openSUSE Security Announce
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
July 2022
- 1 participants
- 95 discussions
SUSE-SU-2022:2259-1: moderate: Security update for ImageMagick
by opensuse-security@opensuse.org 04 Jul '22
by opensuse-security@opensuse.org 04 Jul '22
04 Jul '22
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2259-1
Rating: moderate
References: #1153866 #1200387 #1200388 #1200389
Cross-References: CVE-2019-17540 CVE-2022-32545 CVE-2022-32546
CVE-2022-32547
CVSS scores:
CVE-2019-17540 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CVE-2022-32545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32545 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-32546 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32546 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-32547 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32547 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for ImageMagick fixes the following issues:
- CVE-2019-17540: Fixed heap-based buffer overflow in ReadPSInfo in
coders/ps.c. (bsc#1153866)
- CVE-2022-32545: Fixed an outside the range of representable values of
type. (bsc#1200388)
- CVE-2022-32546: Fixed an outside the range of representable values of
type. (bsc#1200389)
- CVE-2022-32547: Fixed a load of misaligned address at
MagickCore/property.c. (bsc#1200387)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2259=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2259=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2259=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2259=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.31.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.31.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.31.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.31.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1
- openSUSE Leap 15.4 (x86_64):
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.31.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.31.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.31.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.31.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.31.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.31.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.31.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.31.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.31.1
ImageMagick-debuginfo-7.0.7.34-150200.10.31.1
ImageMagick-debugsource-7.0.7.34-150200.10.31.1
ImageMagick-devel-7.0.7.34-150200.10.31.1
ImageMagick-extra-7.0.7.34-150200.10.31.1
ImageMagick-extra-debuginfo-7.0.7.34-150200.10.31.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.31.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.31.1
libMagick++-devel-7.0.7.34-150200.10.31.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.31.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.31.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1
perl-PerlMagick-7.0.7.34-150200.10.31.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.31.1
- openSUSE Leap 15.3 (x86_64):
ImageMagick-devel-32bit-7.0.7.34-150200.10.31.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.31.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.31.1
libMagick++-devel-32bit-7.0.7.34-150200.10.31.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.31.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.31.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.31.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.31.1
- openSUSE Leap 15.3 (noarch):
ImageMagick-doc-7.0.7.34-150200.10.31.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
ImageMagick-debuginfo-7.0.7.34-150200.10.31.1
ImageMagick-debugsource-7.0.7.34-150200.10.31.1
perl-PerlMagick-7.0.7.34-150200.10.31.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.31.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.31.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.31.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.31.1
ImageMagick-debuginfo-7.0.7.34-150200.10.31.1
ImageMagick-debugsource-7.0.7.34-150200.10.31.1
ImageMagick-devel-7.0.7.34-150200.10.31.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.31.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.31.1
libMagick++-devel-7.0.7.34-150200.10.31.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.31.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.31.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.31.1
References:
https://www.suse.com/security/cve/CVE-2019-17540.html
https://www.suse.com/security/cve/CVE-2022-32545.html
https://www.suse.com/security/cve/CVE-2022-32546.html
https://www.suse.com/security/cve/CVE-2022-32547.html
https://bugzilla.suse.com/1153866
https://bugzilla.suse.com/1200387
https://bugzilla.suse.com/1200388
https://bugzilla.suse.com/1200389
1
0
SUSE-SU-2022:2254-1: important: Security update for qemu
by opensuse-security@opensuse.org 04 Jul '22
by opensuse-security@opensuse.org 04 Jul '22
04 Jul '22
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2254-1
Rating: important
References: #1197084 #1198035 #1198037 #1198712 #1199018
#1199924
Cross-References: CVE-2021-4206 CVE-2021-4207 CVE-2022-26354
CVSS scores:
CVE-2021-4206 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4206 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4207 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-4207 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-26354 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
CVE-2022-26354 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves three vulnerabilities and has three
fixes is now available.
Description:
This update for qemu fixes the following issues:
- CVE-2022-26354: Fixed missing virtqueue detach on error can lead to
memory leak (bsc#1198712)
- CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap
buffer overflow (bsc#1198037)
- CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap
buffer overflow (bsc#1198035)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2254=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2254=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2254=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2254=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2254=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
qemu-5.2.0-150300.115.2
qemu-arm-5.2.0-150300.115.2
qemu-arm-debuginfo-5.2.0-150300.115.2
qemu-audio-alsa-5.2.0-150300.115.2
qemu-audio-alsa-debuginfo-5.2.0-150300.115.2
qemu-audio-pa-5.2.0-150300.115.2
qemu-audio-pa-debuginfo-5.2.0-150300.115.2
qemu-audio-spice-5.2.0-150300.115.2
qemu-audio-spice-debuginfo-5.2.0-150300.115.2
qemu-block-curl-5.2.0-150300.115.2
qemu-block-curl-debuginfo-5.2.0-150300.115.2
qemu-block-dmg-5.2.0-150300.115.2
qemu-block-dmg-debuginfo-5.2.0-150300.115.2
qemu-block-gluster-5.2.0-150300.115.2
qemu-block-gluster-debuginfo-5.2.0-150300.115.2
qemu-block-iscsi-5.2.0-150300.115.2
qemu-block-iscsi-debuginfo-5.2.0-150300.115.2
qemu-block-nfs-5.2.0-150300.115.2
qemu-block-nfs-debuginfo-5.2.0-150300.115.2
qemu-block-rbd-5.2.0-150300.115.2
qemu-block-rbd-debuginfo-5.2.0-150300.115.2
qemu-block-ssh-5.2.0-150300.115.2
qemu-block-ssh-debuginfo-5.2.0-150300.115.2
qemu-chardev-baum-5.2.0-150300.115.2
qemu-chardev-baum-debuginfo-5.2.0-150300.115.2
qemu-chardev-spice-5.2.0-150300.115.2
qemu-chardev-spice-debuginfo-5.2.0-150300.115.2
qemu-debuginfo-5.2.0-150300.115.2
qemu-debugsource-5.2.0-150300.115.2
qemu-extra-5.2.0-150300.115.2
qemu-extra-debuginfo-5.2.0-150300.115.2
qemu-guest-agent-5.2.0-150300.115.2
qemu-guest-agent-debuginfo-5.2.0-150300.115.2
qemu-hw-display-qxl-5.2.0-150300.115.2
qemu-hw-display-qxl-debuginfo-5.2.0-150300.115.2
qemu-hw-display-virtio-gpu-5.2.0-150300.115.2
qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.115.2
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.115.2
qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.115.2
qemu-hw-display-virtio-vga-5.2.0-150300.115.2
qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.115.2
qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.115.2
qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.115.2
qemu-hw-usb-redirect-5.2.0-150300.115.2
qemu-hw-usb-redirect-debuginfo-5.2.0-150300.115.2
qemu-hw-usb-smartcard-5.2.0-150300.115.2
qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.115.2
qemu-ivshmem-tools-5.2.0-150300.115.2
qemu-ivshmem-tools-debuginfo-5.2.0-150300.115.2
qemu-ksm-5.2.0-150300.115.2
qemu-lang-5.2.0-150300.115.2
qemu-linux-user-5.2.0-150300.115.2
qemu-linux-user-debuginfo-5.2.0-150300.115.2
qemu-linux-user-debugsource-5.2.0-150300.115.2
qemu-ppc-5.2.0-150300.115.2
qemu-ppc-debuginfo-5.2.0-150300.115.2
qemu-s390x-5.2.0-150300.115.2
qemu-s390x-debuginfo-5.2.0-150300.115.2
qemu-testsuite-5.2.0-150300.115.4
qemu-tools-5.2.0-150300.115.2
qemu-tools-debuginfo-5.2.0-150300.115.2
qemu-ui-curses-5.2.0-150300.115.2
qemu-ui-curses-debuginfo-5.2.0-150300.115.2
qemu-ui-gtk-5.2.0-150300.115.2
qemu-ui-gtk-debuginfo-5.2.0-150300.115.2
qemu-ui-opengl-5.2.0-150300.115.2
qemu-ui-opengl-debuginfo-5.2.0-150300.115.2
qemu-ui-spice-app-5.2.0-150300.115.2
qemu-ui-spice-app-debuginfo-5.2.0-150300.115.2
qemu-ui-spice-core-5.2.0-150300.115.2
qemu-ui-spice-core-debuginfo-5.2.0-150300.115.2
qemu-vhost-user-gpu-5.2.0-150300.115.2
qemu-vhost-user-gpu-debuginfo-5.2.0-150300.115.2
qemu-x86-5.2.0-150300.115.2
qemu-x86-debuginfo-5.2.0-150300.115.2
- openSUSE Leap 15.3 (s390x x86_64):
qemu-kvm-5.2.0-150300.115.2
- openSUSE Leap 15.3 (noarch):
qemu-SLOF-5.2.0-150300.115.2
qemu-ipxe-1.0.0+-150300.115.2
qemu-microvm-5.2.0-150300.115.2
qemu-seabios-1.14.0_0_g155821a-150300.115.2
qemu-sgabios-8-150300.115.2
qemu-skiboot-5.2.0-150300.115.2
qemu-vgabios-1.14.0_0_g155821a-150300.115.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
qemu-5.2.0-150300.115.2
qemu-block-curl-5.2.0-150300.115.2
qemu-block-curl-debuginfo-5.2.0-150300.115.2
qemu-block-iscsi-5.2.0-150300.115.2
qemu-block-iscsi-debuginfo-5.2.0-150300.115.2
qemu-block-rbd-5.2.0-150300.115.2
qemu-block-rbd-debuginfo-5.2.0-150300.115.2
qemu-block-ssh-5.2.0-150300.115.2
qemu-block-ssh-debuginfo-5.2.0-150300.115.2
qemu-chardev-baum-5.2.0-150300.115.2
qemu-chardev-baum-debuginfo-5.2.0-150300.115.2
qemu-debuginfo-5.2.0-150300.115.2
qemu-debugsource-5.2.0-150300.115.2
qemu-guest-agent-5.2.0-150300.115.2
qemu-guest-agent-debuginfo-5.2.0-150300.115.2
qemu-ksm-5.2.0-150300.115.2
qemu-lang-5.2.0-150300.115.2
qemu-ui-curses-5.2.0-150300.115.2
qemu-ui-curses-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le x86_64):
qemu-audio-spice-5.2.0-150300.115.2
qemu-audio-spice-debuginfo-5.2.0-150300.115.2
qemu-chardev-spice-5.2.0-150300.115.2
qemu-chardev-spice-debuginfo-5.2.0-150300.115.2
qemu-hw-display-qxl-5.2.0-150300.115.2
qemu-hw-display-qxl-debuginfo-5.2.0-150300.115.2
qemu-hw-display-virtio-vga-5.2.0-150300.115.2
qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.115.2
qemu-hw-usb-redirect-5.2.0-150300.115.2
qemu-hw-usb-redirect-debuginfo-5.2.0-150300.115.2
qemu-ui-gtk-5.2.0-150300.115.2
qemu-ui-gtk-debuginfo-5.2.0-150300.115.2
qemu-ui-opengl-5.2.0-150300.115.2
qemu-ui-opengl-debuginfo-5.2.0-150300.115.2
qemu-ui-spice-app-5.2.0-150300.115.2
qemu-ui-spice-app-debuginfo-5.2.0-150300.115.2
qemu-ui-spice-core-5.2.0-150300.115.2
qemu-ui-spice-core-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x x86_64):
qemu-hw-display-virtio-gpu-5.2.0-150300.115.2
qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.115.2
qemu-hw-display-virtio-gpu-pci-5.2.0-150300.115.2
qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.115.2
qemu-kvm-5.2.0-150300.115.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64):
qemu-arm-5.2.0-150300.115.2
qemu-arm-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le):
qemu-ppc-5.2.0-150300.115.2
qemu-ppc-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64):
qemu-audio-alsa-5.2.0-150300.115.2
qemu-audio-alsa-debuginfo-5.2.0-150300.115.2
qemu-audio-pa-5.2.0-150300.115.2
qemu-audio-pa-debuginfo-5.2.0-150300.115.2
qemu-x86-5.2.0-150300.115.2
qemu-x86-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
qemu-SLOF-5.2.0-150300.115.2
qemu-ipxe-1.0.0+-150300.115.2
qemu-seabios-1.14.0_0_g155821a-150300.115.2
qemu-sgabios-8-150300.115.2
qemu-skiboot-5.2.0-150300.115.2
qemu-vgabios-1.14.0_0_g155821a-150300.115.2
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (s390x):
qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.115.2
qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.115.2
qemu-s390x-5.2.0-150300.115.2
qemu-s390x-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
qemu-debuginfo-5.2.0-150300.115.2
qemu-debugsource-5.2.0-150300.115.2
qemu-tools-5.2.0-150300.115.2
qemu-tools-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
qemu-5.2.0-150300.115.2
qemu-audio-spice-5.2.0-150300.115.2
qemu-audio-spice-debuginfo-5.2.0-150300.115.2
qemu-chardev-spice-5.2.0-150300.115.2
qemu-chardev-spice-debuginfo-5.2.0-150300.115.2
qemu-debuginfo-5.2.0-150300.115.2
qemu-debugsource-5.2.0-150300.115.2
qemu-guest-agent-5.2.0-150300.115.2
qemu-guest-agent-debuginfo-5.2.0-150300.115.2
qemu-hw-display-qxl-5.2.0-150300.115.2
qemu-hw-display-qxl-debuginfo-5.2.0-150300.115.2
qemu-hw-display-virtio-gpu-5.2.0-150300.115.2
qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.115.2
qemu-hw-display-virtio-vga-5.2.0-150300.115.2
qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.115.2
qemu-hw-usb-redirect-5.2.0-150300.115.2
qemu-hw-usb-redirect-debuginfo-5.2.0-150300.115.2
qemu-tools-5.2.0-150300.115.2
qemu-tools-debuginfo-5.2.0-150300.115.2
qemu-ui-opengl-5.2.0-150300.115.2
qemu-ui-opengl-debuginfo-5.2.0-150300.115.2
qemu-ui-spice-core-5.2.0-150300.115.2
qemu-ui-spice-core-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Micro 5.2 (aarch64):
qemu-arm-5.2.0-150300.115.2
qemu-arm-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Micro 5.2 (noarch):
qemu-ipxe-1.0.0+-150300.115.2
qemu-seabios-1.14.0_0_g155821a-150300.115.2
qemu-sgabios-8-150300.115.2
qemu-vgabios-1.14.0_0_g155821a-150300.115.2
- SUSE Linux Enterprise Micro 5.2 (x86_64):
qemu-x86-5.2.0-150300.115.2
qemu-x86-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Micro 5.2 (s390x):
qemu-s390x-5.2.0-150300.115.2
qemu-s390x-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
qemu-5.2.0-150300.115.2
qemu-debuginfo-5.2.0-150300.115.2
qemu-debugsource-5.2.0-150300.115.2
qemu-tools-5.2.0-150300.115.2
qemu-tools-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Micro 5.1 (aarch64):
qemu-arm-5.2.0-150300.115.2
qemu-arm-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Micro 5.1 (x86_64):
qemu-x86-5.2.0-150300.115.2
qemu-x86-debuginfo-5.2.0-150300.115.2
- SUSE Linux Enterprise Micro 5.1 (noarch):
qemu-ipxe-1.0.0+-150300.115.2
qemu-seabios-1.14.0_0_g155821a-150300.115.2
qemu-sgabios-8-150300.115.2
qemu-vgabios-1.14.0_0_g155821a-150300.115.2
- SUSE Linux Enterprise Micro 5.1 (s390x):
qemu-s390x-5.2.0-150300.115.2
qemu-s390x-debuginfo-5.2.0-150300.115.2
References:
https://www.suse.com/security/cve/CVE-2021-4206.html
https://www.suse.com/security/cve/CVE-2021-4207.html
https://www.suse.com/security/cve/CVE-2022-26354.html
https://bugzilla.suse.com/1197084
https://bugzilla.suse.com/1198035
https://bugzilla.suse.com/1198037
https://bugzilla.suse.com/1198712
https://bugzilla.suse.com/1199018
https://bugzilla.suse.com/1199924
1
0
SUSE-SU-2022:2251-1: moderate: Security update for openssl-1_1
by opensuse-security@opensuse.org 04 Jul '22
by opensuse-security@opensuse.org 04 Jul '22
04 Jul '22
SUSE Security Update: Security update for openssl-1_1
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2251-1
Rating: moderate
References: #1185637 #1199166 #1200550
Cross-References: CVE-2022-1292 CVE-2022-2068
CVSS scores:
CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2068 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash.
(bsc#1200550)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2251=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2251=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2251=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2251=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2251=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2251=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2251=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2251=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2251=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2251=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2251=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2251=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2251=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- openSUSE Leap 15.3 (noarch):
openssl-1_1-doc-1.1.1d-150200.11.48.1
- openSUSE Leap 15.3 (x86_64):
libopenssl-1_1-devel-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Manager Server 4.1 (x86_64):
libopenssl1_1-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Manager Proxy 4.1 (x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libopenssl1_1-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libopenssl1_1-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libopenssl1_1-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libopenssl1_1-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libopenssl1_1-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
- SUSE Enterprise Storage 7 (x86_64):
libopenssl1_1-32bit-1.1.1d-150200.11.48.1
libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-32bit-1.1.1d-150200.11.48.1
References:
https://www.suse.com/security/cve/CVE-2022-1292.html
https://www.suse.com/security/cve/CVE-2022-2068.html
https://bugzilla.suse.com/1185637
https://bugzilla.suse.com/1199166
https://bugzilla.suse.com/1200550
1
0
SUSE-SU-2022:2252-1: important: Security update for liblouis
by opensuse-security@opensuse.org 04 Jul '22
by opensuse-security@opensuse.org 04 Jul '22
04 Jul '22
SUSE Security Update: Security update for liblouis
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2252-1
Rating: important
References: #1130813 #1197085 #1200120
Cross-References: CVE-2022-26981 CVE-2022-31783
CVSS scores:
CVE-2022-26981 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-26981 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
CVE-2022-31783 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-31783 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for liblouis fixes the following issues:
- CVE-2022-26981: fix buffer overrun in compilePassOpcode (bsc#1197085).
- CVE-2022-31783: prevent an invalid memory write in compileRule
(bsc#1200120).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2252=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2252=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2252=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2252=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2252=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2252=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2252=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2252=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2252=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2252=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2252=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2252=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
liblouis-data-3.3.0-150000.4.8.1
liblouis-debuginfo-3.3.0-150000.4.8.1
liblouis-debugsource-3.3.0-150000.4.8.1
liblouis-devel-3.3.0-150000.4.8.1
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
python3-louis-3.3.0-150000.4.8.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
liblouis-data-3.3.0-150000.4.8.1
liblouis-debuginfo-3.3.0-150000.4.8.1
liblouis-debugsource-3.3.0-150000.4.8.1
liblouis-devel-3.3.0-150000.4.8.1
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
python3-louis-3.3.0-150000.4.8.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
liblouis-data-3.3.0-150000.4.8.1
liblouis-debuginfo-3.3.0-150000.4.8.1
liblouis-debugsource-3.3.0-150000.4.8.1
liblouis-devel-3.3.0-150000.4.8.1
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
python3-louis-3.3.0-150000.4.8.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
liblouis-data-3.3.0-150000.4.8.1
liblouis-debuginfo-3.3.0-150000.4.8.1
liblouis-debugsource-3.3.0-150000.4.8.1
liblouis-devel-3.3.0-150000.4.8.1
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
python3-louis-3.3.0-150000.4.8.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
liblouis-data-3.3.0-150000.4.8.1
liblouis-debuginfo-3.3.0-150000.4.8.1
liblouis-debugsource-3.3.0-150000.4.8.1
liblouis-devel-3.3.0-150000.4.8.1
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
python3-louis-3.3.0-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
liblouis-data-3.3.0-150000.4.8.1
liblouis-debuginfo-3.3.0-150000.4.8.1
liblouis-debugsource-3.3.0-150000.4.8.1
liblouis-devel-3.3.0-150000.4.8.1
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
python3-louis-3.3.0-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
liblouis-data-3.3.0-150000.4.8.1
liblouis-debuginfo-3.3.0-150000.4.8.1
liblouis-debugsource-3.3.0-150000.4.8.1
liblouis-devel-3.3.0-150000.4.8.1
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
python3-louis-3.3.0-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
liblouis-data-3.3.0-150000.4.8.1
liblouis-debuginfo-3.3.0-150000.4.8.1
liblouis-debugsource-3.3.0-150000.4.8.1
liblouis-devel-3.3.0-150000.4.8.1
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
python3-louis-3.3.0-150000.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
liblouis-data-3.3.0-150000.4.8.1
liblouis-debuginfo-3.3.0-150000.4.8.1
liblouis-debugsource-3.3.0-150000.4.8.1
liblouis-devel-3.3.0-150000.4.8.1
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
python3-louis-3.3.0-150000.4.8.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
liblouis-data-3.3.0-150000.4.8.1
liblouis-debuginfo-3.3.0-150000.4.8.1
liblouis-debugsource-3.3.0-150000.4.8.1
liblouis-devel-3.3.0-150000.4.8.1
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
python3-louis-3.3.0-150000.4.8.1
- SUSE CaaS Platform 4.0 (x86_64):
liblouis-data-3.3.0-150000.4.8.1
liblouis-debuginfo-3.3.0-150000.4.8.1
liblouis-debugsource-3.3.0-150000.4.8.1
liblouis-devel-3.3.0-150000.4.8.1
liblouis14-3.3.0-150000.4.8.1
liblouis14-debuginfo-3.3.0-150000.4.8.1
python3-louis-3.3.0-150000.4.8.1
References:
https://www.suse.com/security/cve/CVE-2022-26981.html
https://www.suse.com/security/cve/CVE-2022-31783.html
https://bugzilla.suse.com/1130813
https://bugzilla.suse.com/1197085
https://bugzilla.suse.com/1200120
1
0
openSUSE-SU-2022:10040-1: moderate: Security update for python-nltk
by opensuse-security@opensuse.org 03 Jul '22
by opensuse-security@opensuse.org 03 Jul '22
03 Jul '22
openSUSE Security Update: Security update for python-nltk
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10040-1
Rating: moderate
References: #1146427 #1191030
Cross-References: CVE-2019-14751 CVE-2021-3828
CVSS scores:
CVE-2019-14751 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2021-3828 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for python-nltk fixes the following issues:
Update to 3.7
- Improve and update the NLTK team page on nltk.org (#2855, #2941)
- Drop support for Python 3.6, support Python 3.10 (#2920)
- Update to 3.6.7
- Resolve IndexError in `sent_tokenize` and `word_tokenize` (#2922)
- Update to 3.6.6
- Refactor `gensim.doctest` to work for gensim 4.0.0 and up (#2914)
- Add Precision, Recall, F-measure, Confusion Matrix to Taggers (#2862)
- Added warnings if .zip files exist without any corresponding .csv
files. (#2908)
- Fix `FileNotFoundError` when the `download_dir` is a non-existing
nested folder (#2910)
- Rename omw to omw-1.4 (#2907)
- Resolve ReDoS opportunity by fixing incorrectly specified regex
(#2906, boo#1191030, CVE-2021-3828).
- Support OMW 1.4 (#2899)
- Deprecate Tree get and set node methods (#2900)
- Fix broken inaugural test case (#2903)
- Use Multilingual Wordnet Data from OMW with newer Wordnet versions
(#2889)
- Keep NLTKs "tokenize" module working with pathlib (#2896)
- Make prettyprinter to be more readable (#2893)
- Update links to the nltk book (#2895)
- Add `CITATION.cff` to nltk (#2880)
- Resolve serious ReDoS in PunktSentenceTokenizer (#2869)
- Delete old CI config files (#2881)
- Improve Tokenize documentation + add TokenizerI as superclass for
TweetTokenizer (#2878)
- Fix expected value for BLEU score doctest after changes from #2572
- Add multi Bleu functionality and tests (#2793)
- Deprecate 'return_str' parameter in NLTKWordTokenizer and
TreebankWordTokenizer (#2883)
- Allow empty string in CFG's + more (#2888)
- Partition `tree.py` module into `tree` package + pickle fix (#2863)
- Fix several TreebankWordTokenizer and NLTKWordTokenizer bugs (#2877)
- Rewind Wordnet data file after each lookup (#2868)
- Correct __init__ call for SyntaxCorpusReader subclasses (#2872)
- Documentation fixes (#2873)
- Fix levenstein distance for duplicated letters (#2849)
- Support alternative Wordnet versions (#2860)
- Remove hundreds of formatting warnings for nltk.org (#2859)
- Modernize `nltk.org/howto` pages (#2856)
- Fix Bleu Score smoothing function from taking log(0) (#2839)
- Update third party tools to newer versions and removing MaltParser
fixed version (#2832)
- Fix TypeError: _pretty() takes 1 positional argument but 2 were given
in sem/drt.py (#2854)
- Replace `http` with `https` in most URLs (#2852)
- Update to 3.6.5
- modernised nltk.org website
- addressed LGTM.com issues
- support ZWJ sequences emoji and skin tone modifer emoji in
TweetTokenizer
- METEOR evaluation now requires pre-tokenized input
- Code linting and type hinting
- implement get_refs function for DrtLambdaExpression
- Enable automated CoreNLP, Senna, Prover9/Mace4, Megam, MaltParser CI
tests
- specify minimum regex version that supports regex.Pattern
- avoid re.Pattern and regex.Pattern which fail for Python 3.6, 3.7
- Update to 3.6.4
- deprecate `nltk.usage(obj)` in favor of `help(obj)`
- resolve ReDoS vulnerability in Corpus Reader
- solidify performance tests
- improve phone number recognition in tweet tokenizer
- refactored CISTEM stemmer for German
- identify NLTK Team as the author
- replace travis badge with github actions badge
- add SECURITY.md
- Update to 3.6.3
- Dropped support for Python 3.5
- Run CI tests on Windows, too
- Moved from Travis CI to GitHub Actions
- Code and comment cleanups
- Visualize WordNet relation graphs using Graphviz
- Fixed large error in METEOR score
- Apply isort, pyupgrade, black, added as pre-commit hooks
- Prevent debug_decisions in Punkt from throwing IndexError
- Resolved ZeroDivisionError in RIBES with dissimilar sentences
- Initialize WordNet IC total counts with smoothing value
- Fixed AttributeError for Arabic ARLSTem2 stemmer
- Many fixes and improvements to lm language model package
- Fix bug in nltk.metrics.aline, C_skip = -10
- Improvements to TweetTokenizer
- Optional show arg for FreqDist.plot, ConditionalFreqDist.plot
- edit_distance now computes Damerau-Levenshtein edit-distance
- Update to 3.6.2
- move test code to nltk/test
- fix bug in NgramAssocMeasures (order preserving fix)
- Update to 3.6
- add support for Python 3.9
- add Tree.fromlist
- compute Minimum Spanning Tree of unweighted graph using BFS
- fix bug with infinite loop in Wordnet closure and tree
- fix bug in calculating BLEU using smoothing method 4
- Wordnet synset similarities work for all pos
- new Arabic light stemmer (ARLSTem2)
- new syllable tokenizer (LegalitySyllableTokenizer)
- remove nose in favor of pytest
- Update to v3.5
* add support for Python 3.8
* drop support for Python 2
* create NLTK's own Tokenizer class distinct from the Treebank reference
tokeniser
* update Vader sentiment analyser
* fix JSON serialization of some PoS taggers
* minor improvements in grammar.CFG, Vader, pl196x corpus reader,
StringTokenizer
* change implementation <= and >= for FreqDist so they are partial
orders
* make FreqDist iterable
* correctly handle Penn Treebank trees with a unlabeled branching top
node
- Update to 3.4.5 (boo#1146427, CVE-2019-14751):
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2022-10040=1
Package List:
- openSUSE Backports SLE-15-SP2 (noarch):
python3-nltk-3.7-bp152.3.3.1
References:
https://www.suse.com/security/cve/CVE-2019-14751.html
https://www.suse.com/security/cve/CVE-2021-3828.html
https://bugzilla.suse.com/1146427
https://bugzilla.suse.com/1191030
1
0