openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
July 2022
- 1 participants
- 95 discussions
SUSE-SU-2022:2599-1: important: Security update for xen
by opensuse-security@opensuse.org 29 Jul '22
by opensuse-security@opensuse.org 29 Jul '22
29 Jul '22
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2599-1
Rating: important
References: #1027519 #1199965 #1199966 #1200549 #1201394
#1201469
Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166
CVE-2022-23816 CVE-2022-23825 CVE-2022-26362
CVE-2022-26363 CVE-2022-26364 CVE-2022-29900
CVE-2022-33745
CVSS scores:
CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 10 vulnerabilities is now available.
Description:
This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with
non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data
vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401)
(bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow
mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED
vulnerability, arbitrary speculative code execution with return
instructions (XSA-407) (bsc#1201469).
Fixed several upstream bugs (bsc#1027519).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2599=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2599=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2599=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2599=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2599=1
Package List:
- openSUSE Leap 15.3 (aarch64 x86_64):
xen-4.14.5_04-150300.3.32.1
xen-debugsource-4.14.5_04-150300.3.32.1
xen-devel-4.14.5_04-150300.3.32.1
xen-doc-html-4.14.5_04-150300.3.32.1
xen-libs-4.14.5_04-150300.3.32.1
xen-libs-debuginfo-4.14.5_04-150300.3.32.1
xen-tools-4.14.5_04-150300.3.32.1
xen-tools-debuginfo-4.14.5_04-150300.3.32.1
xen-tools-domU-4.14.5_04-150300.3.32.1
xen-tools-domU-debuginfo-4.14.5_04-150300.3.32.1
- openSUSE Leap 15.3 (noarch):
xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1
- openSUSE Leap 15.3 (x86_64):
xen-libs-32bit-4.14.5_04-150300.3.32.1
xen-libs-32bit-debuginfo-4.14.5_04-150300.3.32.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64):
xen-4.14.5_04-150300.3.32.1
xen-debugsource-4.14.5_04-150300.3.32.1
xen-devel-4.14.5_04-150300.3.32.1
xen-tools-4.14.5_04-150300.3.32.1
xen-tools-debuginfo-4.14.5_04-150300.3.32.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
xen-debugsource-4.14.5_04-150300.3.32.1
xen-libs-4.14.5_04-150300.3.32.1
xen-libs-debuginfo-4.14.5_04-150300.3.32.1
xen-tools-domU-4.14.5_04-150300.3.32.1
xen-tools-domU-debuginfo-4.14.5_04-150300.3.32.1
- SUSE Linux Enterprise Micro 5.2 (x86_64):
xen-debugsource-4.14.5_04-150300.3.32.1
xen-libs-4.14.5_04-150300.3.32.1
xen-libs-debuginfo-4.14.5_04-150300.3.32.1
- SUSE Linux Enterprise Micro 5.1 (x86_64):
xen-debugsource-4.14.5_04-150300.3.32.1
xen-libs-4.14.5_04-150300.3.32.1
xen-libs-debuginfo-4.14.5_04-150300.3.32.1
References:
https://www.suse.com/security/cve/CVE-2022-21123.html
https://www.suse.com/security/cve/CVE-2022-21125.html
https://www.suse.com/security/cve/CVE-2022-21166.html
https://www.suse.com/security/cve/CVE-2022-23816.html
https://www.suse.com/security/cve/CVE-2022-23825.html
https://www.suse.com/security/cve/CVE-2022-26362.html
https://www.suse.com/security/cve/CVE-2022-26363.html
https://www.suse.com/security/cve/CVE-2022-26364.html
https://www.suse.com/security/cve/CVE-2022-29900.html
https://www.suse.com/security/cve/CVE-2022-33745.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1199965
https://bugzilla.suse.com/1199966
https://bugzilla.suse.com/1200549
https://bugzilla.suse.com/1201394
https://bugzilla.suse.com/1201469
1
0
SUSE-SU-2022:2595-1: important: Security update for mozilla-nss
by opensuse-security@opensuse.org 29 Jul '22
by opensuse-security@opensuse.org 29 Jul '22
29 Jul '22
SUSE Security Update: Security update for mozilla-nss
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2595-1
Rating: important
References: #1192079 #1192080 #1192086 #1192087 #1192228
#1198486 #1200027
Cross-References: CVE-2022-31741
CVSS scores:
CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update for mozilla-nss fixes the following issues:
Various FIPS 140-3 related fixes were backported from SUSE Linux
Enterprise 15 SP4:
- Makes the PBKDF known answer test compliant with NIST SP800-132.
(bsc#1192079).
- FIPS: Add on-demand integrity tests through
sftk_FIPSRepeatIntegrityCheck() (bsc#1198980).
- FIPS: mark algorithms as approved/non-approved according to security
policy (bsc#1191546, bsc#1201298).
- FIPS: remove hard disabling of unapproved algorithms. This requirement
is now fulfilled by the service level indicator (bsc#1200325).
- Run test suite at build time, and make it pass (bsc#1198486).
- FIPS: skip algorithms that are hard disabled in FIPS mode.
- Prevent expired PayPalEE cert from failing the tests.
- Allow checksumming to be disabled, but only if we entered FIPS mode due
to NSS_FIPS being set, not if it came from /proc.
- FIPS: Make the PBKDF known answer test compliant with NIST SP800-132.
- Update FIPS validation string to version-release format.
- FIPS: remove XCBC MAC from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build.
- FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
- FIPS: allow testing of unapproved algorithms (bsc#1192228).
- FIPS: add version indicators. (bmo#1729550, bsc#1192086).
- FIPS: fix some secret clearing (bmo#1697303, bsc#1192087).
Version update to NSS 3.79:
- Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- Update mercurial in clang-format docker image.
- Use of uninitialized pointer in lg_init after alloc fail.
- selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- Add SECMOD_LockedModuleHasRemovableSlots.
- Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat
extension alerts.
- TLS 1.3 Server: Send protocol_version alert on unsupported
ClientHello.legacy_version.
- Correct invalid record inner and outer content type alerts.
- NSS does not properly import or export pkcs12 files with large passwords
and pkcs5v2 encoding.
- improve error handling after nssCKFWInstance_CreateObjectHandle.
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- NSS 3.79 should depend on NSPR 4.34
Version update to NSS 3.78.1:
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple
Version update to NSS 3.78:
- Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length
record/fragment handling tests.
- Reworked overlong record size checks and added TLS1.3 specific
boundaries.
- Add ECH Grease Support to tstclnt
- Add a strict variant of moz::pkix::CheckCertHostname.
- Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
- Make SEC_PKCS12EnableCipher succeed
- Update zlib in NSS to 1.2.12.
Version update to NSS 3.77:
- Fix link to TLS page on wireshark wiki
- Add two D-TRUST 2020 root certificates.
- Add Telia Root CA v2 root certificate.
- Remove expired explicitly distrusted certificates from certdata.txt.
- support specific RSA-PSS parameters in mozilla::pkix
- Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
- Remove token member from NSSSlot struct.
- Provide secure variants of mpp_pprime and mpp_make_prime.
- Support UTF-8 library path in the module spec string.
- Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
- Update googletest to 1.11.0
- Add SetTls13GreaseEchSize to experimental API.
- TLS 1.3 Illegal legacy_version handling/alerts.
- Fix calculation of ECH HRR Transcript.
- Allow ld path to be set as environment variable.
- Ensure we don't read uninitialized memory in ssl gtests.
- Fix DataBuffer Move Assignment.
- internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
- rework signature verification in mozilla::pkix
Version update to NSS 3.76.1
- Remove token member from NSSSlot struct.
- Hold tokensLock through nssToken_GetSlot calls in
nssTrustDomain_GetActiveSlots.
- Check return value of PK11Slot_GetNSSToken.
- Use Wycheproof JSON for RSASSA-PSS
- Add SHA256 fingerprint comments to old certdata.txt entries.
- Avoid truncating files in nss-release-helper.py.
- Throw illegal_parameter alert for illegal extensions in handshake
message.
Version update to NSS 3.75
- Make DottedOIDToCode.py compatible with python3.
- Avoid undefined shift in SSL_CERT_IS while fuzzing.
- Remove redundant key type check.
- Update ABI expectations to match ECH changes.
- Enable CKM_CHACHA20.
- check return on NSS_NoDB_Init and NSS_Shutdown.
- Run ECDSA test vectors from bltest as part of the CI tests.
- Add ECDSA test vectors to the bltest command line tool.
- Allow to build using clang's integrated assembler.
- Allow to override python for the build.
- test HKDF output rather than input.
- Use ASSERT macros to end failed tests early.
- move assignment operator for DataBuffer.
- Add test cases for ECH compression and unexpected extensions in SH.
- Update tests for ECH-13.
- Tidy up error handling.
- Add tests for ECH HRR Changes.
- Server only sends GREASE HRR extension if enabled by preference.
- Update generation of the Associated Data for ECH-13.
- When ECH is accepted, reject extensions which were only advertised in
the Outer Client Hello.
- Allow for compressed, non-contiguous, extensions.
- Scramble the PSK extension in CHOuter.
- Split custom extension handling for ECH.
- Add ECH-13 HRR Handling.
- Client side ECH padding.
- Stricter ClientHelloInner Decompression.
- Remove ECH_inner extension, use new enum format.
- Update the version number for ECH-13 and adjust the ECHConfig size.
Version update to NSS 3.74
- mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
- Ensure clients offer consistent ciphersuites after HRR
- NSS does not properly restrict server keys based on policy
- Set nssckbi version number to 2.54
- Replace Google Trust Services LLC (GTS) R4 root certificate
- Replace Google Trust Services LLC (GTS) R3 root certificate
- Replace Google Trust Services LLC (GTS) R2 root certificate
- Replace Google Trust Services LLC (GTS) R1 root certificate
- Replace GlobalSign ECC Root CA R4
- Remove Expired Root Certificates - DST Root CA X3
- Remove Expiring Cybertrust Global Root and GlobalSign root certificates
- Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068
root certificate
- Add iTrusChina ECC root certificate
- Add iTrusChina RSA root certificate
- Add ISRG Root X2 root certificate
- Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
- Avoid a clang 13 unused variable warning in opt build
- Check for missing signedData field
- Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
Version update to NSS 3.73.1:
- Add SHA-2 support to mozilla::pkix's OSCP implementation
Version update to NSS 3.73
- check for missing signedData field.
- Ensure DER encoded signatures are within size limits.
- NSS needs FiPS 140-3 version indicators.
- pkix_CacheCert_Lookup doesn't return cached certs
- sunset Coverity from NSS
Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via
DER-encoded DSA and RSA-PSS signatures
Version update to NSS 3.72
- Fix nsinstall parallel failure.
- Increase KDF cache size to mitigate perf regression in about:logins
Version update to NSS 3.71
- Set nssckbi version number to 2.52.
- Respect server requirements of
tlsfuzzer/test-tls13-signature-algorithms.py
- Import of PKCS#12 files with Camellia encryption is not supported
- Add HARICA Client ECC Root CA 2021.
- Add HARICA Client RSA Root CA 2021.
- Add HARICA TLS ECC Root CA 2021.
- Add HARICA TLS RSA Root CA 2021.
- Add TunTrust Root CA certificate to NSS.
Version update to NSS 3.70
- Update test case to verify fix.
- Explicitly disable downgrade check in
TlsConnectStreamTls13.EchOuterWith12Max
- Explicitly disable downgrade check in
TlsConnectTest.DisableFalseStartOnFallback
- Avoid using a lookup table in nssb64d.
- Use HW accelerated SHA2 on AArch64 Big Endian.
- Change default value of enableHelloDowngradeCheck to true.
- Cache additional PBE entries.
- Read HPKE vectors from official JSON.
Version update to NSS 3.69.1:
- Disable DTLS 1.0 and 1.1 by default
- integrity checks in key4.db not happening on private components with
AES_CBC
NSS 3.69:
- Disable DTLS 1.0 and 1.1 by default (backed out again)
- integrity checks in key4.db not happening on private components with
AES_CBC (backed out again)
- SSL handling of signature algorithms ignores environmental invalid
algorithms.
- sqlite 3.34 changed it's open semantics, causing nss failures.
- Gtest update changed the gtest reports, losing gtest details in all.sh
reports.
- NSS incorrectly accepting 1536 bit DH primes in FIPS mode
- SQLite calls could timeout in starvation situations.
- Coverity/cpp scanner errors found in nss 3.67
- Import the NSS documentation from MDN in nss/doc.
- NSS using a tempdir to measure sql performance not active
Version Update to 3.68.4 (bsc#1200027)
- CVE-2022-31741: Initialize pointers passed to
NSS_CMSDigestContext_FinishMultiple. (bmo#1767590)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2595=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2595=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libfreebl3-3.79-150400.3.7.1
libfreebl3-debuginfo-3.79-150400.3.7.1
libfreebl3-hmac-3.79-150400.3.7.1
libsoftokn3-3.79-150400.3.7.1
libsoftokn3-debuginfo-3.79-150400.3.7.1
libsoftokn3-hmac-3.79-150400.3.7.1
mozilla-nss-3.79-150400.3.7.1
mozilla-nss-certs-3.79-150400.3.7.1
mozilla-nss-certs-debuginfo-3.79-150400.3.7.1
mozilla-nss-debuginfo-3.79-150400.3.7.1
mozilla-nss-debugsource-3.79-150400.3.7.1
mozilla-nss-devel-3.79-150400.3.7.1
mozilla-nss-sysinit-3.79-150400.3.7.1
mozilla-nss-sysinit-debuginfo-3.79-150400.3.7.1
mozilla-nss-tools-3.79-150400.3.7.1
mozilla-nss-tools-debuginfo-3.79-150400.3.7.1
- openSUSE Leap 15.4 (x86_64):
libfreebl3-32bit-3.79-150400.3.7.1
libfreebl3-32bit-debuginfo-3.79-150400.3.7.1
libfreebl3-hmac-32bit-3.79-150400.3.7.1
libsoftokn3-32bit-3.79-150400.3.7.1
libsoftokn3-32bit-debuginfo-3.79-150400.3.7.1
libsoftokn3-hmac-32bit-3.79-150400.3.7.1
mozilla-nss-32bit-3.79-150400.3.7.1
mozilla-nss-32bit-debuginfo-3.79-150400.3.7.1
mozilla-nss-certs-32bit-3.79-150400.3.7.1
mozilla-nss-certs-32bit-debuginfo-3.79-150400.3.7.1
mozilla-nss-sysinit-32bit-3.79-150400.3.7.1
mozilla-nss-sysinit-32bit-debuginfo-3.79-150400.3.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libfreebl3-3.79-150400.3.7.1
libfreebl3-debuginfo-3.79-150400.3.7.1
libfreebl3-hmac-3.79-150400.3.7.1
libsoftokn3-3.79-150400.3.7.1
libsoftokn3-debuginfo-3.79-150400.3.7.1
libsoftokn3-hmac-3.79-150400.3.7.1
mozilla-nss-3.79-150400.3.7.1
mozilla-nss-certs-3.79-150400.3.7.1
mozilla-nss-certs-debuginfo-3.79-150400.3.7.1
mozilla-nss-debuginfo-3.79-150400.3.7.1
mozilla-nss-debugsource-3.79-150400.3.7.1
mozilla-nss-devel-3.79-150400.3.7.1
mozilla-nss-sysinit-3.79-150400.3.7.1
mozilla-nss-sysinit-debuginfo-3.79-150400.3.7.1
mozilla-nss-tools-3.79-150400.3.7.1
mozilla-nss-tools-debuginfo-3.79-150400.3.7.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libfreebl3-32bit-3.79-150400.3.7.1
libfreebl3-32bit-debuginfo-3.79-150400.3.7.1
libfreebl3-hmac-32bit-3.79-150400.3.7.1
libsoftokn3-32bit-3.79-150400.3.7.1
libsoftokn3-32bit-debuginfo-3.79-150400.3.7.1
libsoftokn3-hmac-32bit-3.79-150400.3.7.1
mozilla-nss-32bit-3.79-150400.3.7.1
mozilla-nss-32bit-debuginfo-3.79-150400.3.7.1
mozilla-nss-certs-32bit-3.79-150400.3.7.1
mozilla-nss-certs-32bit-debuginfo-3.79-150400.3.7.1
References:
https://www.suse.com/security/cve/CVE-2022-31741.html
https://bugzilla.suse.com/1192079
https://bugzilla.suse.com/1192080
https://bugzilla.suse.com/1192086
https://bugzilla.suse.com/1192087
https://bugzilla.suse.com/1192228
https://bugzilla.suse.com/1198486
https://bugzilla.suse.com/1200027
1
0
SUSE-SU-2022:2597-1: important: Security update for xen
by opensuse-security@opensuse.org 29 Jul '22
by opensuse-security@opensuse.org 29 Jul '22
29 Jul '22
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2597-1
Rating: important
References: #1027519 #1199965 #1199966 #1200549 #1201394
#1201469
Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166
CVE-2022-23816 CVE-2022-23825 CVE-2022-26362
CVE-2022-26363 CVE-2022-26364 CVE-2022-29900
CVE-2022-33745
CVSS scores:
CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 10 vulnerabilities is now available.
Description:
This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with
non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data
vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401)
(bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow
mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED
vulnerability, arbitrary speculative code execution with return
instructions (XSA-407) (bsc#1201469).
Fixed several upstream bugs (bsc#1027519).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2597=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2597=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2597=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
xen-4.16.1_06-150400.4.8.1
xen-debugsource-4.16.1_06-150400.4.8.1
xen-devel-4.16.1_06-150400.4.8.1
xen-doc-html-4.16.1_06-150400.4.8.1
xen-libs-4.16.1_06-150400.4.8.1
xen-libs-debuginfo-4.16.1_06-150400.4.8.1
xen-tools-4.16.1_06-150400.4.8.1
xen-tools-debuginfo-4.16.1_06-150400.4.8.1
xen-tools-domU-4.16.1_06-150400.4.8.1
xen-tools-domU-debuginfo-4.16.1_06-150400.4.8.1
- openSUSE Leap 15.4 (x86_64):
xen-libs-32bit-4.16.1_06-150400.4.8.1
xen-libs-32bit-debuginfo-4.16.1_06-150400.4.8.1
- openSUSE Leap 15.4 (noarch):
xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64):
xen-4.16.1_06-150400.4.8.1
xen-debugsource-4.16.1_06-150400.4.8.1
xen-devel-4.16.1_06-150400.4.8.1
xen-tools-4.16.1_06-150400.4.8.1
xen-tools-debuginfo-4.16.1_06-150400.4.8.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
xen-debugsource-4.16.1_06-150400.4.8.1
xen-libs-4.16.1_06-150400.4.8.1
xen-libs-debuginfo-4.16.1_06-150400.4.8.1
xen-tools-domU-4.16.1_06-150400.4.8.1
xen-tools-domU-debuginfo-4.16.1_06-150400.4.8.1
References:
https://www.suse.com/security/cve/CVE-2022-21123.html
https://www.suse.com/security/cve/CVE-2022-21125.html
https://www.suse.com/security/cve/CVE-2022-21166.html
https://www.suse.com/security/cve/CVE-2022-23816.html
https://www.suse.com/security/cve/CVE-2022-23825.html
https://www.suse.com/security/cve/CVE-2022-26362.html
https://www.suse.com/security/cve/CVE-2022-26363.html
https://www.suse.com/security/cve/CVE-2022-26364.html
https://www.suse.com/security/cve/CVE-2022-29900.html
https://www.suse.com/security/cve/CVE-2022-33745.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1199965
https://bugzilla.suse.com/1199966
https://bugzilla.suse.com/1200549
https://bugzilla.suse.com/1201394
https://bugzilla.suse.com/1201469
1
0
SUSE-SU-2022:2592-1: important: Security update for rubygem-tzinfo
by opensuse-security@opensuse.org 29 Jul '22
by opensuse-security@opensuse.org 29 Jul '22
29 Jul '22
SUSE Security Update: Security update for rubygem-tzinfo
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2592-1
Rating: important
References: #1201835
Cross-References: CVE-2022-31163
CVSS scores:
CVE-2022-31163 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Availability 15-SP2
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 6
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rubygem-tzinfo fixes the following issues:
- CVE-2022-31163: Fixed relative path traversal vulnerability that allows
TZInfo::Timezone.get to load arbitrary files (bsc#1201835).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2592=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2592=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2592=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2592=1
- SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2592=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2592=1
- SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2022-2592=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1
ruby2.5-rubygem-tzinfo-doc-1.2.4-150000.3.3.1
ruby2.5-rubygem-tzinfo-testsuite-1.2.4-150000.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1
ruby2.5-rubygem-tzinfo-doc-1.2.4-150000.3.3.1
ruby2.5-rubygem-tzinfo-testsuite-1.2.4-150000.3.3.1
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1
- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1
- SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-31163.html
https://bugzilla.suse.com/1201835
1
0
SUSE-SU-2022:2583-1: important: Security update for aws-iam-authenticator
by opensuse-security@opensuse.org 29 Jul '22
by opensuse-security@opensuse.org 29 Jul '22
29 Jul '22
SUSE Security Update: Security update for aws-iam-authenticator
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2583-1
Rating: important
References: #1201395
Cross-References: CVE-2022-2385
CVSS scores:
CVE-2022-2385 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2385 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Public Cloud 15
SUSE Linux Enterprise Module for Public Cloud 15-SP1
SUSE Linux Enterprise Module for Public Cloud 15-SP2
SUSE Linux Enterprise Module for Public Cloud 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15-SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 6
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for aws-iam-authenticator fixes the following issues:
- CVE-2022-2385: Fixed AccessKeyID validation bypass (bsc#1201395).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2583=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2583=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2583=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2583=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP2:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2583=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP1:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2583=1
- SUSE Linux Enterprise Module for Public Cloud 15:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-2583=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
aws-iam-authenticator-0.5.3-150000.1.9.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
aws-iam-authenticator-0.5.3-150000.1.9.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64):
aws-iam-authenticator-0.5.3-150000.1.9.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64):
aws-iam-authenticator-0.5.3-150000.1.9.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64):
aws-iam-authenticator-0.5.3-150000.1.9.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64):
aws-iam-authenticator-0.5.3-150000.1.9.1
- SUSE Linux Enterprise Module for Public Cloud 15 (x86_64):
aws-iam-authenticator-0.5.3-150000.1.9.1
References:
https://www.suse.com/security/cve/CVE-2022-2385.html
https://bugzilla.suse.com/1201395
1
0
SUSE-SU-2022:2586-1: important: Security update for ldb, samba
by opensuse-security@opensuse.org 29 Jul '22
by opensuse-security@opensuse.org 29 Jul '22
29 Jul '22
SUSE Security Update: Security update for ldb, samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2586-1
Rating: important
References: #1196224 #1198255 #1199247 #1199734 #1200556
#1200964 #1201490 #1201492 #1201493 #1201495
#1201496
Cross-References: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744
CVE-2022-32745 CVE-2022-32746
CVSS scores:
CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32745 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2022-32746 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Affected Products:
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Python2 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 6 fixes is
now available.
Description:
This update for ldb, samba fixes the following issues:
- CVE-2022-32746: Fixed a use-after-free occurring in database audit
logging (bsc#1201490).
- CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify
request (bsc#1201492).
- CVE-2022-2031: Fixed AD restrictions bypass associated with changing
passwords (bsc#1201495).
- CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496).
- CVE-2022-32744: Fixed an arbitrary password change request for any AD
user (bsc#1201493).
The following security bugs were fixed:
samba was updated to 4.15.8:
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042);
* Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work; (bso#15076);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had
been deleted; (bso#15069);
* netgroups support removed; (bso#15087); (bsc#1199247);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted server;
(bso#14674); (bsc#1199734);
* waf produces incorrect names for python extensions with Python 3.11;
(bso#15071);
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* waf produces incorrect names for python extensions with Python 3.11;
(bso#15071);
* Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108);
* smbd doesn't handle UPNs for looking up names; (bso#15054);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package samba-client-libs
and remove samba-libs requirement from samba-winbind; (bsc#1200964);
(bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
(bsc#1196224); (bso#14979);
- Fix smbclient commands del & deltree failing with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556).
ldb was updated to version 2.4.3
* Fix build problems, waf produces incorrect names for python extensions;
(bso#15071);
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2586=1
- SUSE Linux Enterprise Module for Python2 15-SP3:
zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2586=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2586=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2586=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2586=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2586=1
- SUSE Enterprise Storage 7.1:
zypper in -t patch SUSE-Storage-7.1-2022-2586=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1
ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
ctdb-pcp-pmda-4.15.8+git.500.d5910280cc7-150300.3.37.1
ctdb-pcp-pmda-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
ldb-debugsource-2.4.3-150300.3.20.1
ldb-tools-2.4.3-150300.3.20.1
ldb-tools-debuginfo-2.4.3-150300.3.20.1
libldb-devel-2.4.3-150300.3.20.1
libldb2-2.4.3-150300.3.20.1
libldb2-debuginfo-2.4.3-150300.3.20.1
libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy0-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
python3-ldb-2.4.3-150300.3.20.1
python3-ldb-debuginfo-2.4.3-150300.3.20.1
python3-ldb-devel-2.4.3-150300.3.20.1
samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-dsdb-modules-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-gpupdate-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ldb-ldap-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-test-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-test-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-tool-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
- openSUSE Leap 15.3 (aarch64 x86_64):
samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
- openSUSE Leap 15.3 (aarch64_ilp32):
libsamba-policy0-python3-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy0-python3-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
- openSUSE Leap 15.3 (noarch):
samba-doc-4.15.8+git.500.d5910280cc7-150300.3.37.1
- openSUSE Leap 15.3 (x86_64):
libldb2-32bit-2.4.3-150300.3.20.1
libldb2-32bit-debuginfo-2.4.3-150300.3.20.1
libsamba-policy0-python3-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy0-python3-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
python3-ldb-32bit-2.4.3-150300.3.20.1
python3-ldb-32bit-debuginfo-2.4.3-150300.3.20.1
samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-devel-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
- SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64):
samba-ad-dc-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
ldb-debugsource-2.4.3-150300.3.20.1
ldb-tools-2.4.3-150300.3.20.1
ldb-tools-debuginfo-2.4.3-150300.3.20.1
libldb-devel-2.4.3-150300.3.20.1
libldb2-2.4.3-150300.3.20.1
libldb2-debuginfo-2.4.3-150300.3.20.1
libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
libsamba-policy0-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
python3-ldb-2.4.3-150300.3.20.1
python3-ldb-debuginfo-2.4.3-150300.3.20.1
python3-ldb-devel-2.4.3-150300.3.20.1
samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-dsdb-modules-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-gpupdate-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ldb-ldap-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-tool-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libldb2-32bit-2.4.3-150300.3.20.1
libldb2-32bit-debuginfo-2.4.3-150300.3.20.1
samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-devel-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
ldb-debugsource-2.4.3-150300.3.20.1
libldb2-2.4.3-150300.3.20.1
libldb2-debuginfo-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
ldb-debugsource-2.4.3-150300.3.20.1
libldb2-2.4.3-150300.3.20.1
libldb2-debuginfo-2.4.3-150300.3.20.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1
ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1
- SUSE Enterprise Storage 7.1 (aarch64 x86_64):
ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1
ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
ldb-debugsource-2.4.3-150300.3.20.1
libldb2-2.4.3-150300.3.20.1
libldb2-debuginfo-2.4.3-150300.3.20.1
python3-ldb-2.4.3-150300.3.20.1
python3-ldb-debuginfo-2.4.3-150300.3.20.1
samba-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
References:
https://www.suse.com/security/cve/CVE-2022-2031.html
https://www.suse.com/security/cve/CVE-2022-32742.html
https://www.suse.com/security/cve/CVE-2022-32744.html
https://www.suse.com/security/cve/CVE-2022-32745.html
https://www.suse.com/security/cve/CVE-2022-32746.html
https://bugzilla.suse.com/1196224
https://bugzilla.suse.com/1198255
https://bugzilla.suse.com/1199247
https://bugzilla.suse.com/1199734
https://bugzilla.suse.com/1200556
https://bugzilla.suse.com/1200964
https://bugzilla.suse.com/1201490
https://bugzilla.suse.com/1201492
https://bugzilla.suse.com/1201493
https://bugzilla.suse.com/1201495
https://bugzilla.suse.com/1201496
1
0
SUSE-SU-2022:2581-1: moderate: Security update for libguestfs
by opensuse-security@opensuse.org 28 Jul '22
by opensuse-security@opensuse.org 28 Jul '22
28 Jul '22
SUSE Security Update: Security update for libguestfs
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2581-1
Rating: moderate
References: #1201064
Cross-References: CVE-2022-2211
CVSS scores:
CVE-2022-2211 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2211 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libguestfs fixes the following issues:
- CVE-2022-2211: Fixed a buffer overflow in get_keys (bsc#1201064).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2581=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2581=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2581=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
guestfs-data-1.44.2-150400.3.3.1
guestfs-tools-1.44.2-150400.3.3.1
guestfs-tools-debuginfo-1.44.2-150400.3.3.1
guestfs-winsupport-1.44.2-150400.3.3.1
guestfsd-1.44.2-150400.3.3.1
guestfsd-debuginfo-1.44.2-150400.3.3.1
libguestfs-debugsource-1.44.2-150400.3.3.1
libguestfs-devel-1.44.2-150400.3.3.1
libguestfs-test-1.44.2-150400.3.3.1
libguestfs0-1.44.2-150400.3.3.1
libguestfs0-debuginfo-1.44.2-150400.3.3.1
lua-libguestfs-1.44.2-150400.3.3.1
lua-libguestfs-debuginfo-1.44.2-150400.3.3.1
ocaml-libguestfs-1.44.2-150400.3.3.1
ocaml-libguestfs-debuginfo-1.44.2-150400.3.3.1
ocaml-libguestfs-devel-1.44.2-150400.3.3.1
perl-Sys-Guestfs-1.44.2-150400.3.3.1
perl-Sys-Guestfs-debuginfo-1.44.2-150400.3.3.1
python3-libguestfs-1.44.2-150400.3.3.1
python3-libguestfs-debuginfo-1.44.2-150400.3.3.1
rubygem-libguestfs-1.44.2-150400.3.3.1
rubygem-libguestfs-debuginfo-1.44.2-150400.3.3.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
guestfs-data-1.44.2-150400.3.3.1
guestfs-tools-1.44.2-150400.3.3.1
guestfs-tools-debuginfo-1.44.2-150400.3.3.1
guestfs-winsupport-1.44.2-150400.3.3.1
guestfsd-1.44.2-150400.3.3.1
guestfsd-debuginfo-1.44.2-150400.3.3.1
libguestfs-debugsource-1.44.2-150400.3.3.1
libguestfs-devel-1.44.2-150400.3.3.1
libguestfs0-1.44.2-150400.3.3.1
libguestfs0-debuginfo-1.44.2-150400.3.3.1
perl-Sys-Guestfs-1.44.2-150400.3.3.1
perl-Sys-Guestfs-debuginfo-1.44.2-150400.3.3.1
python3-libguestfs-1.44.2-150400.3.3.1
python3-libguestfs-debuginfo-1.44.2-150400.3.3.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
libguestfs-debugsource-1.44.2-150400.3.3.1
ocaml-libguestfs-devel-1.44.2-150400.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-2211.html
https://bugzilla.suse.com/1201064
1
0
SUSE-SU-2022:2562-1: important: Security update for python-M2Crypto
by opensuse-security@opensuse.org 27 Jul '22
by opensuse-security@opensuse.org 27 Jul '22
27 Jul '22
SUSE Security Update: Security update for python-M2Crypto
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2562-1
Rating: important
References: #1178829
Cross-References: CVE-2020-25657
CVSS scores:
CVE-2020-25657 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-25657 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Public Cloud 15
SUSE Linux Enterprise Module for Python2 15-SP3
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-M2Crypto fixes the following issues:
- CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA
decryption API (bsc#1178829).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2562=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2562=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2562=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2562=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2562=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2562=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2562=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2562=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2562=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2562=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2562=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2562=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2562=1
- SUSE Linux Enterprise Module for Python2 15-SP3:
zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2562=1
- SUSE Linux Enterprise Module for Public Cloud 15:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2562=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2562=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2562=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2562=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2562=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2562=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2562=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2562=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2562=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2562=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2562=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2562=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- openSUSE Leap 15.3 (noarch):
python-M2Crypto-doc-0.35.2-150000.3.14.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Manager Proxy 4.1 (x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64):
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
- SUSE CaaS Platform 4.0 (x86_64):
python-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python-M2Crypto-debugsource-0.35.2-150000.3.14.1
python2-M2Crypto-0.35.2-150000.3.14.1
python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1
python3-M2Crypto-0.35.2-150000.3.14.1
python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1
References:
https://www.suse.com/security/cve/CVE-2020-25657.html
https://bugzilla.suse.com/1178829
1
0
SUSE-SU-2022:2566-1: important: Security update for pcre2
by opensuse-security@opensuse.org 27 Jul '22
by opensuse-security@opensuse.org 27 Jul '22
27 Jul '22
SUSE Security Update: Security update for pcre2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2566-1
Rating: important
References: #1199235
Cross-References: CVE-2022-1587
CVSS scores:
CVE-2022-1587 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1587 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for pcre2 fixes the following issues:
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions
(bsc#1199235).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2566=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2566=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libpcre2-16-0-10.39-150400.4.6.1
libpcre2-16-0-debuginfo-10.39-150400.4.6.1
libpcre2-32-0-10.39-150400.4.6.1
libpcre2-32-0-debuginfo-10.39-150400.4.6.1
libpcre2-8-0-10.39-150400.4.6.1
libpcre2-8-0-debuginfo-10.39-150400.4.6.1
libpcre2-posix2-10.39-150400.4.6.1
libpcre2-posix2-debuginfo-10.39-150400.4.6.1
pcre2-debugsource-10.39-150400.4.6.1
pcre2-devel-10.39-150400.4.6.1
pcre2-devel-static-10.39-150400.4.6.1
pcre2-tools-10.39-150400.4.6.1
pcre2-tools-debuginfo-10.39-150400.4.6.1
- openSUSE Leap 15.4 (noarch):
pcre2-doc-10.39-150400.4.6.1
- openSUSE Leap 15.4 (x86_64):
libpcre2-16-0-32bit-10.39-150400.4.6.1
libpcre2-16-0-32bit-debuginfo-10.39-150400.4.6.1
libpcre2-32-0-32bit-10.39-150400.4.6.1
libpcre2-32-0-32bit-debuginfo-10.39-150400.4.6.1
libpcre2-8-0-32bit-10.39-150400.4.6.1
libpcre2-8-0-32bit-debuginfo-10.39-150400.4.6.1
libpcre2-posix2-32bit-10.39-150400.4.6.1
libpcre2-posix2-32bit-debuginfo-10.39-150400.4.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libpcre2-16-0-10.39-150400.4.6.1
libpcre2-16-0-debuginfo-10.39-150400.4.6.1
libpcre2-32-0-10.39-150400.4.6.1
libpcre2-32-0-debuginfo-10.39-150400.4.6.1
libpcre2-8-0-10.39-150400.4.6.1
libpcre2-8-0-debuginfo-10.39-150400.4.6.1
libpcre2-posix2-10.39-150400.4.6.1
libpcre2-posix2-debuginfo-10.39-150400.4.6.1
pcre2-debugsource-10.39-150400.4.6.1
pcre2-devel-10.39-150400.4.6.1
References:
https://www.suse.com/security/cve/CVE-2022-1587.html
https://bugzilla.suse.com/1199235
1
0
SUSE-SU-2022:2561-1: important: Security update for mariadb
by opensuse-security@opensuse.org 27 Jul '22
by opensuse-security@opensuse.org 27 Jul '22
27 Jul '22
SUSE Security Update: Security update for mariadb
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2561-1
Rating: important
References: #1195076 #1195325 #1195334 #1195339 #1196016
#1198603 #1198604 #1198605 #1198606 #1198607
#1198609 #1198610 #1198611 #1198612 #1198613
#1198628 #1198629 #1198630 #1198631 #1198632
#1198633 #1198634 #1198635 #1198636 #1198637
#1198638 #1198639 #1198640 #1199928 SLE-22245
Cross-References: CVE-2021-46657 CVE-2021-46658 CVE-2021-46659
CVE-2021-46661 CVE-2021-46663 CVE-2021-46664
CVE-2021-46665 CVE-2021-46668 CVE-2021-46669
CVE-2022-24048 CVE-2022-24050 CVE-2022-24051
CVE-2022-24052 CVE-2022-27376 CVE-2022-27377
CVE-2022-27378 CVE-2022-27379 CVE-2022-27380
CVE-2022-27381 CVE-2022-27382 CVE-2022-27383
CVE-2022-27384 CVE-2022-27386 CVE-2022-27387
CVE-2022-27444 CVE-2022-27445 CVE-2022-27446
CVE-2022-27447 CVE-2022-27448 CVE-2022-27449
CVE-2022-27451 CVE-2022-27452 CVE-2022-27455
CVE-2022-27456 CVE-2022-27457 CVE-2022-27458
CVSS scores:
CVE-2021-46657 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46657 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-46658 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46658 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-46659 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46659 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-46661 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46661 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46663 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46663 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46664 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46665 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46668 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46669 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-24048 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24050 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24052 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-27376 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27376 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27377 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27378 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27379 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27380 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27380 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27381 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27381 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27382 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27382 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27383 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27383 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27384 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27384 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27386 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27387 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27387 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-27444 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27444 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27445 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27445 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27446 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27446 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27447 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27447 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27448 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27448 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27449 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27449 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27451 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27451 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27452 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27452 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27455 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27455 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27456 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27456 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27457 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27457 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-27458 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27458 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 36 vulnerabilities, contains one
feature is now available.
Description:
This update for mariadb fixes the following issues:
- Added mariadb-galera (jsc#SLE-22245)
Update to 10.6.8 (bsc#1199928):
- CVE-2021-46669 (bsc#1199928)
- CVE-2022-27376 (bsc#1198628)
- CVE-2022-27377 (bsc#1198603)
- CVE-2022-27378 (bsc#1198604)
- CVE-2022-27379 (bsc#1198605)
- CVE-2022-27380 (bsc#1198606)
- CVE-2022-27381 (bsc#1198607)
- CVE-2022-27382 (bsc#1198609)
- CVE-2022-27383 (bsc#1198610)
- CVE-2022-27384 (bsc#1198611)
- CVE-2022-27386 (bsc#1198612)
- CVE-2022-27387 (bsc#1198613)
- CVE-2022-27444 (bsc#1198634)
- CVE-2022-27445 (bsc#1198629)
- CVE-2022-27446 (bsc#1198630)
- CVE-2022-27447 (bsc#1198631)
- CVE-2022-27448 (bsc#1198632)
- CVE-2022-27449 (bsc#1198633)
- CVE-2022-27451 (bsc#1198639)
- CVE-2022-27452 (bsc#1198640)
- CVE-2022-27455 (bsc#1198638)
- CVE-2022-27456 (bsc#1198635)
- CVE-2022-27457 (bsc#1198636)
- CVE-2022-27458 (bsc#1198637)
- The following issue is not affecting this package: CVE-2022-21427
Update to 10.6.7 (bsc#1196016):
- CVE-2021-46665, CVE-2021-46664, CVE-2021-46661, CVE-2021-46668,
CVE-2021-46663
Update to 10.6.6:
- CVE-2022-24052, CVE-2022-24051, CVE-2022-24050, CVE-2022-24048,
CVE-2021-46659 (bsc#1195339)
The following issues have been fixed already but didn't have CVE
references:
- CVE-2021-46658 (bsc#1195334)
- CVE-2021-46657 (bsc#1195325)
Non security fixes:
- Skip failing tests for s390x, fixes bsc#1195076
External refernences:
- https://mariadb.com/kb/en/library/mariadb-1068-release-notes
- https://mariadb.com/kb/en/library/mariadb-1068-changelog
- https://mariadb.com/kb/en/library/mariadb-1067-release-notes
- https://mariadb.com/kb/en/library/mariadb-1067-changelog
- https://mariadb.com/kb/en/library/mariadb-1066-release-notes
- https://mariadb.com/kb/en/library/mariadb-1066-changelog
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2561=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2561=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libmariadbd-devel-10.6.8-150400.3.7.1
libmariadbd19-10.6.8-150400.3.7.1
libmariadbd19-debuginfo-10.6.8-150400.3.7.1
mariadb-10.6.8-150400.3.7.1
mariadb-bench-10.6.8-150400.3.7.1
mariadb-bench-debuginfo-10.6.8-150400.3.7.1
mariadb-client-10.6.8-150400.3.7.1
mariadb-client-debuginfo-10.6.8-150400.3.7.1
mariadb-debuginfo-10.6.8-150400.3.7.1
mariadb-debugsource-10.6.8-150400.3.7.1
mariadb-galera-10.6.8-150400.3.7.1
mariadb-rpm-macros-10.6.8-150400.3.7.1
mariadb-test-10.6.8-150400.3.7.1
mariadb-test-debuginfo-10.6.8-150400.3.7.1
mariadb-tools-10.6.8-150400.3.7.1
mariadb-tools-debuginfo-10.6.8-150400.3.7.1
- openSUSE Leap 15.4 (noarch):
mariadb-errormessages-10.6.8-150400.3.7.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libmariadbd-devel-10.6.8-150400.3.7.1
libmariadbd19-10.6.8-150400.3.7.1
libmariadbd19-debuginfo-10.6.8-150400.3.7.1
mariadb-10.6.8-150400.3.7.1
mariadb-client-10.6.8-150400.3.7.1
mariadb-client-debuginfo-10.6.8-150400.3.7.1
mariadb-debuginfo-10.6.8-150400.3.7.1
mariadb-debugsource-10.6.8-150400.3.7.1
mariadb-tools-10.6.8-150400.3.7.1
mariadb-tools-debuginfo-10.6.8-150400.3.7.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
mariadb-errormessages-10.6.8-150400.3.7.1
References:
https://www.suse.com/security/cve/CVE-2021-46657.html
https://www.suse.com/security/cve/CVE-2021-46658.html
https://www.suse.com/security/cve/CVE-2021-46659.html
https://www.suse.com/security/cve/CVE-2021-46661.html
https://www.suse.com/security/cve/CVE-2021-46663.html
https://www.suse.com/security/cve/CVE-2021-46664.html
https://www.suse.com/security/cve/CVE-2021-46665.html
https://www.suse.com/security/cve/CVE-2021-46668.html
https://www.suse.com/security/cve/CVE-2021-46669.html
https://www.suse.com/security/cve/CVE-2022-24048.html
https://www.suse.com/security/cve/CVE-2022-24050.html
https://www.suse.com/security/cve/CVE-2022-24051.html
https://www.suse.com/security/cve/CVE-2022-24052.html
https://www.suse.com/security/cve/CVE-2022-27376.html
https://www.suse.com/security/cve/CVE-2022-27377.html
https://www.suse.com/security/cve/CVE-2022-27378.html
https://www.suse.com/security/cve/CVE-2022-27379.html
https://www.suse.com/security/cve/CVE-2022-27380.html
https://www.suse.com/security/cve/CVE-2022-27381.html
https://www.suse.com/security/cve/CVE-2022-27382.html
https://www.suse.com/security/cve/CVE-2022-27383.html
https://www.suse.com/security/cve/CVE-2022-27384.html
https://www.suse.com/security/cve/CVE-2022-27386.html
https://www.suse.com/security/cve/CVE-2022-27387.html
https://www.suse.com/security/cve/CVE-2022-27444.html
https://www.suse.com/security/cve/CVE-2022-27445.html
https://www.suse.com/security/cve/CVE-2022-27446.html
https://www.suse.com/security/cve/CVE-2022-27447.html
https://www.suse.com/security/cve/CVE-2022-27448.html
https://www.suse.com/security/cve/CVE-2022-27449.html
https://www.suse.com/security/cve/CVE-2022-27451.html
https://www.suse.com/security/cve/CVE-2022-27452.html
https://www.suse.com/security/cve/CVE-2022-27455.html
https://www.suse.com/security/cve/CVE-2022-27456.html
https://www.suse.com/security/cve/CVE-2022-27457.html
https://www.suse.com/security/cve/CVE-2022-27458.html
https://bugzilla.suse.com/1195076
https://bugzilla.suse.com/1195325
https://bugzilla.suse.com/1195334
https://bugzilla.suse.com/1195339
https://bugzilla.suse.com/1196016
https://bugzilla.suse.com/1198603
https://bugzilla.suse.com/1198604
https://bugzilla.suse.com/1198605
https://bugzilla.suse.com/1198606
https://bugzilla.suse.com/1198607
https://bugzilla.suse.com/1198609
https://bugzilla.suse.com/1198610
https://bugzilla.suse.com/1198611
https://bugzilla.suse.com/1198612
https://bugzilla.suse.com/1198613
https://bugzilla.suse.com/1198628
https://bugzilla.suse.com/1198629
https://bugzilla.suse.com/1198630
https://bugzilla.suse.com/1198631
https://bugzilla.suse.com/1198632
https://bugzilla.suse.com/1198633
https://bugzilla.suse.com/1198634
https://bugzilla.suse.com/1198635
https://bugzilla.suse.com/1198636
https://bugzilla.suse.com/1198637
https://bugzilla.suse.com/1198638
https://bugzilla.suse.com/1198639
https://bugzilla.suse.com/1198640
https://bugzilla.suse.com/1199928
1
0