rating: important References: #1199623 #1200363 #1200364 Cross-References: CVE-2022-30552 CVE-2022-30767 CVE-2022-30790 CVSS scores: CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-30767 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30767 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. (bsc#1200363) - CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. (bsc#1200364) - CVE-2022-30767: Fixed an unbounded memcpy with a failed length check leading to a buffer overflow (bsc#1199623). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2053=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2053=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.01-150300.7.12.1 u-boot-tools-debuginfo-2021.01-150300.7.12.1 - openSUSE Leap 15.3 (aarch64): u-boot-avnetultra96rev1-2021.01-150300.7.12.1 u-boot-avnetultra96rev1-doc-2021.01-150300.7.12.1 u-boot-bananapim64-2021.01-150300.7.12.1 u-boot-bananapim64-doc-2021.01-150300.7.12.1 u-boot-dragonboard410c-2021.01-150300.7.12.1 u-boot-dragonboard410c-doc-2021.01-150300.7.12.1 u-boot-dragonboard820c-2021.01-150300.7.12.1 u-boot-dragonboard820c-doc-2021.01-150300.7.12.1 u-boot-evb-rk3399-2021.01-150300.7.12.1 u-boot-evb-rk3399-doc-2021.01-150300.7.12.1 u-boot-firefly-rk3399-2021.01-150300.7.12.1 u-boot-firefly-rk3399-doc-2021.01-150300.7.12.1 u-boot-geekbox-2021.01-150300.7.12.1 u-boot-geekbox-doc-2021.01-150300.7.12.1 u-boot-hikey-2021.01-150300.7.12.1 u-boot-hikey-doc-2021.01-150300.7.12.1 u-boot-khadas-vim-2021.01-150300.7.12.1 u-boot-khadas-vim-doc-2021.01-150300.7.12.1 u-boot-khadas-vim2-2021.01-150300.7.12.1 u-boot-khadas-vim2-doc-2021.01-150300.7.12.1 u-boot-libretech-ac-2021.01-150300.7.12.1 u-boot-libretech-ac-doc-2021.01-150300.7.12.1 u-boot-libretech-cc-2021.01-150300.7.12.1 u-boot-libretech-cc-doc-2021.01-150300.7.12.1 u-boot-ls1012afrdmqspi-2021.01-150300.7.12.1 u-boot-ls1012afrdmqspi-doc-2021.01-150300.7.12.1 u-boot-mvebudb-88f3720-2021.01-150300.7.12.1 u-boot-mvebudb-88f3720-doc-2021.01-150300.7.12.1 u-boot-mvebudbarmada8k-2021.01-150300.7.12.1 u-boot-mvebudbarmada8k-doc-2021.01-150300.7.12.1 u-boot-mvebuespressobin-88f3720-2021.01-150300.7.12.1 u-boot-mvebuespressobin-88f3720-doc-2021.01-150300.7.12.1 u-boot-mvebumcbin-88f8040-2021.01-150300.7.12.1 u-boot-mvebumcbin-88f8040-doc-2021.01-150300.7.12.1 u-boot-nanopia64-2021.01-150300.7.12.1 u-boot-nanopia64-doc-2021.01-150300.7.12.1 u-boot-odroid-c2-2021.01-150300.7.12.1 u-boot-odroid-c2-doc-2021.01-150300.7.12.1 u-boot-odroid-c4-2021.01-150300.7.12.1 u-boot-odroid-c4-doc-2021.01-150300.7.12.1 u-boot-odroid-n2-2021.01-150300.7.12.1 u-boot-odroid-n2-doc-2021.01-150300.7.12.1 u-boot-orangepipc2-2021.01-150300.7.12.1 u-boot-orangepipc2-doc-2021.01-150300.7.12.1 u-boot-p2371-2180-2021.01-150300.7.12.1 u-boot-p2371-2180-doc-2021.01-150300.7.12.1 u-boot-p2771-0000-500-2021.01-150300.7.12.1 u-boot-p2771-0000-500-doc-2021.01-150300.7.12.1 u-boot-p3450-0000-2021.01-150300.7.12.1 u-boot-p3450-0000-doc-2021.01-150300.7.12.1 u-boot-pine64plus-2021.01-150300.7.12.1 u-boot-pine64plus-doc-2021.01-150300.7.12.1 u-boot-pinebook-2021.01-150300.7.12.1 u-boot-pinebook-doc-2021.01-150300.7.12.1 u-boot-pinebook-pro-rk3399-2021.01-150300.7.12.1 u-boot-pinebook-pro-rk3399-doc-2021.01-150300.7.12.1 u-boot-pineh64-2021.01-150300.7.12.1 u-boot-pineh64-doc-2021.01-150300.7.12.1 u-boot-pinephone-2021.01-150300.7.12.1 u-boot-pinephone-doc-2021.01-150300.7.12.1 u-boot-poplar-2021.01-150300.7.12.1 u-boot-poplar-doc-2021.01-150300.7.12.1 u-boot-rock-pi-4-rk3399-2021.01-150300.7.12.1 u-boot-rock-pi-4-rk3399-doc-2021.01-150300.7.12.1 u-boot-rock64-rk3328-2021.01-150300.7.12.1 u-boot-rock64-rk3328-doc-2021.01-150300.7.12.1 u-boot-rock960-rk3399-2021.01-150300.7.12.1 u-boot-rock960-rk3399-doc-2021.01-150300.7.12.1 u-boot-rockpro64-rk3399-2021.01-150300.7.12.1 u-boot-rockpro64-rk3399-doc-2021.01-150300.7.12.1 u-boot-rpi3-2021.01-150300.7.12.1 u-boot-rpi3-doc-2021.01-150300.7.12.1 u-boot-rpi4-2021.01-150300.7.12.1 u-boot-rpi4-doc-2021.01-150300.7.12.1 u-boot-rpiarm64-2021.01-150300.7.12.1 u-boot-rpiarm64-doc-2021.01-150300.7.12.1 u-boot-xilinxzynqmpvirt-2021.01-150300.7.12.1 u-boot-xilinxzynqmpvirt-doc-2021.01-150300.7.12.1 u-boot-xilinxzynqmpzcu102rev10-2021.01-150300.7.12.1 u-boot-xilinxzynqmpzcu102rev10-doc-2021.01-150300.7.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.01-150300.7.12.1 u-boot-tools-debuginfo-2021.01-150300.7.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): u-boot-rpiarm64-2021.01-150300.7.12.1 u-boot-rpiarm64-doc-2021.01-150300.7.12.1 References: https://www.suse.com/security/cve/CVE-2022-30552.html https://www.suse.com/security/cve/CVE-2022-30767.html https://www.suse.com/security/cve/CVE-2022-30790.html https://bugzilla.suse.com/1199623 https://bugzilla.suse.com/1200363 https://bugzilla.suse.com/1200364

1 0

SUSE-SU-2022:2044-1: important: Security update for google-gson
by opensuse-security＠opensuse.org 10 Jun '22

10 Jun '22

SUSE Security Update: Security update for google-gson ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2044-1 Rating: important References: #1199064 SLE-24261 Cross-References: CVE-2022-25647 CVSS scores: CVE-2022-25647 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25647 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for google-gson fixes the following issues: - CVE-2022-25647: Fixed deserialization of untrusted data (bsc#1199064). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2044=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2044=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2044=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2044=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2044=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2044=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2044=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2044=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2044=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2044=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2044=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2044=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2044=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2044=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2044=1 Package List: - openSUSE Leap 15.4 (noarch): google-gson-2.8.9-150200.3.6.3 google-gson-javadoc-2.8.9-150200.3.6.3 - openSUSE Leap 15.3 (noarch): google-gson-2.8.9-150200.3.6.3 google-gson-javadoc-2.8.9-150200.3.6.3 - SUSE Manager Server 4.1 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Manager Retail Branch Server 4.1 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Manager Proxy 4.1 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): google-gson-2.8.9-150200.3.6.3 - SUSE Enterprise Storage 7 (noarch): google-gson-2.8.9-150200.3.6.3 References: https://www.suse.com/security/cve/CVE-2022-25647.html https://bugzilla.suse.com/1199064

1 0