August 2022 - openSUSE Security Announce

SUSE-SU-2022:2957-1: important: Security update for gstreamer-plugins-good
by opensuse-security＠opensuse.org 31 Aug '22

31 Aug '22

SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2957-1 Rating: important References: #1201688 #1201693 #1201702 #1201704 #1201706 #1201707 #1201708 Cross-References: CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 CVSS scores: CVE-2022-1920 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1920 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1921 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1921 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1922 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1922 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1923 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1923 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1924 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1924 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1925 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1925 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-2122 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2122 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2957=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2957=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2957=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2957=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2957=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2957=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2957=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2957=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2957=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2957=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2957=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2957=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-doc-1.16.3-150200.3.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 gstreamer-plugins-good-doc-1.16.3-150200.3.9.1 gstreamer-plugins-good-extra-1.16.3-150200.3.9.1 gstreamer-plugins-good-extra-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-gtk-1.16.3-150200.3.9.1 gstreamer-plugins-good-gtk-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-jack-1.16.3-150200.3.9.1 gstreamer-plugins-good-jack-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-qtqml-1.16.3-150200.3.9.1 gstreamer-plugins-good-qtqml-debuginfo-1.16.3-150200.3.9.1 - openSUSE Leap 15.3 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - openSUSE Leap 15.3 (x86_64): gstreamer-plugins-good-32bit-1.16.3-150200.3.9.1 gstreamer-plugins-good-32bit-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-extra-32bit-1.16.3-150200.3.9.1 gstreamer-plugins-good-extra-32bit-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-jack-32bit-1.16.3-150200.3.9.1 gstreamer-plugins-good-jack-32bit-debuginfo-1.16.3-150200.3.9.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Manager Server 4.1 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Manager Retail Branch Server 4.1 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Manager Proxy 4.1 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Manager Proxy 4.1 (x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Enterprise Storage 7 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-1920.html https://www.suse.com/security/cve/CVE-2022-1921.html https://www.suse.com/security/cve/CVE-2022-1922.html https://www.suse.com/security/cve/CVE-2022-1923.html https://www.suse.com/security/cve/CVE-2022-1924.html https://www.suse.com/security/cve/CVE-2022-1925.html https://www.suse.com/security/cve/CVE-2022-2122.html https://bugzilla.suse.com/1201688 https://bugzilla.suse.com/1201693 https://bugzilla.suse.com/1201702 https://bugzilla.suse.com/1201704 https://bugzilla.suse.com/1201706 https://bugzilla.suse.com/1201707 https://bugzilla.suse.com/1201708

1 0

SUSE-SU-2022:2960-1: moderate: Security update for ucode-intel
by opensuse-security＠opensuse.org 31 Aug '22

31 Aug '22

SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2960-1 Rating: moderate References: #1201727 Cross-References: CVE-2022-21233 CVSS scores: CVE-2022-21233 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21233 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0 0657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scala ble-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2960=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2960=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2960=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2960=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2960=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2960=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2960=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2960=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2960=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2960=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2960=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2960=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2960=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2960=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2960=1 Package List: - openSUSE Leap 15.4 (x86_64): ucode-intel-20220809-150200.18.1 - openSUSE Leap 15.3 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Manager Server 4.1 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Manager Proxy 4.1 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Enterprise Storage 7 (x86_64): ucode-intel-20220809-150200.18.1 References: https://www.suse.com/security/cve/CVE-2022-21233.html https://bugzilla.suse.com/1201727

1 0

SUSE-SU-2022:2959-1: important: Security update for rsync
by opensuse-security＠opensuse.org 31 Aug '22

31 Aug '22

SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2959-1 Rating: important References: #1201840 Cross-References: CVE-2022-29154 CVSS scores: CVE-2022-29154 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-29154 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2959=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2959=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2959=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2959=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2959=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2959=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2959=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2959=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2959=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2959=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2959=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2959=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2959=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2959=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2959=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2959=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2959=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Manager Proxy 4.1 (x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE CaaS Platform 4.0 (x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 References: https://www.suse.com/security/cve/CVE-2022-29154.html https://bugzilla.suse.com/1201840

1 0

SUSE-SU-2022:2949-1: important: Security update for java-1_8_0-ibm
by opensuse-security＠opensuse.org 31 Aug '22

31 Aug '22

SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2949-1 Rating: important References: #1201684 #1201685 #1201692 #1201694 #1202427 Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 CVSS scores: CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21549 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21549 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-34169 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Updated to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2949=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2949=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2949=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2949=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2949=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2949=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2949=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2949=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2949=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2949=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2949=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2949=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2949=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2949=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2949=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2949=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-demo-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-src-1.8.0_sr7.11-150000.3.62.1 - openSUSE Leap 15.4 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-demo-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-src-1.8.0_sr7.11-150000.3.62.1 - openSUSE Leap 15.3 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Manager Server 4.1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Enterprise Storage 7 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Enterprise Storage 6 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 References: https://www.suse.com/security/cve/CVE-2022-21540.html https://www.suse.com/security/cve/CVE-2022-21541.html https://www.suse.com/security/cve/CVE-2022-21549.html https://www.suse.com/security/cve/CVE-2022-34169.html https://bugzilla.suse.com/1201684 https://bugzilla.suse.com/1201685 https://bugzilla.suse.com/1201692 https://bugzilla.suse.com/1201694 https://bugzilla.suse.com/1202427

1 0

SUSE-SU-2022:2947-1: important: Security update for zlib
by opensuse-security＠opensuse.org 31 Aug '22

31 Aug '22

SUSE Security Update: Security update for zlib ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2947-1 Rating: important References: #1202175 Cross-References: CVE-2022-37434 CVSS scores: CVE-2022-37434 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37434 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2947=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2947=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2947=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2947=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2947=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2947=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2947=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2947=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2947=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2947=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2947=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2947=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2947=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2947=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2947=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2947=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2947=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2947=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2947=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2947=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2947=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - openSUSE Leap 15.4 (x86_64): libminizip1-32bit-1.2.11-150000.3.33.1 libminizip1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-32bit-1.2.11-150000.3.33.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - openSUSE Leap 15.3 (x86_64): libminizip1-32bit-1.2.11-150000.3.33.1 libminizip1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-32bit-1.2.11-150000.3.33.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Manager Server 4.1 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Manager Proxy 4.1 (x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Enterprise Storage 7 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Enterprise Storage 6 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE CaaS Platform 4.0 (x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 References: https://www.suse.com/security/cve/CVE-2022-37434.html https://bugzilla.suse.com/1202175

1 0

SUSE-SU-2022:2946-1: important: Security update for postgresql10
by opensuse-security＠opensuse.org 31 Aug '22

31 Aug '22

SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2946-1 Rating: important References: #1202368 Cross-References: CVE-2022-2625 CVSS scores: CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2946=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2946=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2946=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2946=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2946=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2946=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2946=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2946=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2946=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2946=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2946=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2946=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2946=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2946=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2946=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2946=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2946=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2946=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-llvmjit-devel-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 postgresql10-test-10.22-150100.8.50.1 - openSUSE Leap 15.4 (noarch): postgresql10-docs-10.22-150100.8.50.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 postgresql10-test-10.22-150100.8.50.1 - openSUSE Leap 15.3 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Manager Server 4.1 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Manager Retail Branch Server 4.1 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Manager Proxy 4.1 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Manager Proxy 4.1 (x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Enterprise Storage 7 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Enterprise Storage 6 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE CaaS Platform 4.0 (x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE CaaS Platform 4.0 (noarch): postgresql10-docs-10.22-150100.8.50.1 References: https://www.suse.com/security/cve/CVE-2022-2625.html https://bugzilla.suse.com/1202368

1 0

SUSE-SU-2022:2941-1: moderate: Security update for libslirp
by opensuse-security＠opensuse.org 30 Aug '22

30 Aug '22

SUSE Security Update: Security update for libslirp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2941-1 Rating: moderate References: #1187365 #1201551 Cross-References: CVE-2021-3593 CVSS scores: CVE-2021-3593 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3593 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2941=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2941=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2941=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2941=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2941=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2941=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 References: https://www.suse.com/security/cve/CVE-2021-3593.html https://bugzilla.suse.com/1187365 https://bugzilla.suse.com/1201551

1 0

openSUSE-SU-2022:10109-1: important: Security update for opera
by opensuse-security＠opensuse.org 29 Aug '22

29 Aug '22

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10109-1 Rating: important References: Cross-References: CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 Affected Products: openSUSE Leap 15.4:NonFree ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to 90.0.4480.54 - CHR-8981 Update chromium on desktop-stable-104-4480 to 104.0.5112.102 - DNA-98165 [buildsign] Whitelist Silent.nib when creating universal NI package on Mac - DNA-101309 Use base filename in PUT request when uploading files to buildbot - The update to chromium 104.0.5112.102 fixes following issues: CVE-2022-2852, CVE-2022-2854, CVE-2022-2855, CVE-2022-2857, CVE-2022-2858, CVE-2022-2853, CVE-2022-2856, CVE-2022-2859, CVE-2022-2860, CVE-2022-2861 - Update to 90.0.4480.48 - DNA-100835 AddressBarModelTestWithCategories.RefreshUnfiltered SuggestionsWhenPrefsChanged fails on beta stream - DNA-101171 Translations for O90 - DNA-101216 Remove empty string from flow client_capabilities - DNA-101357 Promote O90 to Stable - DNA-101383 Revert DNA-101033 - Complete Opera 90.0 changelog at: https://blogs.opera.com/desktop/changelog-for-90/ - Update to 89.0.4447.91 - DNA-100673 Crash at void opera::ModalDialogBaseView::OnExtraButtonPressed (const class ui::Event& const) - DNA-100915 [Sync Settings] Confirm your identity to enable encryption message flickers - DNA-100937 Missing links to ToS and Privacy Statement in launcher dialog when running installer with ��show-eula-window-on-start - DNA-101002 Make errors from webpack compilation appear in the log - DNA-101045 Popup contents are pushed outside of popup in "Unprotected" VPN state - DNA-101076 Disabled Pinboards should have another color in Account popup - DNA-101086 Sync �� Clicking Next on auth.opera.com/account/v3/desktop/login/confirm-password does not redirect anywhere - Update to 89.0.4447.83 - DNA-99507 Badge deactivates on a basket page of the shop - DNA-99840 Add speed dials to start page - DNA-100127 Enable #enable-force-dark-from-settings on all streams - DNA-100233 [Settings] "Sync everything" and "Do not sync" unselects itself - DNA-100560 Add "suggested speed dials" in the Google search box on the start page - DNA-100568 Fix icon in suggestions and update layout - DNA-100646 Add synchronization states to Opera account popup - DNA-100665 Create private API to open Account popup + allow rich hints - DNA-100668 Use a category based suggestion list to sort search box suggestions - DNA-100701 "Force dark page" shortcut don��t work - DNA-100711 Unable to click suggestions on start page search box - DNA-100725 [WinLin] Opera account logo is offcenter - DNA-100762 Suggestions from networks get favicon from network - DNA-100764 Fix "Confirm Identity" URL - DNA-100905 Request to update event_sd_tile_used.type - DNA-100921 Add accessibility info about sync state to opera account button - DNA-100943 VPN pro popup can be zoomed - DNA-100945 Disable Context Menu for VPN and VPN Pro popups - DNA-100958 Opera account popup should display actual state of synchronization instead of selected option - DNA-100994 "Secure More devices" is pushed outside of popup - DNA-101009 Free VPN �� "Try for free" disappear after clicked - DNA-101012 Remove VPN Pro service available from VPN pro settings when logged in without subscription - DNA-101094 Unable to close a window from JavaScript - DNA-101121 chrome.operaAccountPrivate is undefined Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4:NonFree: zypper in -t patch openSUSE-2022-10109=1 Package List: - openSUSE Leap 15.4:NonFree (x86_64): opera-90.0.4480.54-lp154.2.17.1 References: https://www.suse.com/security/cve/CVE-2022-2852.html https://www.suse.com/security/cve/CVE-2022-2853.html https://www.suse.com/security/cve/CVE-2022-2854.html https://www.suse.com/security/cve/CVE-2022-2855.html https://www.suse.com/security/cve/CVE-2022-2856.html https://www.suse.com/security/cve/CVE-2022-2857.html https://www.suse.com/security/cve/CVE-2022-2858.html https://www.suse.com/security/cve/CVE-2022-2859.html https://www.suse.com/security/cve/CVE-2022-2860.html https://www.suse.com/security/cve/CVE-2022-2861.html

1 0

openSUSE-SU-2022:10108-1: important: Security update for opera
by opensuse-security＠opensuse.org 29 Aug '22

29 Aug '22

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10108-1 Rating: important References: Cross-References: CVE-2022-2852 CVE-2022-2853 CVE-2022-2854 CVE-2022-2855 CVE-2022-2856 CVE-2022-2857 CVE-2022-2858 CVE-2022-2859 CVE-2022-2860 CVE-2022-2861 Affected Products: openSUSE Leap 15.3:NonFree ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to 90.0.4480.54 - CHR-8981 Update chromium on desktop-stable-104-4480 to 104.0.5112.102 - DNA-98165 [buildsign] Whitelist Silent.nib when creating universal NI package on Mac - DNA-101309 Use base filename in PUT request when uploading files to buildbot - The update to chromium 104.0.5112.102 fixes following issues: CVE-2022-2852, CVE-2022-2854, CVE-2022-2855, CVE-2022-2857, CVE-2022-2858, CVE-2022-2853, CVE-2022-2856, CVE-2022-2859, CVE-2022-2860, CVE-2022-2861 - Update to 90.0.4480.48 - DNA-100835 AddressBarModelTestWithCategories.RefreshUnfiltered SuggestionsWhenPrefsChanged fails on beta stream - DNA-101171 Translations for O90 - DNA-101216 Remove empty string from flow client_capabilities - DNA-101357 Promote O90 to Stable - DNA-101383 Revert DNA-101033 - Complete Opera 90.0 changelog at: https://blogs.opera.com/desktop/changelog-for-90/ - Update to 89.0.4447.91 - DNA-100673 Crash at void opera::ModalDialogBaseView::OnExtraButtonPressed (const class ui::Event& const) - DNA-100915 [Sync Settings] Confirm your identity to enable encryption message flickers - DNA-100937 Missing links to ToS and Privacy Statement in launcher dialog when running installer with ��show-eula-window-on-start - DNA-101002 Make errors from webpack compilation appear in the log - DNA-101045 Popup contents are pushed outside of popup in "Unprotected" VPN state - DNA-101076 Disabled Pinboards should have another color in Account popup - DNA-101086 Sync �� Clicking Next on auth.opera.com/account/v3/desktop/login/confirm-password does not redirect anywhere - Update to 89.0.4447.83 - DNA-99507 Badge deactivates on a basket page of the shop - DNA-99840 Add speed dials to start page - DNA-100127 Enable #enable-force-dark-from-settings on all streams - DNA-100233 [Settings] "Sync everything" and "Do not sync" unselects itself - DNA-100560 Add "suggested speed dials" in the Google search box on the start page - DNA-100568 Fix icon in suggestions and update layout - DNA-100646 Add synchronization states to Opera account popup - DNA-100665 Create private API to open Account popup + allow rich hints - DNA-100668 Use a category based suggestion list to sort search box suggestions - DNA-100701 "Force dark page" shortcut don��t work - DNA-100711 Unable to click suggestions on start page search box - DNA-100725 [WinLin] Opera account logo is offcenter - DNA-100762 Suggestions from networks get favicon from network - DNA-100764 Fix "Confirm Identity" URL - DNA-100905 Request to update event_sd_tile_used.type - DNA-100921 Add accessibility info about sync state to opera account button - DNA-100943 VPN pro popup can be zoomed - DNA-100945 Disable Context Menu for VPN and VPN Pro popups - DNA-100958 Opera account popup should display actual state of synchronization instead of selected option - DNA-100994 "Secure More devices" is pushed outside of popup - DNA-101009 Free VPN �� "Try for free" disappear after clicked - DNA-101012 Remove VPN Pro service available from VPN pro settings when logged in without subscription - DNA-101094 Unable to close a window from JavaScript - DNA-101121 chrome.operaAccountPrivate is undefined Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3:NonFree: zypper in -t patch openSUSE-2022-10108=1 Package List: - openSUSE Leap 15.3:NonFree (x86_64): opera-90.0.4480.54-lp153.2.57.1 References: https://www.suse.com/security/cve/CVE-2022-2852.html https://www.suse.com/security/cve/CVE-2022-2853.html https://www.suse.com/security/cve/CVE-2022-2854.html https://www.suse.com/security/cve/CVE-2022-2855.html https://www.suse.com/security/cve/CVE-2022-2856.html https://www.suse.com/security/cve/CVE-2022-2857.html https://www.suse.com/security/cve/CVE-2022-2858.html https://www.suse.com/security/cve/CVE-2022-2859.html https://www.suse.com/security/cve/CVE-2022-2860.html https://www.suse.com/security/cve/CVE-2022-2861.html

1 0

SUSE-SU-2022:2936-1: important: Security update for open-vm-tools
by opensuse-security＠opensuse.org 29 Aug '22

29 Aug '22

SUSE Security Update: Security update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2936-1 Rating: important References: #1202657 #1202733 Cross-References: CVE-2022-31676 CVSS scores: CVE-2022-31676 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2936=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2936=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2936=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2936=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2936=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2936=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2936=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2936=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): libvmtools-devel-12.1.0-150300.19.1 libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-desktop-12.1.0-150300.19.1 open-vm-tools-desktop-debuginfo-12.1.0-150300.19.1 open-vm-tools-sdmp-12.1.0-150300.19.1 open-vm-tools-sdmp-debuginfo-12.1.0-150300.19.1 - openSUSE Leap 15.3 (aarch64 x86_64): libvmtools-devel-12.1.0-150300.19.1 libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-desktop-12.1.0-150300.19.1 open-vm-tools-desktop-debuginfo-12.1.0-150300.19.1 open-vm-tools-sdmp-12.1.0-150300.19.1 open-vm-tools-sdmp-debuginfo-12.1.0-150300.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (x86_64): open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-desktop-12.1.0-150300.19.1 open-vm-tools-desktop-debuginfo-12.1.0-150300.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-desktop-12.1.0-150300.19.1 open-vm-tools-desktop-debuginfo-12.1.0-150300.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libvmtools-devel-12.1.0-150300.19.1 libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-sdmp-12.1.0-150300.19.1 open-vm-tools-sdmp-debuginfo-12.1.0-150300.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libvmtools-devel-12.1.0-150300.19.1 libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-sdmp-12.1.0-150300.19.1 open-vm-tools-sdmp-debuginfo-12.1.0-150300.19.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 References: https://www.suse.com/security/cve/CVE-2022-31676.html https://bugzilla.suse.com/1202657 https://bugzilla.suse.com/1202733

1 0