July 2022 - openSUSE Security Announce

SUSE-SU-2022:2599-1: important: Security update for xen
by opensuse-security＠opensuse.org 29 Jul '22

29 Jul '22

SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2599-1 Rating: important References: #1027519 #1199965 #1199966 #1200549 #1201394 #1201469 Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 CVSS scores: CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2599=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2599=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2599=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2599=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2599=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): xen-4.14.5_04-150300.3.32.1 xen-debugsource-4.14.5_04-150300.3.32.1 xen-devel-4.14.5_04-150300.3.32.1 xen-doc-html-4.14.5_04-150300.3.32.1 xen-libs-4.14.5_04-150300.3.32.1 xen-libs-debuginfo-4.14.5_04-150300.3.32.1 xen-tools-4.14.5_04-150300.3.32.1 xen-tools-debuginfo-4.14.5_04-150300.3.32.1 xen-tools-domU-4.14.5_04-150300.3.32.1 xen-tools-domU-debuginfo-4.14.5_04-150300.3.32.1 - openSUSE Leap 15.3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1 - openSUSE Leap 15.3 (x86_64): xen-libs-32bit-4.14.5_04-150300.3.32.1 xen-libs-32bit-debuginfo-4.14.5_04-150300.3.32.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): xen-4.14.5_04-150300.3.32.1 xen-debugsource-4.14.5_04-150300.3.32.1 xen-devel-4.14.5_04-150300.3.32.1 xen-tools-4.14.5_04-150300.3.32.1 xen-tools-debuginfo-4.14.5_04-150300.3.32.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_04-150300.3.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): xen-debugsource-4.14.5_04-150300.3.32.1 xen-libs-4.14.5_04-150300.3.32.1 xen-libs-debuginfo-4.14.5_04-150300.3.32.1 xen-tools-domU-4.14.5_04-150300.3.32.1 xen-tools-domU-debuginfo-4.14.5_04-150300.3.32.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): xen-debugsource-4.14.5_04-150300.3.32.1 xen-libs-4.14.5_04-150300.3.32.1 xen-libs-debuginfo-4.14.5_04-150300.3.32.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.5_04-150300.3.32.1 xen-libs-4.14.5_04-150300.3.32.1 xen-libs-debuginfo-4.14.5_04-150300.3.32.1 References: https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-23816.html https://www.suse.com/security/cve/CVE-2022-23825.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-33745.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201469

1 0

SUSE-SU-2022:2595-1: important: Security update for mozilla-nss
by opensuse-security＠opensuse.org 29 Jul '22

29 Jul '22

SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2595-1 Rating: important References: #1192079 #1192080 #1192086 #1192087 #1192228 #1198486 #1200027 Cross-References: CVE-2022-31741 CVSS scores: CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2595=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2595=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150400.3.7.1 libfreebl3-debuginfo-3.79-150400.3.7.1 libfreebl3-hmac-3.79-150400.3.7.1 libsoftokn3-3.79-150400.3.7.1 libsoftokn3-debuginfo-3.79-150400.3.7.1 libsoftokn3-hmac-3.79-150400.3.7.1 mozilla-nss-3.79-150400.3.7.1 mozilla-nss-certs-3.79-150400.3.7.1 mozilla-nss-certs-debuginfo-3.79-150400.3.7.1 mozilla-nss-debuginfo-3.79-150400.3.7.1 mozilla-nss-debugsource-3.79-150400.3.7.1 mozilla-nss-devel-3.79-150400.3.7.1 mozilla-nss-sysinit-3.79-150400.3.7.1 mozilla-nss-sysinit-debuginfo-3.79-150400.3.7.1 mozilla-nss-tools-3.79-150400.3.7.1 mozilla-nss-tools-debuginfo-3.79-150400.3.7.1 - openSUSE Leap 15.4 (x86_64): libfreebl3-32bit-3.79-150400.3.7.1 libfreebl3-32bit-debuginfo-3.79-150400.3.7.1 libfreebl3-hmac-32bit-3.79-150400.3.7.1 libsoftokn3-32bit-3.79-150400.3.7.1 libsoftokn3-32bit-debuginfo-3.79-150400.3.7.1 libsoftokn3-hmac-32bit-3.79-150400.3.7.1 mozilla-nss-32bit-3.79-150400.3.7.1 mozilla-nss-32bit-debuginfo-3.79-150400.3.7.1 mozilla-nss-certs-32bit-3.79-150400.3.7.1 mozilla-nss-certs-32bit-debuginfo-3.79-150400.3.7.1 mozilla-nss-sysinit-32bit-3.79-150400.3.7.1 mozilla-nss-sysinit-32bit-debuginfo-3.79-150400.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150400.3.7.1 libfreebl3-debuginfo-3.79-150400.3.7.1 libfreebl3-hmac-3.79-150400.3.7.1 libsoftokn3-3.79-150400.3.7.1 libsoftokn3-debuginfo-3.79-150400.3.7.1 libsoftokn3-hmac-3.79-150400.3.7.1 mozilla-nss-3.79-150400.3.7.1 mozilla-nss-certs-3.79-150400.3.7.1 mozilla-nss-certs-debuginfo-3.79-150400.3.7.1 mozilla-nss-debuginfo-3.79-150400.3.7.1 mozilla-nss-debugsource-3.79-150400.3.7.1 mozilla-nss-devel-3.79-150400.3.7.1 mozilla-nss-sysinit-3.79-150400.3.7.1 mozilla-nss-sysinit-debuginfo-3.79-150400.3.7.1 mozilla-nss-tools-3.79-150400.3.7.1 mozilla-nss-tools-debuginfo-3.79-150400.3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libfreebl3-32bit-3.79-150400.3.7.1 libfreebl3-32bit-debuginfo-3.79-150400.3.7.1 libfreebl3-hmac-32bit-3.79-150400.3.7.1 libsoftokn3-32bit-3.79-150400.3.7.1 libsoftokn3-32bit-debuginfo-3.79-150400.3.7.1 libsoftokn3-hmac-32bit-3.79-150400.3.7.1 mozilla-nss-32bit-3.79-150400.3.7.1 mozilla-nss-32bit-debuginfo-3.79-150400.3.7.1 mozilla-nss-certs-32bit-3.79-150400.3.7.1 mozilla-nss-certs-32bit-debuginfo-3.79-150400.3.7.1 References: https://www.suse.com/security/cve/CVE-2022-31741.html https://bugzilla.suse.com/1192079 https://bugzilla.suse.com/1192080 https://bugzilla.suse.com/1192086 https://bugzilla.suse.com/1192087 https://bugzilla.suse.com/1192228 https://bugzilla.suse.com/1198486 https://bugzilla.suse.com/1200027

1 0

SUSE-SU-2022:2597-1: important: Security update for xen
by opensuse-security＠opensuse.org 29 Jul '22

29 Jul '22

SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2597-1 Rating: important References: #1027519 #1199965 #1199966 #1200549 #1201394 #1201469 Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29900 CVE-2022-33745 CVSS scores: CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2597=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2597=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2597=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): xen-4.16.1_06-150400.4.8.1 xen-debugsource-4.16.1_06-150400.4.8.1 xen-devel-4.16.1_06-150400.4.8.1 xen-doc-html-4.16.1_06-150400.4.8.1 xen-libs-4.16.1_06-150400.4.8.1 xen-libs-debuginfo-4.16.1_06-150400.4.8.1 xen-tools-4.16.1_06-150400.4.8.1 xen-tools-debuginfo-4.16.1_06-150400.4.8.1 xen-tools-domU-4.16.1_06-150400.4.8.1 xen-tools-domU-debuginfo-4.16.1_06-150400.4.8.1 - openSUSE Leap 15.4 (x86_64): xen-libs-32bit-4.16.1_06-150400.4.8.1 xen-libs-32bit-debuginfo-4.16.1_06-150400.4.8.1 - openSUSE Leap 15.4 (noarch): xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64): xen-4.16.1_06-150400.4.8.1 xen-debugsource-4.16.1_06-150400.4.8.1 xen-devel-4.16.1_06-150400.4.8.1 xen-tools-4.16.1_06-150400.4.8.1 xen-tools-debuginfo-4.16.1_06-150400.4.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): xen-tools-xendomains-wait-disk-4.16.1_06-150400.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): xen-debugsource-4.16.1_06-150400.4.8.1 xen-libs-4.16.1_06-150400.4.8.1 xen-libs-debuginfo-4.16.1_06-150400.4.8.1 xen-tools-domU-4.16.1_06-150400.4.8.1 xen-tools-domU-debuginfo-4.16.1_06-150400.4.8.1 References: https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-23816.html https://www.suse.com/security/cve/CVE-2022-23825.html https://www.suse.com/security/cve/CVE-2022-26362.html https://www.suse.com/security/cve/CVE-2022-26363.html https://www.suse.com/security/cve/CVE-2022-26364.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-33745.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1199965 https://bugzilla.suse.com/1199966 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1201394 https://bugzilla.suse.com/1201469

1 0

SUSE-SU-2022:2592-1: important: Security update for rubygem-tzinfo
by opensuse-security＠opensuse.org 29 Jul '22

29 Jul '22

SUSE Security Update: Security update for rubygem-tzinfo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2592-1 Rating: important References: #1201835 Cross-References: CVE-2022-31163 CVSS scores: CVE-2022-31163 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files (bsc#1201835). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2592=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2592=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2592=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2592=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2592=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2592=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2592=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 ruby2.5-rubygem-tzinfo-doc-1.2.4-150000.3.3.1 ruby2.5-rubygem-tzinfo-testsuite-1.2.4-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 ruby2.5-rubygem-tzinfo-doc-1.2.4-150000.3.3.1 ruby2.5-rubygem-tzinfo-testsuite-1.2.4-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-tzinfo-1.2.4-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-31163.html https://bugzilla.suse.com/1201835

1 0

SUSE-SU-2022:2583-1: important: Security update for aws-iam-authenticator
by opensuse-security＠opensuse.org 29 Jul '22

29 Jul '22

SUSE Security Update: Security update for aws-iam-authenticator ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2583-1 Rating: important References: #1201395 Cross-References: CVE-2022-2385 CVSS scores: CVE-2022-2385 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2385 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for aws-iam-authenticator fixes the following issues: - CVE-2022-2385: Fixed AccessKeyID validation bypass (bsc#1201395). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2583=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2583=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2583=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2583=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2583=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2583=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-2583=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 - SUSE Linux Enterprise Module for Public Cloud 15 (x86_64): aws-iam-authenticator-0.5.3-150000.1.9.1 References: https://www.suse.com/security/cve/CVE-2022-2385.html https://bugzilla.suse.com/1201395

1 0

SUSE-SU-2022:2586-1: important: Security update for ldb, samba
by opensuse-security＠opensuse.org 29 Jul '22

29 Jul '22

SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2586-1 Rating: important References: #1196224 #1198255 #1199247 #1199734 #1200556 #1200964 #1201490 #1201492 #1201493 #1201495 #1201496 Cross-References: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVSS scores: CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32745 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-32746 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. Description: This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2586=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2586=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2586=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2586=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2586=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2586=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-2586=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-pcp-pmda-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-pcp-pmda-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 ldb-debugsource-2.4.3-150300.3.20.1 ldb-tools-2.4.3-150300.3.20.1 ldb-tools-debuginfo-2.4.3-150300.3.20.1 libldb-devel-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 python3-ldb-2.4.3-150300.3.20.1 python3-ldb-debuginfo-2.4.3-150300.3.20.1 python3-ldb-devel-2.4.3-150300.3.20.1 samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-gpupdate-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-test-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-test-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-tool-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (aarch64 x86_64): samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (aarch64_ilp32): libsamba-policy0-python3-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-64bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-64bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (noarch): samba-doc-4.15.8+git.500.d5910280cc7-150300.3.37.1 - openSUSE Leap 15.3 (x86_64): libldb2-32bit-2.4.3-150300.3.20.1 libldb2-32bit-debuginfo-2.4.3-150300.3.20.1 libsamba-policy0-python3-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 python3-ldb-32bit-2.4.3-150300.3.20.1 python3-ldb-32bit-debuginfo-2.4.3-150300.3.20.1 samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.4.3-150300.3.20.1 ldb-tools-2.4.3-150300.3.20.1 ldb-tools-debuginfo-2.4.3-150300.3.20.1 libldb-devel-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 libsamba-policy0-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 python3-ldb-2.4.3-150300.3.20.1 python3-ldb-debuginfo-2.4.3-150300.3.20.1 python3-ldb-devel-2.4.3-150300.3.20.1 samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-dsdb-modules-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-gpupdate-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ldb-ldap-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-tool-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libldb2-32bit-2.4.3-150300.3.20.1 libldb2-32bit-debuginfo-2.4.3-150300.3.20.1 samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-devel-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): ldb-debugsource-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): ldb-debugsource-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ctdb-4.15.8+git.500.d5910280cc7-150300.3.37.1 ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 ldb-debugsource-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 python3-ldb-2.4.3-150300.3.20.1 python3-ldb-debuginfo-2.4.3-150300.3.20.1 samba-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 References: https://www.suse.com/security/cve/CVE-2022-2031.html https://www.suse.com/security/cve/CVE-2022-32742.html https://www.suse.com/security/cve/CVE-2022-32744.html https://www.suse.com/security/cve/CVE-2022-32745.html https://www.suse.com/security/cve/CVE-2022-32746.html https://bugzilla.suse.com/1196224 https://bugzilla.suse.com/1198255 https://bugzilla.suse.com/1199247 https://bugzilla.suse.com/1199734 https://bugzilla.suse.com/1200556 https://bugzilla.suse.com/1200964 https://bugzilla.suse.com/1201490 https://bugzilla.suse.com/1201492 https://bugzilla.suse.com/1201493 https://bugzilla.suse.com/1201495 https://bugzilla.suse.com/1201496

1 0

SUSE-SU-2022:2581-1: moderate: Security update for libguestfs
by opensuse-security＠opensuse.org 28 Jul '22

28 Jul '22

SUSE Security Update: Security update for libguestfs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2581-1 Rating: moderate References: #1201064 Cross-References: CVE-2022-2211 CVSS scores: CVE-2022-2211 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2211 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libguestfs fixes the following issues: - CVE-2022-2211: Fixed a buffer overflow in get_keys (bsc#1201064). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2581=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2581=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2581=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): guestfs-data-1.44.2-150400.3.3.1 guestfs-tools-1.44.2-150400.3.3.1 guestfs-tools-debuginfo-1.44.2-150400.3.3.1 guestfs-winsupport-1.44.2-150400.3.3.1 guestfsd-1.44.2-150400.3.3.1 guestfsd-debuginfo-1.44.2-150400.3.3.1 libguestfs-debugsource-1.44.2-150400.3.3.1 libguestfs-devel-1.44.2-150400.3.3.1 libguestfs-test-1.44.2-150400.3.3.1 libguestfs0-1.44.2-150400.3.3.1 libguestfs0-debuginfo-1.44.2-150400.3.3.1 lua-libguestfs-1.44.2-150400.3.3.1 lua-libguestfs-debuginfo-1.44.2-150400.3.3.1 ocaml-libguestfs-1.44.2-150400.3.3.1 ocaml-libguestfs-debuginfo-1.44.2-150400.3.3.1 ocaml-libguestfs-devel-1.44.2-150400.3.3.1 perl-Sys-Guestfs-1.44.2-150400.3.3.1 perl-Sys-Guestfs-debuginfo-1.44.2-150400.3.3.1 python3-libguestfs-1.44.2-150400.3.3.1 python3-libguestfs-debuginfo-1.44.2-150400.3.3.1 rubygem-libguestfs-1.44.2-150400.3.3.1 rubygem-libguestfs-debuginfo-1.44.2-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): guestfs-data-1.44.2-150400.3.3.1 guestfs-tools-1.44.2-150400.3.3.1 guestfs-tools-debuginfo-1.44.2-150400.3.3.1 guestfs-winsupport-1.44.2-150400.3.3.1 guestfsd-1.44.2-150400.3.3.1 guestfsd-debuginfo-1.44.2-150400.3.3.1 libguestfs-debugsource-1.44.2-150400.3.3.1 libguestfs-devel-1.44.2-150400.3.3.1 libguestfs0-1.44.2-150400.3.3.1 libguestfs0-debuginfo-1.44.2-150400.3.3.1 perl-Sys-Guestfs-1.44.2-150400.3.3.1 perl-Sys-Guestfs-debuginfo-1.44.2-150400.3.3.1 python3-libguestfs-1.44.2-150400.3.3.1 python3-libguestfs-debuginfo-1.44.2-150400.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libguestfs-debugsource-1.44.2-150400.3.3.1 ocaml-libguestfs-devel-1.44.2-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-2211.html https://bugzilla.suse.com/1201064

1 0

SUSE-SU-2022:2562-1: important: Security update for python-M2Crypto
by opensuse-security＠opensuse.org 27 Jul '22

27 Jul '22

SUSE Security Update: Security update for python-M2Crypto ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2562-1 Rating: important References: #1178829 Cross-References: CVE-2020-25657 CVSS scores: CVE-2020-25657 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25657 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2562=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2562=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2562=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2562=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2562=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2562=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2562=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2562=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2562=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2562=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2562=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2562=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2562=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2562=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2562=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2562=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2562=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2562=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2562=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2562=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2562=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - openSUSE Leap 15.3 (noarch): python-M2Crypto-doc-0.35.2-150000.3.14.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Manager Proxy 4.1 (x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 - SUSE CaaS Platform 4.0 (x86_64): python-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python-M2Crypto-debugsource-0.35.2-150000.3.14.1 python2-M2Crypto-0.35.2-150000.3.14.1 python2-M2Crypto-debuginfo-0.35.2-150000.3.14.1 python3-M2Crypto-0.35.2-150000.3.14.1 python3-M2Crypto-debuginfo-0.35.2-150000.3.14.1 References: https://www.suse.com/security/cve/CVE-2020-25657.html https://bugzilla.suse.com/1178829

1 0

SUSE-SU-2022:2566-1: important: Security update for pcre2
by opensuse-security＠opensuse.org 27 Jul '22

27 Jul '22

SUSE Security Update: Security update for pcre2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2566-1 Rating: important References: #1199235 Cross-References: CVE-2022-1587 CVSS scores: CVE-2022-1587 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-1587 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2566=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2566=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.39-150400.4.6.1 libpcre2-16-0-debuginfo-10.39-150400.4.6.1 libpcre2-32-0-10.39-150400.4.6.1 libpcre2-32-0-debuginfo-10.39-150400.4.6.1 libpcre2-8-0-10.39-150400.4.6.1 libpcre2-8-0-debuginfo-10.39-150400.4.6.1 libpcre2-posix2-10.39-150400.4.6.1 libpcre2-posix2-debuginfo-10.39-150400.4.6.1 pcre2-debugsource-10.39-150400.4.6.1 pcre2-devel-10.39-150400.4.6.1 pcre2-devel-static-10.39-150400.4.6.1 pcre2-tools-10.39-150400.4.6.1 pcre2-tools-debuginfo-10.39-150400.4.6.1 - openSUSE Leap 15.4 (noarch): pcre2-doc-10.39-150400.4.6.1 - openSUSE Leap 15.4 (x86_64): libpcre2-16-0-32bit-10.39-150400.4.6.1 libpcre2-16-0-32bit-debuginfo-10.39-150400.4.6.1 libpcre2-32-0-32bit-10.39-150400.4.6.1 libpcre2-32-0-32bit-debuginfo-10.39-150400.4.6.1 libpcre2-8-0-32bit-10.39-150400.4.6.1 libpcre2-8-0-32bit-debuginfo-10.39-150400.4.6.1 libpcre2-posix2-32bit-10.39-150400.4.6.1 libpcre2-posix2-32bit-debuginfo-10.39-150400.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.39-150400.4.6.1 libpcre2-16-0-debuginfo-10.39-150400.4.6.1 libpcre2-32-0-10.39-150400.4.6.1 libpcre2-32-0-debuginfo-10.39-150400.4.6.1 libpcre2-8-0-10.39-150400.4.6.1 libpcre2-8-0-debuginfo-10.39-150400.4.6.1 libpcre2-posix2-10.39-150400.4.6.1 libpcre2-posix2-debuginfo-10.39-150400.4.6.1 pcre2-debugsource-10.39-150400.4.6.1 pcre2-devel-10.39-150400.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-1587.html https://bugzilla.suse.com/1199235

1 0

SUSE-SU-2022:2561-1: important: Security update for mariadb
by opensuse-security＠opensuse.org 27 Jul '22

27 Jul '22

SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2561-1 Rating: important References: #1195076 #1195325 #1195334 #1195339 #1196016 #1198603 #1198604 #1198605 #1198606 #1198607 #1198609 #1198610 #1198611 #1198612 #1198613 #1198628 #1198629 #1198630 #1198631 #1198632 #1198633 #1198634 #1198635 #1198636 #1198637 #1198638 #1198639 #1198640 #1199928 SLE-22245 Cross-References: CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2021-46669 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVE-2022-27376 CVE-2022-27377 CVE-2022-27378 CVE-2022-27379 CVE-2022-27380 CVE-2022-27381 CVE-2022-27382 CVE-2022-27383 CVE-2022-27384 CVE-2022-27386 CVE-2022-27387 CVE-2022-27444 CVE-2022-27445 CVE-2022-27446 CVE-2022-27447 CVE-2022-27448 CVE-2022-27449 CVE-2022-27451 CVE-2022-27452 CVE-2022-27455 CVE-2022-27456 CVE-2022-27457 CVE-2022-27458 CVSS scores: CVE-2021-46657 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46657 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46658 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46658 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46659 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46659 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46661 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46661 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46664 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46665 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46668 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46669 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24048 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24050 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24052 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27376 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27376 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27377 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27377 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27378 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27378 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27379 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27380 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27380 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27381 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27381 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27382 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27382 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27383 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27383 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27384 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27384 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27386 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27387 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27387 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27444 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27444 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27445 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27445 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27446 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27446 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27447 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27447 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27448 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27448 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27449 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27449 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27451 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27451 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27452 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27452 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27455 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27455 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27456 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27456 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27457 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27457 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-27458 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27458 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 36 vulnerabilities, contains one feature is now available. Description: This update for mariadb fixes the following issues: - Added mariadb-galera (jsc#SLE-22245) Update to 10.6.8 (bsc#1199928): - CVE-2021-46669 (bsc#1199928) - CVE-2022-27376 (bsc#1198628) - CVE-2022-27377 (bsc#1198603) - CVE-2022-27378 (bsc#1198604) - CVE-2022-27379 (bsc#1198605) - CVE-2022-27380 (bsc#1198606) - CVE-2022-27381 (bsc#1198607) - CVE-2022-27382 (bsc#1198609) - CVE-2022-27383 (bsc#1198610) - CVE-2022-27384 (bsc#1198611) - CVE-2022-27386 (bsc#1198612) - CVE-2022-27387 (bsc#1198613) - CVE-2022-27444 (bsc#1198634) - CVE-2022-27445 (bsc#1198629) - CVE-2022-27446 (bsc#1198630) - CVE-2022-27447 (bsc#1198631) - CVE-2022-27448 (bsc#1198632) - CVE-2022-27449 (bsc#1198633) - CVE-2022-27451 (bsc#1198639) - CVE-2022-27452 (bsc#1198640) - CVE-2022-27455 (bsc#1198638) - CVE-2022-27456 (bsc#1198635) - CVE-2022-27457 (bsc#1198636) - CVE-2022-27458 (bsc#1198637) - The following issue is not affecting this package: CVE-2022-21427 Update to 10.6.7 (bsc#1196016): - CVE-2021-46665, CVE-2021-46664, CVE-2021-46661, CVE-2021-46668, CVE-2021-46663 Update to 10.6.6: - CVE-2022-24052, CVE-2022-24051, CVE-2022-24050, CVE-2022-24048, CVE-2021-46659 (bsc#1195339) The following issues have been fixed already but didn't have CVE references: - CVE-2021-46658 (bsc#1195334) - CVE-2021-46657 (bsc#1195325) Non security fixes: - Skip failing tests for s390x, fixes bsc#1195076 External refernences: - https://mariadb.com/kb/en/library/mariadb-1068-release-notes - https://mariadb.com/kb/en/library/mariadb-1068-changelog - https://mariadb.com/kb/en/library/mariadb-1067-release-notes - https://mariadb.com/kb/en/library/mariadb-1067-changelog - https://mariadb.com/kb/en/library/mariadb-1066-release-notes - https://mariadb.com/kb/en/library/mariadb-1066-changelog Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2561=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2561=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.6.8-150400.3.7.1 libmariadbd19-10.6.8-150400.3.7.1 libmariadbd19-debuginfo-10.6.8-150400.3.7.1 mariadb-10.6.8-150400.3.7.1 mariadb-bench-10.6.8-150400.3.7.1 mariadb-bench-debuginfo-10.6.8-150400.3.7.1 mariadb-client-10.6.8-150400.3.7.1 mariadb-client-debuginfo-10.6.8-150400.3.7.1 mariadb-debuginfo-10.6.8-150400.3.7.1 mariadb-debugsource-10.6.8-150400.3.7.1 mariadb-galera-10.6.8-150400.3.7.1 mariadb-rpm-macros-10.6.8-150400.3.7.1 mariadb-test-10.6.8-150400.3.7.1 mariadb-test-debuginfo-10.6.8-150400.3.7.1 mariadb-tools-10.6.8-150400.3.7.1 mariadb-tools-debuginfo-10.6.8-150400.3.7.1 - openSUSE Leap 15.4 (noarch): mariadb-errormessages-10.6.8-150400.3.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libmariadbd-devel-10.6.8-150400.3.7.1 libmariadbd19-10.6.8-150400.3.7.1 libmariadbd19-debuginfo-10.6.8-150400.3.7.1 mariadb-10.6.8-150400.3.7.1 mariadb-client-10.6.8-150400.3.7.1 mariadb-client-debuginfo-10.6.8-150400.3.7.1 mariadb-debuginfo-10.6.8-150400.3.7.1 mariadb-debugsource-10.6.8-150400.3.7.1 mariadb-tools-10.6.8-150400.3.7.1 mariadb-tools-debuginfo-10.6.8-150400.3.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): mariadb-errormessages-10.6.8-150400.3.7.1 References: https://www.suse.com/security/cve/CVE-2021-46657.html https://www.suse.com/security/cve/CVE-2021-46658.html https://www.suse.com/security/cve/CVE-2021-46659.html https://www.suse.com/security/cve/CVE-2021-46661.html https://www.suse.com/security/cve/CVE-2021-46663.html https://www.suse.com/security/cve/CVE-2021-46664.html https://www.suse.com/security/cve/CVE-2021-46665.html https://www.suse.com/security/cve/CVE-2021-46668.html https://www.suse.com/security/cve/CVE-2021-46669.html https://www.suse.com/security/cve/CVE-2022-24048.html https://www.suse.com/security/cve/CVE-2022-24050.html https://www.suse.com/security/cve/CVE-2022-24051.html https://www.suse.com/security/cve/CVE-2022-24052.html https://www.suse.com/security/cve/CVE-2022-27376.html https://www.suse.com/security/cve/CVE-2022-27377.html https://www.suse.com/security/cve/CVE-2022-27378.html https://www.suse.com/security/cve/CVE-2022-27379.html https://www.suse.com/security/cve/CVE-2022-27380.html https://www.suse.com/security/cve/CVE-2022-27381.html https://www.suse.com/security/cve/CVE-2022-27382.html https://www.suse.com/security/cve/CVE-2022-27383.html https://www.suse.com/security/cve/CVE-2022-27384.html https://www.suse.com/security/cve/CVE-2022-27386.html https://www.suse.com/security/cve/CVE-2022-27387.html https://www.suse.com/security/cve/CVE-2022-27444.html https://www.suse.com/security/cve/CVE-2022-27445.html https://www.suse.com/security/cve/CVE-2022-27446.html https://www.suse.com/security/cve/CVE-2022-27447.html https://www.suse.com/security/cve/CVE-2022-27448.html https://www.suse.com/security/cve/CVE-2022-27449.html https://www.suse.com/security/cve/CVE-2022-27451.html https://www.suse.com/security/cve/CVE-2022-27452.html https://www.suse.com/security/cve/CVE-2022-27455.html https://www.suse.com/security/cve/CVE-2022-27456.html https://www.suse.com/security/cve/CVE-2022-27457.html https://www.suse.com/security/cve/CVE-2022-27458.html https://bugzilla.suse.com/1195076 https://bugzilla.suse.com/1195325 https://bugzilla.suse.com/1195334 https://bugzilla.suse.com/1195339 https://bugzilla.suse.com/1196016 https://bugzilla.suse.com/1198603 https://bugzilla.suse.com/1198604 https://bugzilla.suse.com/1198605 https://bugzilla.suse.com/1198606 https://bugzilla.suse.com/1198607 https://bugzilla.suse.com/1198609 https://bugzilla.suse.com/1198610 https://bugzilla.suse.com/1198611 https://bugzilla.suse.com/1198612 https://bugzilla.suse.com/1198613 https://bugzilla.suse.com/1198628 https://bugzilla.suse.com/1198629 https://bugzilla.suse.com/1198630 https://bugzilla.suse.com/1198631 https://bugzilla.suse.com/1198632 https://bugzilla.suse.com/1198633 https://bugzilla.suse.com/1198634 https://bugzilla.suse.com/1198635 https://bugzilla.suse.com/1198636 https://bugzilla.suse.com/1198637 https://bugzilla.suse.com/1198638 https://bugzilla.suse.com/1198639 https://bugzilla.suse.com/1198640 https://bugzilla.suse.com/1199928

1 0

openSUSE-SU-2022:10067-1: important: Security update for virtualbox
by opensuse-security＠opensuse.org 27 Jul '22

27 Jul '22

openSUSE Security Update: Security update for virtualbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10067-1 Rating: important References: #1198676 #1198677 #1198678 #1198679 #1198680 #1198703 #1199803 #1201720 Cross-References: CVE-2022-21465 CVE-2022-21471 CVE-2022-21487 CVE-2022-21488 CVE-2022-21491 CVE-2022-21554 CVE-2022-21571 CVSS scores: CVE-2022-21465 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H CVE-2022-21465 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H CVE-2022-21471 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-21471 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-21487 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2022-21487 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2022-21488 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVE-2022-21488 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVE-2022-21491 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21491 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21554 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21554 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-21571 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-21571 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has one errata is now available. Description: This update for virtualbox fixes the following issues: - Save and restore FPU status during interrupt. (boo#1199803) - Update support of building with Python - Replace SDL-devel BuildRequires with pkgconfig(sdl): allow to use sdl12_compat as an alternative. Version bump to 6.1.36 released by Oracle July 19 2022 This is a maintenance release. The following items were fixed and/or added: - VMM: Fixed possible Linux guest kernel crash when configuring Speculative Store Bypass for a single vCPU VM - GUI: In the storage page of the virtual machine settings dialog, fixed a bug which disrupted mouse interaction with the native file selector on KDE - NAT: Prevent issue when host resolver incorrectly returned NXDOMAIN for unsupported queries (bug #20977) - Audio: General improvements in saved state area - Recording: Various fixes for settings handling - VGA: Performance improvements for screen updates when VBE banking is used - USB: Fixed rare crashes when detaching a USB device - ATA: Fixed NT4 guests taking a minute to eject CDs - vboximg-mount: Fixed broken write support (bug #20896) - SDK: Fixed Python bindings incorrectly trying to convert arbitrary byte data into unicode objects with Python 3, causing exceptions (bug #19740) - API: Fixed an issue when virtual USB mass storage devices or virtual USB DVD drives are added while the VM is not running are by default not marked as hot-pluggable - API: Initial support for Python 3.10 - API: Solaris OS types cleanup - Linux and Solaris hosts: Allow to mount shared folder if it is represented as a symlink on a host side (bug #17491) - Linux Host and Guest drivers: Introduced initial support for kernels 5.18, 5.19 and RHEL 9.1 (bugs #20914, #20941) - Linux Host and Guest drivers: Better support for kernels built with clang compiler (bugs #20425 and #20998) - Solaris Guest Additions: General improvements in installer area - Solaris Guest Additions: Fixed guest screen resize in VMSVGA graphics configuration - Linux and Solaris Guest Additions: Fixed multi-screen handling in VBoxVGA and VBoxSVGA graphics configuration - Linux and Solaris Guest Additions: Added support for setting primary screen via VBoxManage - Linux and Solaris Guest Additions: Fixed X11 resources leak when resizing guest screens - Linux and Solaris Guest Additions: Fixed file descriptor leak when starting a process using guest control (bug #20902) - Linux and Solaris Guest Additions: Fixed guest control executing processes as root - Linux Guest Additions: Improved guests booting time by preventing kernel modules from being rebuilt when it is not necessary (bug #20502) - Windows Guest Additions: Fixed VBoxTray crash on startup in NT4 guests on rare circumstances - Fixes CVE-2022-21571,CVE-2022-21554 - boo#1201720 Version bump to 6.1.34 (released March 22 2022) by Oracle - This is a maintenance release. The following items were fixed and/or added: - VMM: Fix instruction emulation for "cmpxchg16b" - GUI: Improved GUI behavior on macOS Big Sur and later when kernel extensions are not loaded - EHCI: Addressed an issue with handling short packets (bug #20726) - Storage: Fixed a potential hang during disk I/O when the host I/O cache is disabled (bug #20875) - NVMe: Fixed loading saved state when nothing is attached to it (bug #20791) - DevPcBios: Addressed an issue which resulted in rejecting the detected LCHS geometry when the head count was above 16 - virtio-scsi: Improvements - E1000: Improve descriptor handling - VBoxManage: Fixed handling of command line arguments with incomplete quotes (bug #20740) - VBoxManage: Improved 'natnetwork list' output - VBoxManage: NATNetwork: Provide an option (--ipv6-prefix) to set IPv6 prefix - VBoxManage: NATNetwork: Provide an option (--ipv6-default) to advertise default IPv6 route (bug #20714) - VBoxManage: Fix documentation of "usbdevsource add" (bug #20849) - Networking: General improvements in IPv4 and IPv6 area (bug #20714) - OVF Import: Allow users to specify a different storage controller and/or controller port for hard disks when importing a VM - Unattended install: Improvements - Shared Clipboard: Improved HTML clipboard handling for Windows host - Linux host and guest: Introduced initial support for kernel 5.17 - Solaris package: Fixes for API access from Python - Solaris IPS package: Suppress dependency on libpython2.7.so.* - Linux host and guest: Fixes for Linux kernel 5.14 - Linux Guest Additions: Fixed guest screen resize for older guests which are running libXrandr older than version 1.4 - Linux Guest Additions: Introduced initial support for RHEL 8.6 kernels (bug #20877) - Windows guest: Make driver install smarter - Solaris guest: Addressed an issue which prevented VBox GAs 6.1.30 or 6.1.32 from being removed in Solaris 10 guests (bug #20780) - EFI: Fixed booting from FreeBSD ISO images (bug #19910) - Fixes CVE-2022-21465 (boo#1198676), CVE-2022-21471 (boo#1198677), CVE-2022-21491 (boo#1198680), CVE-2022-21487 (boo#1198678), and CVE-2022-21488 (boo#1198679). - package virtualbox-websrv needs sysvinit-tools (boo#1198703) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-2022-10067=1 Package List: - openSUSE Leap 15.4 (noarch): virtualbox-guest-desktop-icons-6.1.36-lp154.2.7.1 virtualbox-guest-source-6.1.36-lp154.2.7.1 virtualbox-host-source-6.1.36-lp154.2.7.1 - openSUSE Leap 15.4 (x86_64): python3-virtualbox-6.1.36-lp154.2.7.1 python3-virtualbox-debuginfo-6.1.36-lp154.2.7.1 virtualbox-6.1.36-lp154.2.7.1 virtualbox-debuginfo-6.1.36-lp154.2.7.1 virtualbox-debugsource-6.1.36-lp154.2.7.1 virtualbox-devel-6.1.36-lp154.2.7.1 virtualbox-guest-tools-6.1.36-lp154.2.7.1 virtualbox-guest-tools-debuginfo-6.1.36-lp154.2.7.1 virtualbox-guest-x11-6.1.36-lp154.2.7.1 virtualbox-guest-x11-debuginfo-6.1.36-lp154.2.7.1 virtualbox-kmp-debugsource-6.1.36-lp154.2.7.1 virtualbox-kmp-default-6.1.36_k5.14.21_150400.24.11-lp154.2.7.1 virtualbox-kmp-default-debuginfo-6.1.36_k5.14.21_150400.24.11-lp154.2.7.1 virtualbox-qt-6.1.36-lp154.2.7.1 virtualbox-qt-debuginfo-6.1.36-lp154.2.7.1 virtualbox-vnc-6.1.36-lp154.2.7.1 virtualbox-websrv-6.1.36-lp154.2.7.1 virtualbox-websrv-debuginfo-6.1.36-lp154.2.7.1 References: https://www.suse.com/security/cve/CVE-2022-21465.html https://www.suse.com/security/cve/CVE-2022-21471.html https://www.suse.com/security/cve/CVE-2022-21487.html https://www.suse.com/security/cve/CVE-2022-21488.html https://www.suse.com/security/cve/CVE-2022-21491.html https://www.suse.com/security/cve/CVE-2022-21554.html https://www.suse.com/security/cve/CVE-2022-21571.html https://bugzilla.suse.com/1198676 https://bugzilla.suse.com/1198677 https://bugzilla.suse.com/1198678 https://bugzilla.suse.com/1198679 https://bugzilla.suse.com/1198680 https://bugzilla.suse.com/1198703 https://bugzilla.suse.com/1199803 https://bugzilla.suse.com/1201720

1 0

SUSE-SU-2022:2551-1: important: Security update for nodejs16
by opensuse-security＠opensuse.org 26 Jul '22

26 Jul '22

SUSE Security Update: Security update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2551-1 Rating: important References: #1192489 #1201325 #1201326 #1201327 #1201328 Cross-References: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVSS scores: CVE-2022-32212 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). The following non-security bug was fixed: - Add buildtime version check to determine if we need patched openssl Requires: or already in upstream. (bsc#1192489) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2551=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-2551=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs16-16.16.0-150300.7.6.2 nodejs16-debuginfo-16.16.0-150300.7.6.2 nodejs16-debugsource-16.16.0-150300.7.6.2 nodejs16-devel-16.16.0-150300.7.6.2 npm16-16.16.0-150300.7.6.2 - openSUSE Leap 15.3 (noarch): nodejs16-docs-16.16.0-150300.7.6.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs16-16.16.0-150300.7.6.2 nodejs16-debuginfo-16.16.0-150300.7.6.2 nodejs16-debugsource-16.16.0-150300.7.6.2 nodejs16-devel-16.16.0-150300.7.6.2 npm16-16.16.0-150300.7.6.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs16-docs-16.16.0-150300.7.6.2 References: https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://bugzilla.suse.com/1192489 https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328

1 0

SUSE-SU-2022:2549-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 26 Jul '22

26 Jul '22

SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2549-1 Rating: important References: #1065729 #1179195 #1180814 #1184924 #1185762 #1192761 #1193629 #1194013 #1195504 #1195775 #1196901 #1197362 #1197754 #1198020 #1198924 #1199482 #1199487 #1199489 #1199657 #1200217 #1200263 #1200343 #1200442 #1200571 #1200599 #1200600 #1200604 #1200605 #1200608 #1200619 #1200622 #1200692 #1200806 #1200807 #1200809 #1200810 #1200813 #1200816 #1200820 #1200821 #1200822 #1200825 #1200828 #1200829 #1200925 #1201050 #1201080 #1201143 #1201147 #1201149 #1201160 #1201171 #1201177 #1201193 #1201222 #1201644 #1201664 #1201672 #1201673 #1201676 Cross-References: CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-29900 CVE-2022-29901 CVE-2022-33981 CVE-2022-34918 CVSS scores: CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 49 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert "block: Fix a lockdep complaint triggered by request queue flushing" (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2549=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2549=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2549=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2549=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2549=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2549=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2549=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2549=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2549=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2549=1 Package List: - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.87.1 dtb-zte-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.87.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.87.1 dlm-kmp-default-5.3.18-150300.59.87.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.87.1 gfs2-kmp-default-5.3.18-150300.59.87.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-5.3.18-150300.59.87.1 kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2 kernel-default-base-rebuild-5.3.18-150300.59.87.1.150300.18.50.2 kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 kernel-default-devel-5.3.18-150300.59.87.1 kernel-default-devel-debuginfo-5.3.18-150300.59.87.1 kernel-default-extra-5.3.18-150300.59.87.1 kernel-default-extra-debuginfo-5.3.18-150300.59.87.1 kernel-default-livepatch-5.3.18-150300.59.87.1 kernel-default-livepatch-devel-5.3.18-150300.59.87.1 kernel-default-optional-5.3.18-150300.59.87.1 kernel-default-optional-debuginfo-5.3.18-150300.59.87.1 kernel-obs-build-5.3.18-150300.59.87.1 kernel-obs-build-debugsource-5.3.18-150300.59.87.1 kernel-obs-qa-5.3.18-150300.59.87.1 kernel-syms-5.3.18-150300.59.87.1 kselftests-kmp-default-5.3.18-150300.59.87.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.87.1 ocfs2-kmp-default-5.3.18-150300.59.87.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1 reiserfs-kmp-default-5.3.18-150300.59.87.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.87.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 dlm-kmp-preempt-5.3.18-150300.59.87.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 gfs2-kmp-preempt-5.3.18-150300.59.87.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-5.3.18-150300.59.87.1 kernel-preempt-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-debugsource-5.3.18-150300.59.87.1 kernel-preempt-devel-5.3.18-150300.59.87.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-extra-5.3.18-150300.59.87.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.87.1 kernel-preempt-optional-5.3.18-150300.59.87.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.87.1 kselftests-kmp-preempt-5.3.18-150300.59.87.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 ocfs2-kmp-preempt-5.3.18-150300.59.87.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 reiserfs-kmp-preempt-5.3.18-150300.59.87.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.87.1 kernel-debug-debuginfo-5.3.18-150300.59.87.1 kernel-debug-debugsource-5.3.18-150300.59.87.1 kernel-debug-devel-5.3.18-150300.59.87.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.87.1 kernel-debug-livepatch-devel-5.3.18-150300.59.87.1 kernel-kvmsmall-5.3.18-150300.59.87.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.87.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.87.1 kernel-kvmsmall-devel-5.3.18-150300.59.87.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.87.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.87.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 dlm-kmp-64kb-5.3.18-150300.59.87.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 dtb-al-5.3.18-150300.59.87.1 dtb-allwinner-5.3.18-150300.59.87.1 dtb-altera-5.3.18-150300.59.87.1 dtb-amd-5.3.18-150300.59.87.1 dtb-amlogic-5.3.18-150300.59.87.1 dtb-apm-5.3.18-150300.59.87.1 dtb-arm-5.3.18-150300.59.87.1 dtb-broadcom-5.3.18-150300.59.87.1 dtb-cavium-5.3.18-150300.59.87.1 dtb-exynos-5.3.18-150300.59.87.1 dtb-freescale-5.3.18-150300.59.87.1 dtb-hisilicon-5.3.18-150300.59.87.1 dtb-lg-5.3.18-150300.59.87.1 dtb-marvell-5.3.18-150300.59.87.1 dtb-mediatek-5.3.18-150300.59.87.1 dtb-nvidia-5.3.18-150300.59.87.1 dtb-qcom-5.3.18-150300.59.87.1 dtb-renesas-5.3.18-150300.59.87.1 dtb-rockchip-5.3.18-150300.59.87.1 dtb-socionext-5.3.18-150300.59.87.1 dtb-sprd-5.3.18-150300.59.87.1 dtb-xilinx-5.3.18-150300.59.87.1 dtb-zte-5.3.18-150300.59.87.1 gfs2-kmp-64kb-5.3.18-150300.59.87.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 kernel-64kb-5.3.18-150300.59.87.1 kernel-64kb-debuginfo-5.3.18-150300.59.87.1 kernel-64kb-debugsource-5.3.18-150300.59.87.1 kernel-64kb-devel-5.3.18-150300.59.87.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.87.1 kernel-64kb-extra-5.3.18-150300.59.87.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.87.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.87.1 kernel-64kb-optional-5.3.18-150300.59.87.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.87.1 kselftests-kmp-64kb-5.3.18-150300.59.87.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 ocfs2-kmp-64kb-5.3.18-150300.59.87.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 reiserfs-kmp-64kb-5.3.18-150300.59.87.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.87.1 kernel-docs-5.3.18-150300.59.87.1 kernel-docs-html-5.3.18-150300.59.87.1 kernel-macros-5.3.18-150300.59.87.1 kernel-source-5.3.18-150300.59.87.1 kernel-source-vanilla-5.3.18-150300.59.87.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.87.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.87.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 kernel-default-extra-5.3.18-150300.59.87.1 kernel-default-extra-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-debugsource-5.3.18-150300.59.87.1 kernel-preempt-extra-5.3.18-150300.59.87.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 kernel-default-livepatch-5.3.18-150300.59.87.1 kernel-default-livepatch-devel-5.3.18-150300.59.87.1 kernel-livepatch-5_3_18-150300_59_87-default-1-150300.7.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 reiserfs-kmp-default-5.3.18-150300.59.87.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.87.1 kernel-obs-build-debugsource-5.3.18-150300.59.87.1 kernel-syms-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-debugsource-5.3.18-150300.59.87.1 kernel-preempt-devel-5.3.18-150300.59.87.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.87.1 kernel-source-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.87.1 kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2 kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 kernel-default-devel-5.3.18-150300.59.87.1 kernel-default-devel-debuginfo-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.87.1 kernel-preempt-debuginfo-5.3.18-150300.59.87.1 kernel-preempt-debugsource-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.87.1 kernel-64kb-debuginfo-5.3.18-150300.59.87.1 kernel-64kb-debugsource-5.3.18-150300.59.87.1 kernel-64kb-devel-5.3.18-150300.59.87.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.87.1 kernel-macros-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.87.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.87.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.87.1 kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2 kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.87.1 kernel-default-base-5.3.18-150300.59.87.1.150300.18.50.2 kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.87.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.87.1 dlm-kmp-default-5.3.18-150300.59.87.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.87.1 gfs2-kmp-default-5.3.18-150300.59.87.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debuginfo-5.3.18-150300.59.87.1 kernel-default-debugsource-5.3.18-150300.59.87.1 ocfs2-kmp-default-5.3.18-150300.59.87.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.87.1 References: https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1012.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1179195 https://bugzilla.suse.com/1180814 https://bugzilla.suse.com/1184924 https://bugzilla.suse.com/1185762 https://bugzilla.suse.com/1192761 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1195504 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1197362 https://bugzilla.suse.com/1197754 https://bugzilla.suse.com/1198020 https://bugzilla.suse.com/1198924 https://bugzilla.suse.com/1199482 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199489 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200217 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200343 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200600 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200806 https://bugzilla.suse.com/1200807 https://bugzilla.suse.com/1200809 https://bugzilla.suse.com/1200810 https://bugzilla.suse.com/1200813 https://bugzilla.suse.com/1200816 https://bugzilla.suse.com/1200820 https://bugzilla.suse.com/1200821 https://bugzilla.suse.com/1200822 https://bugzilla.suse.com/1200825 https://bugzilla.suse.com/1200828 https://bugzilla.suse.com/1200829 https://bugzilla.suse.com/1200925 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201143 https://bugzilla.suse.com/1201147 https://bugzilla.suse.com/1201149 https://bugzilla.suse.com/1201160 https://bugzilla.suse.com/1201171 https://bugzilla.suse.com/1201177 https://bugzilla.suse.com/1201193 https://bugzilla.suse.com/1201222 https://bugzilla.suse.com/1201644 https://bugzilla.suse.com/1201664 https://bugzilla.suse.com/1201672 https://bugzilla.suse.com/1201673 https://bugzilla.suse.com/1201676

1 0

SUSE-SU-2022:2550-1: important: Security update for git
by opensuse-security＠opensuse.org 26 Jul '22

26 Jul '22

SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2550-1 Rating: important References: #1201431 Cross-References: CVE-2022-29187 CVSS scores: CVE-2022-29187 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29187 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2550=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2550=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2550=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2550=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2550=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2550=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.15.1 git-arch-2.35.3-150300.10.15.1 git-core-2.35.3-150300.10.15.1 git-core-debuginfo-2.35.3-150300.10.15.1 git-credential-gnome-keyring-2.35.3-150300.10.15.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.15.1 git-credential-libsecret-2.35.3-150300.10.15.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.15.1 git-cvs-2.35.3-150300.10.15.1 git-daemon-2.35.3-150300.10.15.1 git-daemon-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 git-email-2.35.3-150300.10.15.1 git-gui-2.35.3-150300.10.15.1 git-p4-2.35.3-150300.10.15.1 git-svn-2.35.3-150300.10.15.1 git-web-2.35.3-150300.10.15.1 gitk-2.35.3-150300.10.15.1 perl-Git-2.35.3-150300.10.15.1 - openSUSE Leap 15.4 (noarch): git-doc-2.35.3-150300.10.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.15.1 git-arch-2.35.3-150300.10.15.1 git-core-2.35.3-150300.10.15.1 git-core-debuginfo-2.35.3-150300.10.15.1 git-credential-gnome-keyring-2.35.3-150300.10.15.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.15.1 git-credential-libsecret-2.35.3-150300.10.15.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.15.1 git-cvs-2.35.3-150300.10.15.1 git-daemon-2.35.3-150300.10.15.1 git-daemon-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 git-email-2.35.3-150300.10.15.1 git-gui-2.35.3-150300.10.15.1 git-p4-2.35.3-150300.10.15.1 git-svn-2.35.3-150300.10.15.1 git-web-2.35.3-150300.10.15.1 gitk-2.35.3-150300.10.15.1 perl-Git-2.35.3-150300.10.15.1 - openSUSE Leap 15.3 (noarch): git-doc-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.15.1 git-arch-2.35.3-150300.10.15.1 git-cvs-2.35.3-150300.10.15.1 git-daemon-2.35.3-150300.10.15.1 git-daemon-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 git-email-2.35.3-150300.10.15.1 git-gui-2.35.3-150300.10.15.1 git-svn-2.35.3-150300.10.15.1 git-web-2.35.3-150300.10.15.1 gitk-2.35.3-150300.10.15.1 perl-Git-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): git-doc-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.15.1 git-arch-2.35.3-150300.10.15.1 git-cvs-2.35.3-150300.10.15.1 git-daemon-2.35.3-150300.10.15.1 git-daemon-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 git-email-2.35.3-150300.10.15.1 git-gui-2.35.3-150300.10.15.1 git-svn-2.35.3-150300.10.15.1 git-web-2.35.3-150300.10.15.1 gitk-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): git-doc-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.15.1 git-core-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.15.1 git-core-debuginfo-2.35.3-150300.10.15.1 git-debuginfo-2.35.3-150300.10.15.1 git-debugsource-2.35.3-150300.10.15.1 perl-Git-2.35.3-150300.10.15.1 References: https://www.suse.com/security/cve/CVE-2022-29187.html https://bugzilla.suse.com/1201431

1 0

SUSE-SU-2022:2553-1: important: Security update for squid
by opensuse-security＠opensuse.org 26 Jul '22

26 Jul '22

SUSE Security Update: Security update for squid ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2553-1 Rating: important References: #1185923 #1186654 #1200907 Cross-References: CVE-2021-33620 CVE-2021-46784 CVSS scores: CVE-2021-33620 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33620 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46784 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. (bsc#1200907) - CVE-2021-33620: Fixed DoS in HTTP Response processing (bsc#1185923, bsc#1186654) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2553=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2553=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2553=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2553=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2553=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2553=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2553=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2553=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2553=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2553=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2553=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2553=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2553=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2553=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2553=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2553=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Manager Proxy 4.1 (x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 - SUSE CaaS Platform 4.0 (x86_64): squid-4.17-150000.5.32.1 squid-debuginfo-4.17-150000.5.32.1 squid-debugsource-4.17-150000.5.32.1 References: https://www.suse.com/security/cve/CVE-2021-33620.html https://www.suse.com/security/cve/CVE-2021-46784.html https://bugzilla.suse.com/1185923 https://bugzilla.suse.com/1186654 https://bugzilla.suse.com/1200907

1 0

SUSE-SU-2022:2552-1: important: Security update for libxml2
by opensuse-security＠opensuse.org 26 Jul '22

26 Jul '22

SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2552-1 Rating: important References: #1196490 #1199132 Cross-References: CVE-2022-23308 CVE-2022-29824 CVSS scores: CVE-2022-23308 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23308 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2022-29824 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-29824 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2552=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2552=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.14-150400.5.7.1 libxml2-2-debuginfo-2.9.14-150400.5.7.1 libxml2-debugsource-2.9.14-150400.5.7.1 libxml2-devel-2.9.14-150400.5.7.1 libxml2-tools-2.9.14-150400.5.7.1 libxml2-tools-debuginfo-2.9.14-150400.5.7.1 python3-libxml2-2.9.14-150400.5.7.1 python3-libxml2-debuginfo-2.9.14-150400.5.7.1 - openSUSE Leap 15.4 (x86_64): libxml2-2-32bit-2.9.14-150400.5.7.1 libxml2-2-32bit-debuginfo-2.9.14-150400.5.7.1 libxml2-devel-32bit-2.9.14-150400.5.7.1 - openSUSE Leap 15.4 (noarch): libxml2-doc-2.9.14-150400.5.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.14-150400.5.7.1 libxml2-2-debuginfo-2.9.14-150400.5.7.1 libxml2-debugsource-2.9.14-150400.5.7.1 libxml2-devel-2.9.14-150400.5.7.1 libxml2-tools-2.9.14-150400.5.7.1 libxml2-tools-debuginfo-2.9.14-150400.5.7.1 python3-libxml2-2.9.14-150400.5.7.1 python3-libxml2-debuginfo-2.9.14-150400.5.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libxml2-2-32bit-2.9.14-150400.5.7.1 libxml2-2-32bit-debuginfo-2.9.14-150400.5.7.1 References: https://www.suse.com/security/cve/CVE-2022-23308.html https://www.suse.com/security/cve/CVE-2022-29824.html https://bugzilla.suse.com/1196490 https://bugzilla.suse.com/1199132

1 0

openSUSE-SU-2022:10065-1: critical: Security update for phpPgAdmin
by opensuse-security＠opensuse.org 26 Jul '22

26 Jul '22

openSUSE Security Update: Security update for phpPgAdmin ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10065-1 Rating: critical References: #1162794 Cross-References: CVE-2019-10784 CVSS scores: CVE-2019-10784 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2019-10784 (SUSE): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for phpPgAdmin fixes the following issues: - CVE-2019-10784: Fixed improper source validation that could lead to CSRF (boo#1162794) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10065=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10065=1 Package List: - openSUSE Backports SLE-15-SP4 (noarch): phpPgAdmin-7.13.0-bp154.2.3.1 phpPgAdmin-apache-7.13.0-bp154.2.3.1 - openSUSE Backports SLE-15-SP3 (noarch): phpPgAdmin-7.13.0-bp153.2.6.1 phpPgAdmin-apache-7.13.0-bp153.2.6.1 References: https://www.suse.com/security/cve/CVE-2019-10784.html https://bugzilla.suse.com/1162794

1 0

SUSE-SU-2022:2547-1: important: Security update for logrotate
by opensuse-security＠opensuse.org 25 Jul '22

25 Jul '22

SUSE Security Update: Security update for logrotate ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2547-1 Rating: important References: #1192449 #1200278 #1200802 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed "logrotate emits unintended warning: keyword size not properly separated, found 0x3d" (bsc#1200278, bsc#1200802). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2547=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2547=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2547=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2547=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2547=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2547=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2547=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2547=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2547=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2547=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2547=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2547=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2547=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2547=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2547=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2547=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2547=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2547=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Manager Proxy 4.1 (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 - SUSE CaaS Platform 4.0 (x86_64): logrotate-3.13.0-150000.4.7.1 logrotate-debuginfo-3.13.0-150000.4.7.1 logrotate-debugsource-3.13.0-150000.4.7.1 References: https://bugzilla.suse.com/1192449 https://bugzilla.suse.com/1200278 https://bugzilla.suse.com/1200802

1 0

SUSE-SU-2022:2546-1: important: Security update for gpg2
by opensuse-security＠opensuse.org 25 Jul '22

25 Jul '22

SUSE Security Update: Security update for gpg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2546-1 Rating: important References: #1196125 #1201225 Cross-References: CVE-2022-34903 CVSS scores: CVE-2022-34903 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N CVE-2022-34903 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2546=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2546=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2546=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2546=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2546=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2546=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dirmngr-2.2.27-150300.3.5.1 dirmngr-debuginfo-2.2.27-150300.3.5.1 gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 - openSUSE Leap 15.4 (noarch): gpg2-lang-2.2.27-150300.3.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dirmngr-2.2.27-150300.3.5.1 dirmngr-debuginfo-2.2.27-150300.3.5.1 gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 - openSUSE Leap 15.3 (noarch): gpg2-lang-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): dirmngr-2.2.27-150300.3.5.1 dirmngr-debuginfo-2.2.27-150300.3.5.1 gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): gpg2-lang-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dirmngr-2.2.27-150300.3.5.1 dirmngr-debuginfo-2.2.27-150300.3.5.1 gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): gpg2-lang-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): gpg2-2.2.27-150300.3.5.1 gpg2-debuginfo-2.2.27-150300.3.5.1 gpg2-debugsource-2.2.27-150300.3.5.1 References: https://www.suse.com/security/cve/CVE-2022-34903.html https://bugzilla.suse.com/1196125 https://bugzilla.suse.com/1201225

1 0

SUSE-SU-2022:2543-1: important: Security update for s390-tools
by opensuse-security＠opensuse.org 25 Jul '22

25 Jul '22

SUSE Security Update: Security update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2543-1 Rating: important References: #1198581 #1199649 #1200131 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of s390-tools fixes the following issues: - Fixed KMIP plugin failing to connection to KMIP server. When a zkey key repository is bound to the KMIP plugin, and the connection to the KMIP server is to be configired using command 'zkey kms configure --kmip-server <server>', it fails to connect to the specified KMIP server. (bsc#1199649) - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2543=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2543=1 Package List: - openSUSE Leap 15.4 (s390x): libekmfweb1-2.19.0-150400.7.4.1 libekmfweb1-debuginfo-2.19.0-150400.7.4.1 libekmfweb1-devel-2.19.0-150400.7.4.1 libkmipclient1-2.19.0-150400.7.4.1 libkmipclient1-debuginfo-2.19.0-150400.7.4.1 libkmipclient1-devel-2.19.0-150400.7.4.1 osasnmpd-2.19.0-150400.7.4.1 osasnmpd-debuginfo-2.19.0-150400.7.4.1 s390-tools-2.19.0-150400.7.4.1 s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.4.1 s390-tools-debuginfo-2.19.0-150400.7.4.1 s390-tools-debugsource-2.19.0-150400.7.4.1 s390-tools-hmcdrvfs-2.19.0-150400.7.4.1 s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.4.1 s390-tools-zdsfs-2.19.0-150400.7.4.1 s390-tools-zdsfs-debuginfo-2.19.0-150400.7.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): libekmfweb1-2.19.0-150400.7.4.1 libekmfweb1-debuginfo-2.19.0-150400.7.4.1 libekmfweb1-devel-2.19.0-150400.7.4.1 libkmipclient1-2.19.0-150400.7.4.1 libkmipclient1-debuginfo-2.19.0-150400.7.4.1 osasnmpd-2.19.0-150400.7.4.1 osasnmpd-debuginfo-2.19.0-150400.7.4.1 s390-tools-2.19.0-150400.7.4.1 s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.4.1 s390-tools-debuginfo-2.19.0-150400.7.4.1 s390-tools-debugsource-2.19.0-150400.7.4.1 s390-tools-hmcdrvfs-2.19.0-150400.7.4.1 s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.4.1 s390-tools-zdsfs-2.19.0-150400.7.4.1 s390-tools-zdsfs-debuginfo-2.19.0-150400.7.4.1 References: https://bugzilla.suse.com/1198581 https://bugzilla.suse.com/1199649 https://bugzilla.suse.com/1200131

1 0

SUSE-SU-2022:2532-1: important: Security update for python-M2Crypto
by opensuse-security＠opensuse.org 22 Jul '22

22 Jul '22

SUSE Security Update: Security update for python-M2Crypto ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2532-1 Rating: important References: #1178829 Cross-References: CVE-2020-25657 CVSS scores: CVE-2020-25657 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25657 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2532=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2532=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debugsource-0.38.0-150400.3.3.1 python3-M2Crypto-0.38.0-150400.3.3.1 python3-M2Crypto-debuginfo-0.38.0-150400.3.3.1 - openSUSE Leap 15.4 (noarch): python-M2Crypto-doc-0.38.0-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debugsource-0.38.0-150400.3.3.1 python3-M2Crypto-0.38.0-150400.3.3.1 python3-M2Crypto-debuginfo-0.38.0-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-25657.html https://bugzilla.suse.com/1178829

1 0

SUSE-SU-2022:2533-1: important: Security update for mozilla-nss
by opensuse-security＠opensuse.org 22 Jul '22

22 Jul '22

SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2533-1 Rating: important References: #1192079 #1192080 #1192086 #1192087 #1192228 #1198486 #1200027 Cross-References: CVE-2022-31741 CVSS scores: CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2533=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2533=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2533=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2533=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2533=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2533=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2533=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2533=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2533=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2533=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2533=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2533=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2533=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2533=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2533=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2533=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2533=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2533=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2533=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2533=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2533=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 - openSUSE Leap 15.4 (x86_64): mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - openSUSE Leap 15.3 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-sysinit-32bit-3.79-150000.3.74.1 mozilla-nss-sysinit-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Manager Server 4.1 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Manager Proxy 4.1 (x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Enterprise Storage 7 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 - SUSE Enterprise Storage 6 (x86_64): libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 - SUSE CaaS Platform 4.0 (x86_64): libfreebl3-3.79-150000.3.74.1 libfreebl3-32bit-3.79-150000.3.74.1 libfreebl3-32bit-debuginfo-3.79-150000.3.74.1 libfreebl3-debuginfo-3.79-150000.3.74.1 libfreebl3-hmac-3.79-150000.3.74.1 libfreebl3-hmac-32bit-3.79-150000.3.74.1 libsoftokn3-3.79-150000.3.74.1 libsoftokn3-32bit-3.79-150000.3.74.1 libsoftokn3-32bit-debuginfo-3.79-150000.3.74.1 libsoftokn3-debuginfo-3.79-150000.3.74.1 libsoftokn3-hmac-3.79-150000.3.74.1 libsoftokn3-hmac-32bit-3.79-150000.3.74.1 mozilla-nspr-32bit-4.34-150000.3.23.1 mozilla-nspr-32bit-debuginfo-4.34-150000.3.23.1 mozilla-nspr-4.34-150000.3.23.1 mozilla-nspr-debuginfo-4.34-150000.3.23.1 mozilla-nspr-debugsource-4.34-150000.3.23.1 mozilla-nspr-devel-4.34-150000.3.23.1 mozilla-nss-3.79-150000.3.74.1 mozilla-nss-32bit-3.79-150000.3.74.1 mozilla-nss-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-3.79-150000.3.74.1 mozilla-nss-certs-32bit-3.79-150000.3.74.1 mozilla-nss-certs-32bit-debuginfo-3.79-150000.3.74.1 mozilla-nss-certs-debuginfo-3.79-150000.3.74.1 mozilla-nss-debuginfo-3.79-150000.3.74.1 mozilla-nss-debugsource-3.79-150000.3.74.1 mozilla-nss-devel-3.79-150000.3.74.1 mozilla-nss-sysinit-3.79-150000.3.74.1 mozilla-nss-sysinit-debuginfo-3.79-150000.3.74.1 mozilla-nss-tools-3.79-150000.3.74.1 mozilla-nss-tools-debuginfo-3.79-150000.3.74.1 References: https://www.suse.com/security/cve/CVE-2022-31741.html https://bugzilla.suse.com/1192079 https://bugzilla.suse.com/1192080 https://bugzilla.suse.com/1192086 https://bugzilla.suse.com/1192087 https://bugzilla.suse.com/1192228 https://bugzilla.suse.com/1198486 https://bugzilla.suse.com/1200027

1 0

SUSE-SU-2022:2530-1: important: Security update for java-1_8_0-openjdk
by opensuse-security＠opensuse.org 22 Jul '22

22 Jul '22

SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2530-1 Rating: important References: #1198671 #1198672 #1198673 #1198674 #1198675 Cross-References: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVSS scores: CVE-2022-21426 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21434 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21434 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21443 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21443 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21476 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21476 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21496 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21496 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u332 - April 2022 CPU (icedtea-3.23.0) - CVE-2022-21426: Better XPath expression handling (bsc#1198672) - CVE-2022-21443: Improved Object Identification (bsc#1198675) - CVE-2022-21434: Better invocation handler handling (bsc#1198674) - CVE-2022-21476: Improve Santuario processing (bsc#1198671) - CVE-2022-21496: Improve URL supports (bsc#1198673) And further Security fixes, Import of OpenJDK 8 u332, Backports and Bug fixes. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2530=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2530=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2530=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2530=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2530=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2530=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2530=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2530=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2530=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2530=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2530=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2530=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2530=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2530=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2530=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2530=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-accessibility-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-src-1.8.0.332-150000.3.67.1 - openSUSE Leap 15.4 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.332-150000.3.67.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-accessibility-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-src-1.8.0.332-150000.3.67.1 - openSUSE Leap 15.3 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.332-150000.3.67.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-openjdk-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-debugsource-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-1.8.0.332-150000.3.67.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.332-150000.3.67.1 References: https://www.suse.com/security/cve/CVE-2022-21426.html https://www.suse.com/security/cve/CVE-2022-21434.html https://www.suse.com/security/cve/CVE-2022-21443.html https://www.suse.com/security/cve/CVE-2022-21476.html https://www.suse.com/security/cve/CVE-2022-21496.html https://bugzilla.suse.com/1198671 https://bugzilla.suse.com/1198672 https://bugzilla.suse.com/1198673 https://bugzilla.suse.com/1198674 https://bugzilla.suse.com/1198675

1 0

SUSE-SU-2022:2535-1: important: Security update for git
by opensuse-security＠opensuse.org 22 Jul '22

22 Jul '22

SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2535-1 Rating: important References: #1200119 #1201431 Cross-References: CVE-2022-29187 CVSS scores: CVE-2022-29187 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29187 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). - Allow to opt-out from the check added in the security fix for CVE-2022-24765 (bsc#1200119) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2535=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2535=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2535=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2535=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2535=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2535=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2535=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2535=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2535=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2535=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2535=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2535=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2535=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2535=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2535=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2535=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-svn-debuginfo-2.26.2-150000.41.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): git-svn-debuginfo-2.26.2-150000.41.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Manager Server 4.1 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Manager Retail Branch Server 4.1 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Manager Proxy 4.1 (x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Manager Proxy 4.1 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): git-doc-2.26.2-150000.41.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Enterprise Storage 7 (noarch): git-doc-2.26.2-150000.41.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE Enterprise Storage 6 (noarch): git-doc-2.26.2-150000.41.1 - SUSE CaaS Platform 4.0 (x86_64): git-2.26.2-150000.41.1 git-arch-2.26.2-150000.41.1 git-core-2.26.2-150000.41.1 git-core-debuginfo-2.26.2-150000.41.1 git-cvs-2.26.2-150000.41.1 git-daemon-2.26.2-150000.41.1 git-daemon-debuginfo-2.26.2-150000.41.1 git-debuginfo-2.26.2-150000.41.1 git-debugsource-2.26.2-150000.41.1 git-email-2.26.2-150000.41.1 git-gui-2.26.2-150000.41.1 git-svn-2.26.2-150000.41.1 git-svn-debuginfo-2.26.2-150000.41.1 git-web-2.26.2-150000.41.1 gitk-2.26.2-150000.41.1 - SUSE CaaS Platform 4.0 (noarch): git-doc-2.26.2-150000.41.1 References: https://www.suse.com/security/cve/CVE-2022-29187.html https://bugzilla.suse.com/1200119 https://bugzilla.suse.com/1201431

1 0

SUSE-SU-2022:2523-1: important: Security update for webkit2gtk3
by opensuse-security＠opensuse.org 22 Jul '22

22 Jul '22

SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2523-1 Rating: important References: #1201221 Cross-References: CVE-2022-22662 CVE-2022-22677 CVE-2022-26710 CVSS scores: CVE-2022-22662 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22662 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22677 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-26710 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 (bsc#1201221): - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-26710: Processing maliciously crafted web content may lead to arbitrary code execution. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2523=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2523=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2523=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2523=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_1-0-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_1-0-debuginfo-2.36.4-150400.4.6.2 libjavascriptcoregtk-5_0-0-2.36.4-150400.4.6.2 libjavascriptcoregtk-5_0-0-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-5_0-0-2.36.4-150400.4.6.2 libwebkit2gtk-5_0-0-debuginfo-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-4_1-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-5_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-4_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-4_1-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-5_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2WebExtension-4_1-2.36.4-150400.4.6.2 typelib-1_0-WebKit2WebExtension-5_0-2.36.4-150400.4.6.2 webkit-jsc-4-2.36.4-150400.4.6.2 webkit-jsc-4-debuginfo-2.36.4-150400.4.6.2 webkit-jsc-4.1-2.36.4-150400.4.6.2 webkit-jsc-4.1-debuginfo-2.36.4-150400.4.6.2 webkit-jsc-5.0-2.36.4-150400.4.6.2 webkit-jsc-5.0-debuginfo-2.36.4-150400.4.6.2 webkit2gtk-4_0-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk-4_1-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk-5_0-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk3-debugsource-2.36.4-150400.4.6.2 webkit2gtk3-devel-2.36.4-150400.4.6.2 webkit2gtk3-minibrowser-2.36.4-150400.4.6.2 webkit2gtk3-minibrowser-debuginfo-2.36.4-150400.4.6.2 webkit2gtk3-soup2-debugsource-2.36.4-150400.4.6.2 webkit2gtk3-soup2-devel-2.36.4-150400.4.6.2 webkit2gtk3-soup2-minibrowser-2.36.4-150400.4.6.2 webkit2gtk3-soup2-minibrowser-debuginfo-2.36.4-150400.4.6.2 webkit2gtk4-debugsource-2.36.4-150400.4.6.2 webkit2gtk4-devel-2.36.4-150400.4.6.2 webkit2gtk4-minibrowser-2.36.4-150400.4.6.2 webkit2gtk4-minibrowser-debuginfo-2.36.4-150400.4.6.2 - openSUSE Leap 15.4 (noarch): WebKit2GTK-4.0-lang-2.36.4-150400.4.6.2 WebKit2GTK-4.1-lang-2.36.4-150400.4.6.2 WebKit2GTK-5.0-lang-2.36.4-150400.4.6.2 - openSUSE Leap 15.4 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_1-0-32bit-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-32bit-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-32bit-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-32bit-debuginfo-2.36.4-150400.4.6.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-5_0-0-2.36.4-150400.4.6.2 libjavascriptcoregtk-5_0-0-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-5_0-0-2.36.4-150400.4.6.2 libwebkit2gtk-5_0-0-debuginfo-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-5_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-5_0-2.36.4-150400.4.6.2 webkit2gtk-5_0-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk4-debugsource-2.36.4-150400.4.6.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_1-0-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_1-0-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-2.36.4-150400.4.6.2 libwebkit2gtk-4_1-0-debuginfo-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-4_1-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-4_1-2.36.4-150400.4.6.2 typelib-1_0-WebKit2WebExtension-4_1-2.36.4-150400.4.6.2 webkit2gtk-4_1-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk3-debugsource-2.36.4-150400.4.6.2 webkit2gtk3-devel-2.36.4-150400.4.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.4-150400.4.6.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-2.36.4-150400.4.6.2 libwebkit2gtk-4_0-37-debuginfo-2.36.4-150400.4.6.2 typelib-1_0-JavaScriptCore-4_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2-4_0-2.36.4-150400.4.6.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.4-150400.4.6.2 webkit2gtk-4_0-injected-bundles-2.36.4-150400.4.6.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.4-150400.4.6.2 webkit2gtk3-soup2-debugsource-2.36.4-150400.4.6.2 webkit2gtk3-soup2-devel-2.36.4-150400.4.6.2 References: https://www.suse.com/security/cve/CVE-2022-22662.html https://www.suse.com/security/cve/CVE-2022-22677.html https://www.suse.com/security/cve/CVE-2022-26710.html https://bugzilla.suse.com/1201221

1 0