SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2071-1
Rating: important
References: #1199287 #1200106
Cross-References: CVE-2022-26700 CVE-2022-26709 CVE-2022-26716
CVE-2022-26717 CVE-2022-26719 CVE-2022-30293
CVSS scores:
CVE-2022-26700 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26709 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26716 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26717 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26719 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-30293 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-30293 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
Update to version 2.36.3 (bsc#1200106)
- CVE-2022-30293: Fixed heap-based buffer overflow in
WebCore::TextureMapperLayer::setContentsLayer (bsc#1199287).
- CVE-2022-26700: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26709: Fixed use after free issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26716: Fixed use after free issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26717: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
- CVE-2022-26719: Fixed memory corruption issue that may lead to code
execution when processing maliciously crafted web content (bsc#1200106).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2071=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2071=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2071=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2071=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_1-0-debuginfo-2.36.3-150400.4.3.1
libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1
libjavascriptcoregtk-5_0-0-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1
libwebkit2gtk-5_0-0-debuginfo-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1
typelib-1_0-WebKit2WebExtension-5_0-2.36.3-150400.4.3.1
webkit-jsc-4-2.36.3-150400.4.3.1
webkit-jsc-4-debuginfo-2.36.3-150400.4.3.1
webkit-jsc-4.1-2.36.3-150400.4.3.1
webkit-jsc-4.1-debuginfo-2.36.3-150400.4.3.1
webkit-jsc-5.0-2.36.3-150400.4.3.1
webkit-jsc-5.0-debuginfo-2.36.3-150400.4.3.1
webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-4_1-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-5_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk3-debugsource-2.36.3-150400.4.3.1
webkit2gtk3-devel-2.36.3-150400.4.3.1
webkit2gtk3-minibrowser-2.36.3-150400.4.3.1
webkit2gtk3-minibrowser-debuginfo-2.36.3-150400.4.3.1
webkit2gtk3-soup2-debugsource-2.36.3-150400.4.3.1
webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1
webkit2gtk3-soup2-minibrowser-2.36.3-150400.4.3.1
webkit2gtk3-soup2-minibrowser-debuginfo-2.36.3-150400.4.3.1
webkit2gtk4-debugsource-2.36.3-150400.4.3.1
webkit2gtk4-devel-2.36.3-150400.4.3.1
webkit2gtk4-minibrowser-2.36.3-150400.4.3.1
webkit2gtk4-minibrowser-debuginfo-2.36.3-150400.4.3.1
- openSUSE Leap 15.4 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_1-0-32bit-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-32bit-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-32bit-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-32bit-debuginfo-2.36.3-150400.4.3.1
- openSUSE Leap 15.4 (noarch):
WebKit2GTK-4.0-lang-2.36.3-150400.4.3.1
WebKit2GTK-4.1-lang-2.36.3-150400.4.3.1
WebKit2GTK-5.0-lang-2.36.3-150400.4.3.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-5_0-0-2.36.3-150400.4.3.1
libjavascriptcoregtk-5_0-0-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-5_0-0-2.36.3-150400.4.3.1
libwebkit2gtk-5_0-0-debuginfo-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-5_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-5_0-2.36.3-150400.4.3.1
webkit2gtk-5_0-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-5_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk4-debugsource-2.36.3-150400.4.3.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_1-0-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_1-0-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-2.36.3-150400.4.3.1
libwebkit2gtk-4_1-0-debuginfo-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-4_1-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-4_1-2.36.3-150400.4.3.1
typelib-1_0-WebKit2WebExtension-4_1-2.36.3-150400.4.3.1
webkit2gtk-4_1-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-4_1-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk3-debugsource-2.36.3-150400.4.3.1
webkit2gtk3-devel-2.36.3-150400.4.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.3-150400.4.3.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-2.36.3-150400.4.3.1
libwebkit2gtk-4_0-37-debuginfo-2.36.3-150400.4.3.1
typelib-1_0-JavaScriptCore-4_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2-4_0-2.36.3-150400.4.3.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.3-150400.4.3.1
webkit2gtk-4_0-injected-bundles-2.36.3-150400.4.3.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.3-150400.4.3.1
webkit2gtk3-soup2-debugsource-2.36.3-150400.4.3.1
webkit2gtk3-soup2-devel-2.36.3-150400.4.3.1
References:
https://www.suse.com/security/cve/CVE-2022-26700.htmlhttps://www.suse.com/security/cve/CVE-2022-26709.htmlhttps://www.suse.com/security/cve/CVE-2022-26716.htmlhttps://www.suse.com/security/cve/CVE-2022-26717.htmlhttps://www.suse.com/security/cve/CVE-2022-26719.htmlhttps://www.suse.com/security/cve/CVE-2022-30293.htmlhttps://bugzilla.suse.com/1199287https://bugzilla.suse.com/1200106
SUSE Security Update: Security update for python-Twisted
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2070-1
Rating: important
References: #1196739
Cross-References: CVE-2022-21716
CVSS scores:
CVE-2022-21716 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21716 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-Twisted fixes the following issues:
- CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data
using all the available memory (bsc#1196739).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2070=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2070=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2070=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2070=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2070=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2070=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2070=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2070=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2070=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2070=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2070=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2070=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2070=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
python-Twisted-debuginfo-19.10.0-150200.3.12.1
python-Twisted-debugsource-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
python-Twisted-debuginfo-19.10.0-150200.3.12.1
python-Twisted-debugsource-19.10.0-150200.3.12.1
python-Twisted-doc-19.10.0-150200.3.12.1
python2-Twisted-19.10.0-150200.3.12.1
python2-Twisted-debuginfo-19.10.0-150200.3.12.1
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Manager Proxy 4.1 (x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
python-Twisted-debuginfo-19.10.0-150200.3.12.1
python-Twisted-debugsource-19.10.0-150200.3.12.1
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
python-Twisted-debugsource-19.10.0-150200.3.12.1
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
python3-Twisted-19.10.0-150200.3.12.1
python3-Twisted-debuginfo-19.10.0-150200.3.12.1
References:
https://www.suse.com/security/cve/CVE-2022-21716.htmlhttps://bugzilla.suse.com/1196739
SUSE Security Update: Security update for grub2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2064-1
Rating: important
References: #1191184 #1191185 #1191186 #1193282 #1197948
#1198460 #1198493 #1198495 #1198496 #1198581
Cross-References: CVE-2021-3695 CVE-2021-3696 CVE-2021-3697
CVE-2022-28733 CVE-2022-28734 CVE-2022-28735
CVE-2022-28736
CVSS scores:
CVE-2021-3695 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-3696 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2021-3697 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-28733 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28735 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28736 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 7 vulnerabilities and has three fixes
is now available.
Description:
This update for grub2 fixes the following issues:
Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to
out-of-bounds write in heap (bsc#1191184)
- CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound
write during huffman table handling (bsc#1191185)
- CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer
underflow write in the heap (bsc#1191186)
- CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460)
- CVE-2022-28734: Fixed an out-of-bound write for split http headers
(bsc#1198493)
- CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495)
- CVE-2022-28736: Fixed a use-after-free in chainloader command
(bsc#1198496)
- Update SBAT security contact (bsc#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused when the root
LV is completely in the boot LUN (bsc#1197948)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2064=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2064=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-2064=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2064=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2064=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
grub2-2.04-150300.22.20.2
grub2-branding-upstream-2.04-150300.22.20.2
grub2-debuginfo-2.04-150300.22.20.2
- openSUSE Leap 15.3 (aarch64 s390x x86_64):
grub2-debugsource-2.04-150300.22.20.2
- openSUSE Leap 15.3 (noarch):
grub2-arm64-efi-2.04-150300.22.20.2
grub2-arm64-efi-debug-2.04-150300.22.20.2
grub2-i386-pc-2.04-150300.22.20.2
grub2-i386-pc-debug-2.04-150300.22.20.2
grub2-powerpc-ieee1275-2.04-150300.22.20.2
grub2-powerpc-ieee1275-debug-2.04-150300.22.20.2
grub2-snapper-plugin-2.04-150300.22.20.2
grub2-systemd-sleep-plugin-2.04-150300.22.20.2
grub2-x86_64-efi-2.04-150300.22.20.2
grub2-x86_64-efi-debug-2.04-150300.22.20.2
grub2-x86_64-xen-2.04-150300.22.20.2
- openSUSE Leap 15.3 (s390x):
grub2-s390x-emu-2.04-150300.22.20.2
grub2-s390x-emu-debug-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
grub2-x86_64-xen-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch):
grub2-arm64-efi-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
grub2-2.04-150300.22.20.2
grub2-debuginfo-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64):
grub2-debugsource-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
grub2-arm64-efi-2.04-150300.22.20.2
grub2-i386-pc-2.04-150300.22.20.2
grub2-powerpc-ieee1275-2.04-150300.22.20.2
grub2-snapper-plugin-2.04-150300.22.20.2
grub2-systemd-sleep-plugin-2.04-150300.22.20.2
grub2-x86_64-efi-2.04-150300.22.20.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
grub2-s390x-emu-2.04-150300.22.20.2
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
grub2-2.04-150300.22.20.2
grub2-debuginfo-2.04-150300.22.20.2
grub2-debugsource-2.04-150300.22.20.2
- SUSE Linux Enterprise Micro 5.2 (noarch):
grub2-arm64-efi-2.04-150300.22.20.2
grub2-i386-pc-2.04-150300.22.20.2
grub2-snapper-plugin-2.04-150300.22.20.2
grub2-x86_64-efi-2.04-150300.22.20.2
grub2-x86_64-xen-2.04-150300.22.20.2
- SUSE Linux Enterprise Micro 5.2 (s390x):
grub2-s390x-emu-2.04-150300.22.20.2
References:
https://www.suse.com/security/cve/CVE-2021-3695.htmlhttps://www.suse.com/security/cve/CVE-2021-3696.htmlhttps://www.suse.com/security/cve/CVE-2021-3697.htmlhttps://www.suse.com/security/cve/CVE-2022-28733.htmlhttps://www.suse.com/security/cve/CVE-2022-28734.htmlhttps://www.suse.com/security/cve/CVE-2022-28735.htmlhttps://www.suse.com/security/cve/CVE-2022-28736.htmlhttps://bugzilla.suse.com/1191184https://bugzilla.suse.com/1191185https://bugzilla.suse.com/1191186https://bugzilla.suse.com/1193282https://bugzilla.suse.com/1197948https://bugzilla.suse.com/1198460https://bugzilla.suse.com/1198493https://bugzilla.suse.com/1198495https://bugzilla.suse.com/1198496https://bugzilla.suse.com/1198581
SUSE Security Update: Security update for u-boot
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2056-1
Rating: important
References: #1200363 #1200364
Cross-References: CVE-2022-30552 CVE-2022-30790
CVSS scores:
CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for u-boot fixes the following issues:
- A large buffer overflow could have lead to a denial of service in the
IP Packet deframentation code. (CVE-2022-30552, bsc#1200363)
- A Hole Descriptor Overwrite could have lead to an arbitrary out of
bounds write primitive. (CVE-2022-30790, bsc#1200364)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2056=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2056=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2056=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2056=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2056=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2056=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2056=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2056=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2056=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2056=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2056=1
Package List:
- openSUSE Leap 15.4 (aarch64):
u-boot-xilinxzynqmpgeneric-2020.01-150200.10.12.1
u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.12.1
- openSUSE Leap 15.3 (aarch64):
u-boot-xilinxzynqmpgeneric-2020.01-150200.10.12.1
u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.12.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Manager Proxy 4.1 (x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64):
u-boot-rpiarm64-2020.01-150200.10.12.1
u-boot-rpiarm64-doc-2020.01-150200.10.12.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64):
u-boot-rpiarm64-2020.01-150200.10.12.1
u-boot-rpiarm64-doc-2020.01-150200.10.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64):
u-boot-rpiarm64-2020.01-150200.10.12.1
u-boot-rpiarm64-doc-2020.01-150200.10.12.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
u-boot-tools-2020.01-150200.10.12.1
u-boot-tools-debuginfo-2020.01-150200.10.12.1
- SUSE Enterprise Storage 7 (aarch64):
u-boot-rpiarm64-2020.01-150200.10.12.1
u-boot-rpiarm64-doc-2020.01-150200.10.12.1
References:
https://www.suse.com/security/cve/CVE-2022-30552.htmlhttps://www.suse.com/security/cve/CVE-2022-30790.htmlhttps://bugzilla.suse.com/1200363https://bugzilla.suse.com/1200364
SUSE Security Update: Security update for netty3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2047-1
Rating: moderate
References: #1193672 #1197787
Cross-References: CVE-2021-43797
CVSS scores:
CVE-2021-43797 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-43797 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for netty3 fixes the following issues:
- CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to
insufficient validation against control characters (bsc#1193672).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2047=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2047=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2047=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2047=1
Package List:
- openSUSE Leap 15.4 (noarch):
netty3-3.10.6-150200.3.3.2
netty3-javadoc-3.10.6-150200.3.3.2
- openSUSE Leap 15.3 (noarch):
netty3-3.10.6-150200.3.3.2
netty3-javadoc-3.10.6-150200.3.3.2
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
netty3-3.10.6-150200.3.3.2
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
netty3-3.10.6-150200.3.3.2
References:
https://www.suse.com/security/cve/CVE-2021-43797.htmlhttps://bugzilla.suse.com/1193672https://bugzilla.suse.com/1197787
SUSE Security Update: Security update for u-boot
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2053-1
Rating: important
References: #1199623 #1200363 #1200364
Cross-References: CVE-2022-30552 CVE-2022-30767 CVE-2022-30790
CVSS scores:
CVE-2022-30552 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVE-2022-30767 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-30767 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-30790 (SUSE): 9.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for u-boot fixes the following issues:
- CVE-2022-30552: A large buffer overflow could have lead to a denial of
service in the IP Packet deframentation code. (bsc#1200363)
- CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an
arbitrary out of bounds write primitive. (bsc#1200364)
- CVE-2022-30767: Fixed an unbounded memcpy with a failed length check
leading to a buffer overflow (bsc#1199623).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2053=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2053=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
u-boot-tools-2021.01-150300.7.12.1
u-boot-tools-debuginfo-2021.01-150300.7.12.1
- openSUSE Leap 15.3 (aarch64):
u-boot-avnetultra96rev1-2021.01-150300.7.12.1
u-boot-avnetultra96rev1-doc-2021.01-150300.7.12.1
u-boot-bananapim64-2021.01-150300.7.12.1
u-boot-bananapim64-doc-2021.01-150300.7.12.1
u-boot-dragonboard410c-2021.01-150300.7.12.1
u-boot-dragonboard410c-doc-2021.01-150300.7.12.1
u-boot-dragonboard820c-2021.01-150300.7.12.1
u-boot-dragonboard820c-doc-2021.01-150300.7.12.1
u-boot-evb-rk3399-2021.01-150300.7.12.1
u-boot-evb-rk3399-doc-2021.01-150300.7.12.1
u-boot-firefly-rk3399-2021.01-150300.7.12.1
u-boot-firefly-rk3399-doc-2021.01-150300.7.12.1
u-boot-geekbox-2021.01-150300.7.12.1
u-boot-geekbox-doc-2021.01-150300.7.12.1
u-boot-hikey-2021.01-150300.7.12.1
u-boot-hikey-doc-2021.01-150300.7.12.1
u-boot-khadas-vim-2021.01-150300.7.12.1
u-boot-khadas-vim-doc-2021.01-150300.7.12.1
u-boot-khadas-vim2-2021.01-150300.7.12.1
u-boot-khadas-vim2-doc-2021.01-150300.7.12.1
u-boot-libretech-ac-2021.01-150300.7.12.1
u-boot-libretech-ac-doc-2021.01-150300.7.12.1
u-boot-libretech-cc-2021.01-150300.7.12.1
u-boot-libretech-cc-doc-2021.01-150300.7.12.1
u-boot-ls1012afrdmqspi-2021.01-150300.7.12.1
u-boot-ls1012afrdmqspi-doc-2021.01-150300.7.12.1
u-boot-mvebudb-88f3720-2021.01-150300.7.12.1
u-boot-mvebudb-88f3720-doc-2021.01-150300.7.12.1
u-boot-mvebudbarmada8k-2021.01-150300.7.12.1
u-boot-mvebudbarmada8k-doc-2021.01-150300.7.12.1
u-boot-mvebuespressobin-88f3720-2021.01-150300.7.12.1
u-boot-mvebuespressobin-88f3720-doc-2021.01-150300.7.12.1
u-boot-mvebumcbin-88f8040-2021.01-150300.7.12.1
u-boot-mvebumcbin-88f8040-doc-2021.01-150300.7.12.1
u-boot-nanopia64-2021.01-150300.7.12.1
u-boot-nanopia64-doc-2021.01-150300.7.12.1
u-boot-odroid-c2-2021.01-150300.7.12.1
u-boot-odroid-c2-doc-2021.01-150300.7.12.1
u-boot-odroid-c4-2021.01-150300.7.12.1
u-boot-odroid-c4-doc-2021.01-150300.7.12.1
u-boot-odroid-n2-2021.01-150300.7.12.1
u-boot-odroid-n2-doc-2021.01-150300.7.12.1
u-boot-orangepipc2-2021.01-150300.7.12.1
u-boot-orangepipc2-doc-2021.01-150300.7.12.1
u-boot-p2371-2180-2021.01-150300.7.12.1
u-boot-p2371-2180-doc-2021.01-150300.7.12.1
u-boot-p2771-0000-500-2021.01-150300.7.12.1
u-boot-p2771-0000-500-doc-2021.01-150300.7.12.1
u-boot-p3450-0000-2021.01-150300.7.12.1
u-boot-p3450-0000-doc-2021.01-150300.7.12.1
u-boot-pine64plus-2021.01-150300.7.12.1
u-boot-pine64plus-doc-2021.01-150300.7.12.1
u-boot-pinebook-2021.01-150300.7.12.1
u-boot-pinebook-doc-2021.01-150300.7.12.1
u-boot-pinebook-pro-rk3399-2021.01-150300.7.12.1
u-boot-pinebook-pro-rk3399-doc-2021.01-150300.7.12.1
u-boot-pineh64-2021.01-150300.7.12.1
u-boot-pineh64-doc-2021.01-150300.7.12.1
u-boot-pinephone-2021.01-150300.7.12.1
u-boot-pinephone-doc-2021.01-150300.7.12.1
u-boot-poplar-2021.01-150300.7.12.1
u-boot-poplar-doc-2021.01-150300.7.12.1
u-boot-rock-pi-4-rk3399-2021.01-150300.7.12.1
u-boot-rock-pi-4-rk3399-doc-2021.01-150300.7.12.1
u-boot-rock64-rk3328-2021.01-150300.7.12.1
u-boot-rock64-rk3328-doc-2021.01-150300.7.12.1
u-boot-rock960-rk3399-2021.01-150300.7.12.1
u-boot-rock960-rk3399-doc-2021.01-150300.7.12.1
u-boot-rockpro64-rk3399-2021.01-150300.7.12.1
u-boot-rockpro64-rk3399-doc-2021.01-150300.7.12.1
u-boot-rpi3-2021.01-150300.7.12.1
u-boot-rpi3-doc-2021.01-150300.7.12.1
u-boot-rpi4-2021.01-150300.7.12.1
u-boot-rpi4-doc-2021.01-150300.7.12.1
u-boot-rpiarm64-2021.01-150300.7.12.1
u-boot-rpiarm64-doc-2021.01-150300.7.12.1
u-boot-xilinxzynqmpvirt-2021.01-150300.7.12.1
u-boot-xilinxzynqmpvirt-doc-2021.01-150300.7.12.1
u-boot-xilinxzynqmpzcu102rev10-2021.01-150300.7.12.1
u-boot-xilinxzynqmpzcu102rev10-doc-2021.01-150300.7.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
u-boot-tools-2021.01-150300.7.12.1
u-boot-tools-debuginfo-2021.01-150300.7.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
u-boot-rpiarm64-2021.01-150300.7.12.1
u-boot-rpiarm64-doc-2021.01-150300.7.12.1
References:
https://www.suse.com/security/cve/CVE-2022-30552.htmlhttps://www.suse.com/security/cve/CVE-2022-30767.htmlhttps://www.suse.com/security/cve/CVE-2022-30790.htmlhttps://bugzilla.suse.com/1199623https://bugzilla.suse.com/1200363https://bugzilla.suse.com/1200364
SUSE Security Update: Security update for google-gson
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2044-1
Rating: important
References: #1199064 SLE-24261
Cross-References: CVE-2022-25647
CVSS scores:
CVE-2022-25647 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-25647 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability, contains one
feature is now available.
Description:
This update for google-gson fixes the following issues:
- CVE-2022-25647: Fixed deserialization of untrusted data (bsc#1199064).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2044=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2044=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2044=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2044=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2044=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2044=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2044=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2044=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2044=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2044=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2044=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2044=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2044=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2044=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2044=1
Package List:
- openSUSE Leap 15.4 (noarch):
google-gson-2.8.9-150200.3.6.3
google-gson-javadoc-2.8.9-150200.3.6.3
- openSUSE Leap 15.3 (noarch):
google-gson-2.8.9-150200.3.6.3
google-gson-javadoc-2.8.9-150200.3.6.3
- SUSE Manager Server 4.1 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Manager Retail Branch Server 4.1 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Manager Proxy 4.1 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
google-gson-2.8.9-150200.3.6.3
- SUSE Enterprise Storage 7 (noarch):
google-gson-2.8.9-150200.3.6.3
References:
https://www.suse.com/security/cve/CVE-2022-25647.htmlhttps://bugzilla.suse.com/1199064