October 2023 - openSUSE Security Announce

SUSE-SU-2023:4035-1: important: Security update for the Linux Kernel
by security＠lists.opensuse.org 10 Oct '23

10 Oct '23

# Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:4035-1 Rating: important References: * #1152472 * #1202845 * #1206453 * #1213808 * #1214941 * #1214942 * #1214943 * #1214944 * #1214950 * #1214951 * #1214954 * #1214957 * #1214986 * #1214992 * #1214993 * #1215322 * #1215523 * #1215877 * #1215894 * #1215895 * #1215896 * #1215911 * #1215915 * #1215916 Cross-References: * CVE-2023-1206 * CVE-2023-39192 * CVE-2023-39193 * CVE-2023-39194 * CVE-2023-4155 * CVE-2023-42753 * CVE-2023-42754 * CVE-2023-4389 * CVE-2023-4622 * CVE-2023-4623 * CVE-2023-4921 * CVE-2023-5345 CVSS scores: * CVE-2023-1206 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1206 ( NVD ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-39192 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2023-39192 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L * CVE-2023-39193 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39193 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L * CVE-2023-39194 ( SUSE ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-39194 ( NVD ): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N * CVE-2023-4155 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-4155 ( NVD ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2023-42753 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-42754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-42754 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-4389 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-4389 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4622 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4623 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-4921 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5345 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that solves 12 vulnerabilities and has 12 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). * CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351). * CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899) * CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275). * CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022) The following non-security bugs were fixed: * ALSA: hda/realtek: Splitting the UX3402 into two separate models (git- fixes). * arm64: module-plts: inline linux/moduleloader.h (git-fixes) * arm64: module: Use module_init_layout_section() to spot init sections (git- fixes) * arm64: sdei: abort running SDEI handlers during crash (git-fixes) * arm64: tegra: Update AHUB clock parent and rate (git-fixes) * arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git- fixes) * ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes). * ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes). * ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes). * ASoC: meson: spdifin: start hw on dai probe (git-fixes). * ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git- fixes). * ASoC: rt5640: Fix sleep in atomic context (git-fixes). * ASoC: rt5640: Revert "Fix sleep in atomic context" (git-fixes). * ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes). * ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes). * ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes). * blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986). * blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992). * block/mq-deadline: use correct way to throttling write requests (bsc#1214993). * bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). * clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453). * drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453). * Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453). * Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453). * Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453). * drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private * drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes * drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808). * drm/meson: fix memory leak on ->hpd_notify callback (git-fixes). * drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes). * drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes). * ext4: avoid potential data overflow in next_linear_group (bsc#1214951). * ext4: correct inline offset when handling xattrs in inode body (bsc#1214950). * ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). * ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943). * ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944). * ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942). * ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941). * ext4: Remove ext4 locking of moved directory (bsc#1214957). * ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940). * fs: Establish locking order for unrelated directories (bsc#1214958). * fs: Lock moved directories (bsc#1214959). * fs: lockd: avoid possible wrong NULL parameter (git-fixes). * fs: no need to check source (bsc#1215752). * fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581). * gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479). * gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479). * gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479). * gve: Changes to add new TX queues (bsc#1214479). * gve: Control path for DQO-QPL (bsc#1214479). * gve: fix frag_list chaining (bsc#1214479). * gve: Fix gve interrupt names (bsc#1214479). * gve: RX path for DQO-QPL (bsc#1214479). * gve: trivial spell fix Recive to Receive (bsc#1214479). * gve: Tx path for DQO-QPL (bsc#1214479). * gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479). * gve: use vmalloc_array and vcalloc (bsc#1214479). * gve: XDP support GQI-QPL: helper function changes (bsc#1214479). * hwrng: virtio - add an internal buffer (git-fixes). * hwrng: virtio - always add a pending request (git-fixes). * hwrng: virtio - do not wait on cleanup (git-fixes). * hwrng: virtio - do not waste entropy (git-fixes). * hwrng: virtio - Fix race on data_avail and actual data (git-fixes). * i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes). * iommu/virtio: Detach domain on endpoint release (git-fixes). * iommu/virtio: Return size mapped for a detached domain (git-fixes). * jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953). * jbd2: correct the end of the journal recovery scan range (bsc#1214955). * jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949). * jbd2: fix checkpoint cleanup performance regression (bsc#1214952). * jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948). * jbd2: recheck chechpointing non-dirty buffer (bsc#1214945). * jbd2: remove journal_clean_one_cp_list() (bsc#1214947). * jbd2: remove t_checkpoint_io_list (bsc#1214946). * jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946). * kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template. * kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist. * KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915). * KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896). * KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916). * KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894). * KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895). * KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911). * KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes). * KVM: x86/mmu: Include mmu.h in spte.h (git-fixes). * loop: Fix use-after-free issues (bsc#1214991). * loop: loop_set_status_from_info() check before assignment (bsc#1214990). * module: Expose module_init_layout_section() (git-fixes) * net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes). * net: mana: Add page pool for RX buffers (bsc#1214040). * net: mana: Configure hwc timeout from hardware (bsc#1214037). * net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes). * NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git- fixes). * nfs/blocklayout: Use the passed in gfp flags (git-fixes). * NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes). * NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes). * nfsd: fix change_info in NFSv4 RENAME replies (git-fixes). * nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes). * NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes). * NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes). * NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes). * NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes). * NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes). * nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543). * nvme-tcp: add recovery_delay to sysfs (bsc#1201284). * nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284). * nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284). * nvme-tcp: make 'err_work' a delayed work (bsc#1201284). * platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git- fixes). * platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes). * platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes). * platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes). * pNFS: Fix assignment of xprtdata.cred (git-fixes). * powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582). * printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875). * quota: add new helper dquot_active() (bsc#1214998). * quota: factor out dquot_write_dquot() (bsc#1214995). * quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963). * quota: fix warning in dqgrab() (bsc#1214962). * quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961). * quota: rename dquot_active() to inode_quota_active() (bsc#1214997). * RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes) * scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes). * scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git- fixes). * scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes). * scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). * scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git- fixes). * scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes). * scsi: storvsc: Handle additional SRB status values (git-fixes). * scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941). * selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549). * spi: Add TPM HW flow flag (bsc#1213534) * spi: tegra210-quad: Enable TPM wait polling (bsc#1213534) * spi: tegra210-quad: set half duplex flag (bsc#1213534) * SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes). * tpm_tis_spi: Add hardware wait polling (bsc#1213534) * uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes). * udf: Fix extension of the last extent in the file (bsc#1214964). * udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965). * udf: Fix off-by-one error when discarding preallocation (bsc#1214966). * udf: Fix uninitialized array access for some pathnames (bsc#1214967). * Update metadata * usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes). * usb: ehci: move new member has_ci_pec_bug into hole (git-fixes). * vhost_vdpa: fix the crash in unmap a large memory (git-fixes). * vhost-scsi: unbreak any layout for response (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: allow batching hint without size (git-fixes). * vhost: fix hung thread due to erroneous iotlb entries (git-fixes). * vhost: handle error while adding split ranges to iotlb (git-fixes). * virtio_net: add checking sq is full inside xdp xmit (git-fixes). * virtio_net: Fix probe failed when modprobe virtio_net (git-fixes). * virtio_net: reorder some funcs (git-fixes). * virtio_net: separate the logic of checking whether sq is full (git-fixes). * virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes). * virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes). * virtio-mmio: do not break lifecycle of vm_dev (git-fixes). * virtio-net: fix race between set queues and probe (git-fixes). * virtio-net: set queues after driver_ok (git-fixes). * virtio-rng: make device ready before making request (git-fixes). * virtio: acknowledge all features before access (git-fixes). * vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582). * x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453). * x86/coco: Export cc_vendor (bsc#1206453). * x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453). * x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453). * x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453). * x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453) * x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453). * x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453). * x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453). * x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453). * x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453). * x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453). * x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453). * x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453). * x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453). * x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453). * x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453). * x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453). * x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453). * x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git- fixes). * x86/srso: Do not probe microcode in a guest (git-fixes). * x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). * x86/srso: Fix srso_show_state() side effect (git-fixes). * x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). * xen: remove a confusing comment on auto-translated guest I/O (git-fixes). * xprtrdma: Remap Receive buffers after a reconnect (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4035=1 openSUSE-SLE-15.5-2023-4035=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4035=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-4035=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2023-4035=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-source-rt-5.14.21-150500.13.21.1 * kernel-devel-rt-5.14.21-150500.13.21.1 * openSUSE Leap 15.5 (x86_64) * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * reiserfs-kmp-rt-5.14.21-150500.13.21.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt_debug-vdso-5.14.21-150500.13.21.1 * kernel-rt_debug-devel-5.14.21-150500.13.21.1 * ocfs2-kmp-rt-5.14.21-150500.13.21.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.21.1 * kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-1-150500.11.3.1 * gfs2-kmp-rt-5.14.21-150500.13.21.1 * kselftests-kmp-rt-5.14.21-150500.13.21.1 * kernel-rt-devel-5.14.21-150500.13.21.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.21.1 * kernel-syms-rt-5.14.21-150500.13.21.1 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.21.1 * kernel-rt-optional-5.14.21-150500.13.21.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.21.1 * kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.21.1 * kernel-rt-debuginfo-5.14.21-150500.13.21.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * dlm-kmp-rt-5.14.21-150500.13.21.1 * cluster-md-kmp-rt-5.14.21-150500.13.21.1 * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-1-150500.11.3.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.21.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-vdso-5.14.21-150500.13.21.1 * kernel-rt-extra-5.14.21-150500.13.21.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-livepatch-5.14.21-150500.13.21.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-debugsource-5.14.21-150500.13.21.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.21.1 * kernel-rt-5.14.21-150500.13.21.1 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.21.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-debugsource-5.14.21-150500.13.21.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_21-rt-1-150500.11.3.1 * kernel-livepatch-SLE15-SP5-RT_Update_6-debugsource-1-150500.11.3.1 * kernel-livepatch-5_14_21-150500_13_21-rt-debuginfo-1-150500.11.3.1 * SUSE Real Time Module 15-SP5 (x86_64) * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt_debug-vdso-5.14.21-150500.13.21.1 * kernel-rt_debug-devel-5.14.21-150500.13.21.1 * ocfs2-kmp-rt-5.14.21-150500.13.21.1 * gfs2-kmp-rt-5.14.21-150500.13.21.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-devel-5.14.21-150500.13.21.1 * kernel-syms-rt-5.14.21-150500.13.21.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-debuginfo-5.14.21-150500.13.21.1 * dlm-kmp-rt-5.14.21-150500.13.21.1 * cluster-md-kmp-rt-5.14.21-150500.13.21.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.21.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.21.1 * kernel-rt-vdso-5.14.21-150500.13.21.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.21.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.21.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.21.1 * kernel-rt-debugsource-5.14.21-150500.13.21.1 * SUSE Real Time Module 15-SP5 (noarch) * kernel-source-rt-5.14.21-150500.13.21.1 * kernel-devel-rt-5.14.21-150500.13.21.1 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt_debug-5.14.21-150500.13.21.1 * kernel-rt-5.14.21-150500.13.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1206.html * https://www.suse.com/security/cve/CVE-2023-39192.html * https://www.suse.com/security/cve/CVE-2023-39193.html * https://www.suse.com/security/cve/CVE-2023-39194.html * https://www.suse.com/security/cve/CVE-2023-4155.html * https://www.suse.com/security/cve/CVE-2023-42753.html * https://www.suse.com/security/cve/CVE-2023-42754.html * https://www.suse.com/security/cve/CVE-2023-4389.html * https://www.suse.com/security/cve/CVE-2023-4622.html * https://www.suse.com/security/cve/CVE-2023-4623.html * https://www.suse.com/security/cve/CVE-2023-4921.html * https://www.suse.com/security/cve/CVE-2023-5345.html * https://bugzilla.suse.com/show_bug.cgi?id=1152472 * https://bugzilla.suse.com/show_bug.cgi?id=1202845 * https://bugzilla.suse.com/show_bug.cgi?id=1206453 * https://bugzilla.suse.com/show_bug.cgi?id=1213808 * https://bugzilla.suse.com/show_bug.cgi?id=1214941 * https://bugzilla.suse.com/show_bug.cgi?id=1214942 * https://bugzilla.suse.com/show_bug.cgi?id=1214943 * https://bugzilla.suse.com/show_bug.cgi?id=1214944 * https://bugzilla.suse.com/show_bug.cgi?id=1214950 * https://bugzilla.suse.com/show_bug.cgi?id=1214951 * https://bugzilla.suse.com/show_bug.cgi?id=1214954 * https://bugzilla.suse.com/show_bug.cgi?id=1214957 * https://bugzilla.suse.com/show_bug.cgi?id=1214986 * https://bugzilla.suse.com/show_bug.cgi?id=1214992 * https://bugzilla.suse.com/show_bug.cgi?id=1214993 * https://bugzilla.suse.com/show_bug.cgi?id=1215322 * https://bugzilla.suse.com/show_bug.cgi?id=1215523 * https://bugzilla.suse.com/show_bug.cgi?id=1215877 * https://bugzilla.suse.com/show_bug.cgi?id=1215894 * https://bugzilla.suse.com/show_bug.cgi?id=1215895 * https://bugzilla.suse.com/show_bug.cgi?id=1215896 * https://bugzilla.suse.com/show_bug.cgi?id=1215911 * https://bugzilla.suse.com/show_bug.cgi?id=1215915 * https://bugzilla.suse.com/show_bug.cgi?id=1215916

1 0

SUSE-SU-2023:4022-1: important: Security update for conmon
by security＠lists.opensuse.org 10 Oct '23

10 Oct '23

# Security update for conmon Announcement ID: SUSE-SU-2023:4022-1 Rating: important References: * #1215806 Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one security fix can now be installed. ## Description: This update for conmon fixes the following issues: conmon is rebuild with go1.21 to capture current stability, bug and security fixes. (bsc#1215806) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4022=1 openSUSE-SLE-15.5-2023-4022=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4022=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-4022=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * conmon-2.1.7-150500.9.6.1 * conmon-debuginfo-2.1.7-150500.9.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * conmon-2.1.7-150500.9.6.1 * conmon-debuginfo-2.1.7-150500.9.6.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * conmon-2.1.7-150500.9.6.1 * conmon-debuginfo-2.1.7-150500.9.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215806

1 0

SUSE-SU-2023:4024-1: low: Security update for shadow
by security＠lists.opensuse.org 10 Oct '23

10 Oct '23

# Security update for shadow Announcement ID: SUSE-SU-2023:4024-1 Rating: low References: * #1214806 Cross-References: * CVE-2023-4641 CVSS scores: * CVE-2023-4641 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for shadow fixes the following issues: * CVE-2023-4641: Fixed potential password leak (bsc#1214806). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4024=1 SUSE-2023-4024=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4024=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4024=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4024=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4024=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4024=1 ## Package List: * openSUSE Leap 15.4 (noarch) * login_defs-4.8.1-150400.10.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * openSUSE Leap 15.5 (noarch) * login_defs-4.8.1-150400.10.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * login_defs-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * login_defs-4.8.1-150400.10.12.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * Basesystem Module 15-SP4 (noarch) * login_defs-4.8.1-150400.10.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 * Basesystem Module 15-SP5 (noarch) * login_defs-4.8.1-150400.10.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * shadow-debugsource-4.8.1-150400.10.12.1 * shadow-4.8.1-150400.10.12.1 * shadow-debuginfo-4.8.1-150400.10.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4641.html * https://bugzilla.suse.com/show_bug.cgi?id=1214806

1 0

SUSE-SU-2023:4016-1: critical: Security update for MozillaThunderbird
by security＠lists.opensuse.org 09 Oct '23

09 Oct '23

# Security update for MozillaThunderbird Announcement ID: SUSE-SU-2023:4016-1 Rating: critical References: * #1210168 * #1215309 * #1215575 * #1215814 Cross-References: * CVE-2023-5168 * CVE-2023-5169 * CVE-2023-5171 * CVE-2023-5174 * CVE-2023-5176 * CVE-2023-5217 CVSS scores: * CVE-2023-5168 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5169 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5171 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5174 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5176 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5217 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5217 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves six vulnerabilities can now be installed. ## Description: This update for MozillaThunderbird fixes the following issues: Security fixes: \- CVE-2023-5217: Fixed a heap buffer overflow in libvpx. (bsc#1215814) \- CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1. (bsc#1215575) \- CVE-2023-5169: Out-of-bounds write in PathOps. (bsc#1215575) \- CVE-2023-5171: Use-after-free in Ion Compiler. (bsc#1215575) \- CVE-2023-5174: Double-free in process spawning on Windows. (bsc#1215575) \- CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. (bsc#1215575) Other fixes: * Mozilla Thunderbird 115.3.1 * fixed: In Unified Folders view, some folders had incorrect unified folder parent (bmo#1852525) * fixed: "Edit message as new" did not restore encrypted subject from selected message (bmo#1788534) * fixed: Importing some CalDAV calendars with yearly recurrence events caused Thunderbird to freeze (bmo#1850732) * fixed: Security fixes MFSA 2023-44 (bsc#1215814) * CVE-2023-5217 (bmo#1855550) Heap buffer overflow in libvpx * Mozilla Thunderbird 115.3 * fixed: Thunderbird could not import profiles with hostname ending in dot (".") (bmo#1825374) * fixed: Message header was occasionally missing in message preview (bmo#1840943) * fixed: Setting an existing folder's type flag did not add descendant folders to the Unified Folders view (bmo#1848904) * fixed: Thunderbird did not always delete all temporary mail files, sometimes preventing messages from being sent (bmo#673703) * fixed: Status bar in Message Compose window could not be hidden (bmo#1806860) * fixed: Message header was intermittently missing from message preview (bmo#1840943) * fixed: OAuth2 did not work on some profiles created in Thunderbird 102.6.1 or earlier (bmo#1814823) * fixed: In Vertical View, decrypted subject lines were displayed as ellipsis ("...") in message list (bmo#1831764) * fixed: Condensed address preference (mail.showCondensedAddresses) did not show condensed addresses in message list (bmo#1831280) * fixed: Spam folder could not be assigned non-ASCII names with IMAP UTF-8 enabled (bmo#1816332) * fixed: Message header was not displayed until images finished loading, causing noticeable delay for messages containing large images (bmo#1851871) * fixed: Large SVG favicons did not display on RSS feeds (bmo#1853895) * fixed: Context menu items did not display a hover background color (bmo#1852732) * fixed: Security fixes MFSA 2023-43 (bsc#1215575) * CVE-2023-5168 (bmo#1846683) Out-of-bounds write in FilterNodeD2D1 * CVE-2023-5169 (bmo#1846685) Out-of-bounds write in PathOps * CVE-2023-5171 (bmo#1851599) Use-after-free in Ion Compiler * CVE-2023-5174 (bmo#1848454) Double-free in process spawning on Windows * CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195) Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 * Add patch mozilla-fix-broken-ffmpeg.patch to fix broken build with newer binutils (bsc#1215309) * Fix i586 build by reducing debug info to -g1. (bsc#1210168) * Mozilla Thunderbird 115.2.3 * changed: Card view and vertical layout are now default for new profiles (bmo#1849000) * fixed: Go - Folder menu was disabled (bmo#1849919) * fixed: "Tools" menu was blank when opened from compose window on macOS (bmo#1848155) * fixed: Deleting an attachment from a message on an IMAP server corrupted the local copy when configured with "mark as deleted" (bmo#1135434) * fixed: Manually entered passwords were not remembered for OAuth- authenticated accounts such as Yahoo mail (bmo#1673446) * fixed: Quick Filter's "Keep filters applied" did not persist after restarting Thunderbird (bmo#1846880,bmo#1849221) * fixed: Top-level Quick Filter settings did not persist after restart (bmo#1849249) * fixed: Notifications for new messages with non-ASCII characters in the subject were garbled (bmo#1842384) * fixed: "Mark Thread As Read" did not work when some messages in thread were already read (bmo#1850850) * fixed: New Groups tab in NNTP subscribe dialog id not work as expected (bmo#1848366) * fixed: Negative values were allowed in "Share for files larger than" field (bmo#1850281) * fixed: Thunderbird sometimes crashed when deleting a parent folder with subfolders (bmo#1851293) * fixed: "Send Message Error" appeared intermittently while Thunderbird was idle (bmo#1801668) * fixed: Focused but not selected messages were missing visual indication of focus in card view (bmo#1844263) * fixed: Notification dot did not disappear from taskbar icon on Windows after messages had already been read (bmo#1824889) * fixed: Multiple selected messages could not be opened simultaneously if selection included more than 19 messages (bmo#1851563) * fixed: Email replies received via BCC incorrectly populated From field with default identity (bmo#1851512) * fixed: User was not always notified of message send failures in outbox (bmo#1851542) * fixed: Tag dialog did not close properly after editing tag (bmo#1852414) * fixed: Newsgroup field in compose window did not autocomplete with suggested newsgroup names (bmo#1670457) * fixed: Canceling newsgroup messages did not check if sender matched user's own identity (bmo#1823274) * fixed: Event dialog with several invitees expanded beyond screen height (bmo#1848261) * fixed: Message check boxes were partially obstructed in message list (bmo#1850760) * unresolved: Some folders missing from Unified Folders () ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4016=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4016=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4016=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4016=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4016=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4016=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * MozillaThunderbird-debuginfo-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-other-115.3.1-150200.8.133.1 * MozillaThunderbird-translations-common-115.3.1-150200.8.133.1 * MozillaThunderbird-debugsource-115.3.1-150200.8.133.1 * MozillaThunderbird-115.3.1-150200.8.133.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5168.html * https://www.suse.com/security/cve/CVE-2023-5169.html * https://www.suse.com/security/cve/CVE-2023-5171.html * https://www.suse.com/security/cve/CVE-2023-5174.html * https://www.suse.com/security/cve/CVE-2023-5176.html * https://www.suse.com/security/cve/CVE-2023-5217.html * https://bugzilla.suse.com/show_bug.cgi?id=1210168 * https://bugzilla.suse.com/show_bug.cgi?id=1215309 * https://bugzilla.suse.com/show_bug.cgi?id=1215575 * https://bugzilla.suse.com/show_bug.cgi?id=1215814

1 0

SUSE-SU-2023:4017-1: important: Security update for go1.21
by security＠lists.opensuse.org 09 Oct '23

09 Oct '23

# Security update for go1.21 Announcement ID: SUSE-SU-2023:4017-1 Rating: important References: * #1212475 * #1215985 Cross-References: * CVE-2023-39323 CVSS scores: * CVE-2023-39323 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for go1.21 fixes the following issues: * Updated to version 1.21.2 (bsc#1212475): * CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass (bsc#1215985). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4017=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4017=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4017=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4017=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.21-race-1.21.2-150000.1.9.1 * go1.21-doc-1.21.2-150000.1.9.1 * go1.21-1.21.2-150000.1.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.21-race-1.21.2-150000.1.9.1 * go1.21-doc-1.21.2-150000.1.9.1 * go1.21-1.21.2-150000.1.9.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.21-doc-1.21.2-150000.1.9.1 * go1.21-1.21.2-150000.1.9.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.21-race-1.21.2-150000.1.9.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.21-race-1.21.2-150000.1.9.1 * go1.21-doc-1.21.2-150000.1.9.1 * go1.21-1.21.2-150000.1.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39323.html * https://bugzilla.suse.com/show_bug.cgi?id=1212475 * https://bugzilla.suse.com/show_bug.cgi?id=1215985

1 0

SUSE-SU-2023:4018-1: important: Security update for go1.20
by security＠lists.opensuse.org 09 Oct '23

09 Oct '23

# Security update for go1.20 Announcement ID: SUSE-SU-2023:4018-1 Rating: important References: * #1206346 * #1215985 Cross-References: * CVE-2023-39323 CVSS scores: * CVE-2023-39323 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for go1.20 fixes the following issues: * Updated to version 1.20.9 (bsc#1206346): * CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass (bsc#1215985). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4018=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4018=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4018=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4018=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.9-150000.1.26.1 * go1.20-race-1.20.9-150000.1.26.1 * go1.20-1.20.9-150000.1.26.1 * go1.20-debuginfo-1.20.9-150000.1.26.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.9-150000.1.26.1 * go1.20-race-1.20.9-150000.1.26.1 * go1.20-1.20.9-150000.1.26.1 * go1.20-debuginfo-1.20.9-150000.1.26.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.9-150000.1.26.1 * go1.20-1.20.9-150000.1.26.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.9-150000.1.26.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-doc-1.20.9-150000.1.26.1 * go1.20-race-1.20.9-150000.1.26.1 * go1.20-1.20.9-150000.1.26.1 * go1.20-debuginfo-1.20.9-150000.1.26.1 ## References: * https://www.suse.com/security/cve/CVE-2023-39323.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1215985

1 0

SUSE-SU-2023:4008-1: moderate: Security update for ImageMagick
by security＠lists.opensuse.org 09 Oct '23

09 Oct '23

# Security update for ImageMagick Announcement ID: SUSE-SU-2023:4008-1 Rating: moderate References: * #1215939 Cross-References: * CVE-2023-5341 CVSS scores: * CVE-2023-5341 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4008=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.57.1 * libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.57.1 * libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.57.1 * libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.57.1 * libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.57.1 * libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.57.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.57.1 * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.57.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.57.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.57.1 * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.57.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.57.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5341.html * https://bugzilla.suse.com/show_bug.cgi?id=1215939

1 0

SUSE-SU-2023:3997-1: important: Security update for nghttp2
by security＠lists.opensuse.org 06 Oct '23

06 Oct '23

# Security update for nghttp2 Announcement ID: SUSE-SU-2023:3997-1 Rating: important References: * #1215713 Cross-References: * CVE-2023-35945 CVSS scores: * CVE-2023-35945 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-35945 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for nghttp2 fixes the following issues: * CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3997=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3997=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3997=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3997=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3997=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3997=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-3997=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3997=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3997=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3997=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3997=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3997=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3997=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3997=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3997=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3997=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3997=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3997=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3997=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3997=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-3997=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3997=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3997=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nghttp2-python-debugsource-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * nghttp2-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * python3-nghttp2-1.40.0-150200.9.1 * python3-nghttp2-debuginfo-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * openSUSE Leap 15.4 (x86_64) * libnghttp2_asio1-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * libnghttp2_asio1-32bit-1.40.0-150200.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * nghttp2-python-debugsource-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * nghttp2-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * python3-nghttp2-1.40.0-150200.9.1 * python3-nghttp2-debuginfo-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * openSUSE Leap 15.5 (x86_64) * libnghttp2_asio1-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * libnghttp2_asio1-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * Basesystem Module 15-SP4 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * Basesystem Module 15-SP5 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Manager Proxy 4.2 (x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Manager Server 4.2 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libnghttp2-14-1.40.0-150200.9.1 * libnghttp2_asio1-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * libnghttp2-devel-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * libnghttp2_asio1-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2_asio-devel-1.40.0-150200.9.1 * SUSE Enterprise Storage 7.1 (x86_64) * libnghttp2-14-32bit-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-32bit-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libnghttp2-14-debuginfo-1.40.0-150200.9.1 * libnghttp2-14-1.40.0-150200.9.1 * nghttp2-debugsource-1.40.0-150200.9.1 * nghttp2-debuginfo-1.40.0-150200.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-35945.html * https://bugzilla.suse.com/show_bug.cgi?id=1215713

1 0

SUSE-SU-2023:3998-1: important: Security update for poppler
by security＠lists.opensuse.org 06 Oct '23

06 Oct '23

# Security update for poppler Announcement ID: SUSE-SU-2023:3998-1 Rating: important References: * #1214257 * #1214618 * #1214621 * #1214622 * #1215422 Cross-References: * CVE-2020-23804 * CVE-2020-36024 * CVE-2022-37050 * CVE-2022-37051 * CVE-2022-38349 CVSS scores: * CVE-2020-23804 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-23804 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36024 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36024 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37050 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37051 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-38349 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2022-38349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves five vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422). * CVE-2020-36024: Fixed NULL Pointer Deference in `FoFiType1C:convertToType1` (bsc#1214257). * CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622). * CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621). * CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3998=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3998=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3998=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3998=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3998=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3998=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3998=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3998=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3998=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3998=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3998=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3998=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3998=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3998=1 ## Package List: * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * openSUSE Leap 15.4 (x86_64) * libpoppler89-32bit-debuginfo-0.79.0-150200.3.21.2 * libpoppler89-32bit-0.79.0-150200.3.21.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Manager Proxy 4.2 (x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * poppler-tools-0.79.0-150200.3.21.2 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.21.2 * libpoppler-glib8-debuginfo-0.79.0-150200.3.21.2 * libpoppler-cpp0-0.79.0-150200.3.21.2 * poppler-debugsource-0.79.0-150200.3.21.2 * libpoppler89-0.79.0-150200.3.21.2 * poppler-tools-debuginfo-0.79.0-150200.3.21.2 * libpoppler-devel-0.79.0-150200.3.21.2 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.21.2 * libpoppler-glib-devel-0.79.0-150200.3.21.2 * libpoppler-glib8-0.79.0-150200.3.21.2 * libpoppler89-debuginfo-0.79.0-150200.3.21.2 ## References: * https://www.suse.com/security/cve/CVE-2020-23804.html * https://www.suse.com/security/cve/CVE-2020-36024.html * https://www.suse.com/security/cve/CVE-2022-37050.html * https://www.suse.com/security/cve/CVE-2022-37051.html * https://www.suse.com/security/cve/CVE-2022-38349.html * https://bugzilla.suse.com/show_bug.cgi?id=1214257 * https://bugzilla.suse.com/show_bug.cgi?id=1214618 * https://bugzilla.suse.com/show_bug.cgi?id=1214621 * https://bugzilla.suse.com/show_bug.cgi?id=1214622 * https://bugzilla.suse.com/show_bug.cgi?id=1215422

1 0

SUSE-SU-2023:4000-1: moderate: Security update for yq
by security＠lists.opensuse.org 06 Oct '23

06 Oct '23

# Security update for yq Announcement ID: SUSE-SU-2023:4000-1 Rating: moderate References: * #1215808 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one security fix can now be installed. ## Description: This update for yq fixes the following issues: yq was updated to 4.35.2 (bsc#1215808): * Fixed number parsing as float bug in JSON #1756 * Fixed string, null concatenation consistency #1712 * Fixed expression parsing issue #1711 Update to 4.35.1: * Added Lua output support * Added BSD checksum format Update to 4.34.1: * Added shell output format * Fixed nil pointer dereference Update to 4.33.3: * Fixed bug when splatting empty array #1613 * Added scalar output for TOML (#1617) * Fixed passing of read-only context in pipe (partial fix for #1631) Update to 4.33.2: * Add `--nul-output|-0` flag to separate element with NUL character (#1550) Thanks @vaab! * Add removable-media interface plug declaration to the snap packaging(#1618) Thanks @brlin-tw! * Scalar output now handled in csv, tsv and property files Update to 4.33.1: * Added read-only TOML support! #1364. Thanks @pelletier for making your API available in your toml lib :) * Added warning when auto detect by file type is outputs JSON Update to 4.32.2: * Fixes parsing terraform tfstate files results in "unknown" format * Added divide and modulo operators (#1593) * Add support for decoding base64 strings without padding * Add filter operation (#1588) - thanks @rbren! * Detect input format based on file name extension (#1582) * Auto output format when input format is automatically detected * Fixed npe in log #1596 * Improved binary file size! Update to 4.31.2: * Fixed merged anchor reference problem #1482 * Fixed xml encoding of ProcInst #1563, improved XML comment handling * Allow build without json and xml support (#1556) Thanks Update to 4.31.1: * Added shuffle command #1503 * Added ability to sort by multiple fields #1541 * Added @sh encoder #1526 * Added @uri/@urid encoder/decoder #1529 * Fixed date comparison with string date #1537 * Added from_unix/to_unix Operators ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4000=1 SUSE-2023-4000=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4000=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * yq-4.35.2-150500.3.3.1 * yq-debuginfo-4.35.2-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * yq-bash-completion-4.35.2-150500.3.3.1 * yq-fish-completion-4.35.2-150500.3.3.1 * yq-zsh-completion-4.35.2-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * yq-4.35.2-150500.3.3.1 * yq-debuginfo-4.35.2-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1215808

1 0