November 2023 - openSUSE Security Announce

SUSE-SU-2023:4591-1: important: Security update for squashfs
by security＠lists.opensuse.org 27 Nov '23

27 Nov '23

# Security update for squashfs Announcement ID: SUSE-SU-2023:4591-1 Rating: important References: * bsc#1189936 * bsc#1190531 * bsc#935380 Cross-References: * CVE-2015-4645 * CVE-2015-4646 * CVE-2021-40153 * CVE-2021-41072 CVSS scores: * CVE-2015-4645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2015-4645 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2015-4646 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-40153 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2021-40153 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2021-41072 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2021-41072 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.3 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves four vulnerabilities can now be installed. ## Description: This update for squashfs fixes the following issues: * CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs- tools (bsc#935380) * CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936) * CVE-2021-41072: Fixed an issue where an attacker might have been able to write a file outside the destination directory via a symlink (bsc#1190531). update to 4.6.1: * Race condition which can cause corruption of the "fragment table" fixed. This is a regression introduced in August 2022, and it has been seen when tailend packing is used (-tailends option). * Fix build failure when the tools are being built without extended attribute (XATTRs) support. * Fix XATTR error message when an unrecognised prefix is found * Fix incorrect free of pointer when an unrecognised XATTR prefix is found. * Major improvements in extended attribute handling, pseudo file handling, and miscellaneous new options and improvements * Extended attribute handling improved in Mksquashfs and Sqfstar * New Pseudo file xattr definition to add extended attributes to files. * New xattrs-add Action to add extended attributes to files * Extended attribute handling improved in Unsquashfs * Other major improvements * Unsquashfs can now output Pseudo files to standard out. * Mksquashfs can now input Pseudo files from standard in. * Squashfs filesystems can now be converted (different block size compression etc) without unpacking to an intermediate filesystem or mounting, by piping the output of Unsquashfs to Mksquashfs. * Pseudo files are now supported by Sqfstar. * "Non-anchored" excludes are now supported by Unsquashfs. update to 4.5.1 (bsc#1190531, CVE-2021-41072): * This release adds Manpages for Mksquashfs(1), Unsquashfs(1), Sqfstar(1) and Sqfscat(1). * The -help text output from the utilities has been improved and extended as well (but the Manpages are now more comprehensive). * CVE-2021-41072 which is a writing outside of destination exploit, has been fixed. * The number of hard-links in the filesystem is now also displayed by Mksquashfs in the output summary. * The number of hard-links written by Unsquashfs is now also displayed in the output summary. * Unsquashfs will now write to a pre-existing destination directory, rather than aborting. * Unsquashfs now allows "." to used as the destination, to extract to the current directory. * The Unsquashfs progress bar now tracks empty files and hardlinks, in addition to data blocks. * -no-hardlinks option has been implemented for Sqfstar. * More sanity checking for "corrupted" filesystems, including checks for multiply linked directories and directory loops. * Options that may cause filesystems to be unmountable have been moved into a new "experts" category in the Mksquashfs help text (and Manpage). * Maximum cpiostyle filename limited to PATH_MAX. This prevents attempts to overflow the stack, or cause system calls to fail with a too long pathname. * Don't always use "max open file limit" when calculating length of queues, as a very large file limit can cause Unsquashfs to abort. Instead use the smaller of max open file limit and cache size. * Fix Mksquashfs silently ignoring Pseudo file definitions when appending. * Don't abort if no XATTR support has been built in, and there's XATTRs in the filesystem. This is a regression introduced in 2019 in Version 4.4. * Fix duplicate check when the last file block is sparse. update to 4.5: * Mksquashfs now supports "Actions". * New sqfstar command which will create a Squashfs image from a tar archive. * Tar style handling of source pathnames in Mksquashfs. * Cpio style handling of source pathnames in Mksquashfs. * New option to throttle the amount of CPU and I/O. * Mksquashfs now allows no source directory to be specified. * New Pseudo file "R" definition which allows a Regular file o be created with data stored within the Pseudo file. * Symbolic links are now followed in extract files * Unsquashfs now supports "exclude" files. * Max depth traversal option added. * Unsquashfs can now output a "Pseudo file" representing the input Squashfs filesystem. * New -one-file-system option in Mksquashfs. * New -no-hardlinks option in Mksquashfs. * Exit code in Unsquashfs changed to distinguish between non-fatal errors (exit 2), and fatal errors (exit 1). * Xattr id count added in Unsquashfs "-stat" output. * Unsquashfs "write outside directory" exploit fixed. * Error handling in Unsquashfs writer thread fixed. * Fix failure to truncate destination if appending aborted. * Prevent Mksquashfs reading the destination file. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4591=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4591=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4591=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4591=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4591=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4591=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4591=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4591=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4591=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4591=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4591=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4591=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4591=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4591=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4591=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4591=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4591=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4591=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4591=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4591=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4591=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4591=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4591=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Manager Proxy 4.2 (x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * squashfs-debuginfo-4.6.1-150300.3.3.1 * squashfs-debugsource-4.6.1-150300.3.3.1 * squashfs-4.6.1-150300.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2015-4645.html * https://www.suse.com/security/cve/CVE-2015-4646.html * https://www.suse.com/security/cve/CVE-2021-40153.html * https://www.suse.com/security/cve/CVE-2021-41072.html * https://bugzilla.suse.com/show_bug.cgi?id=1189936 * https://bugzilla.suse.com/show_bug.cgi?id=1190531 * https://bugzilla.suse.com/show_bug.cgi?id=935380

1 0

SUSE-SU-2023:4551-1: important: Security update for MozillaFirefox
by security＠lists.opensuse.org 27 Nov '23

27 Nov '23

# Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:4551-1 Rating: important References: * bsc#1216338 * bsc#1217230 Cross-References: * CVE-2023-5721 * CVE-2023-5724 * CVE-2023-5725 * CVE-2023-5726 * CVE-2023-5727 * CVE-2023-5728 * CVE-2023-5730 * CVE-2023-5732 CVSS scores: * CVE-2023-5721 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5721 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5724 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5724 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5725 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2023-5726 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5726 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-5727 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2023-5728 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5730 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5730 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-5732 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2023-5732 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves eight vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230) * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338) * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack * CVE-2023-5732: Address bar spoofing via bidirectional characters * CVE-2023-5724: Large WebGL draw could have led to a crash * CVE-2023-5725: WebExtensions could open arbitrary URLs * CVE-2023-5726: Full screen notification obscured by file open dialog on macOS * CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4551=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4551=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4551=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4551=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4551=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4551=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4551=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4551=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4551=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4551=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4551=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4551=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-branding-upstream-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-branding-upstream-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-translations-other-115.5.0-150200.152.117.1 * MozillaFirefox-115.5.0-150200.152.117.1 * MozillaFirefox-translations-common-115.5.0-150200.152.117.1 * MozillaFirefox-debugsource-115.5.0-150200.152.117.1 * MozillaFirefox-debuginfo-115.5.0-150200.152.117.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.5.0-150200.152.117.1 ## References: * https://www.suse.com/security/cve/CVE-2023-5721.html * https://www.suse.com/security/cve/CVE-2023-5724.html * https://www.suse.com/security/cve/CVE-2023-5725.html * https://www.suse.com/security/cve/CVE-2023-5726.html * https://www.suse.com/security/cve/CVE-2023-5727.html * https://www.suse.com/security/cve/CVE-2023-5728.html * https://www.suse.com/security/cve/CVE-2023-5730.html * https://www.suse.com/security/cve/CVE-2023-5732.html * https://bugzilla.suse.com/show_bug.cgi?id=1216338 * https://bugzilla.suse.com/show_bug.cgi?id=1217230

1 0

SUSE-SU-2023:4544-1: important: Security update for squid
by security＠lists.opensuse.org 27 Nov '23

27 Nov '23

# Security update for squid Announcement ID: SUSE-SU-2023:4544-1 Rating: important References: * bsc#1216926 * bsc#1217274 Cross-References: * CVE-2023-46728 CVSS scores: * CVE-2023-46728 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-46728 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support (bsc#1216926). * Fixed overread in HTTP request header parsing (bsc#1217274). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4544=1 openSUSE-SLE-15.4-2023-4544=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4544=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4544=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4544=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * squid-5.7-150400.3.15.1 * squid-debuginfo-5.7-150400.3.15.1 * squid-debugsource-5.7-150400.3.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46728.html * https://bugzilla.suse.com/show_bug.cgi?id=1216926 * https://bugzilla.suse.com/show_bug.cgi?id=1217274

1 0

SUSE-SU-2023:4548-1: moderate: Security update for fdo-client
by security＠lists.opensuse.org 27 Nov '23

27 Nov '23

# Security update for fdo-client Announcement ID: SUSE-SU-2023:4548-1 Rating: moderate References: * bsc#1216293 Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that has one security fix can now be installed. ## Description: This update for fdo-client fixes the following issues: * Removed build key via utils/keys_gen.sh. (bsc#1216293) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4548=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4548=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4548=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216293

1 0

SUSE-SU-2023:4562-1: moderate: Security update for poppler
by security＠lists.opensuse.org 27 Nov '23

27 Nov '23

# Security update for poppler Announcement ID: SUSE-SU-2023:4562-1 Rating: moderate References: * bsc#1128114 * bsc#1214256 * bsc#1214726 Cross-References: * CVE-2019-9545 * CVE-2020-36023 * CVE-2022-37052 CVSS scores: * CVE-2019-9545 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2019-9545 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2020-36023 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2020-36023 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-37052 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2019-9545: Fixed an uncontrolled recursion issue that could cause a crash (bsc#1128114). * CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726). * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4562=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4562=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-4562=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4562=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4562=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4562=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * SUSE Manager Proxy 4.2 (x86_64) * libpoppler-glib-devel-0.79.0-150200.3.26.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.26.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler-devel-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler-cpp0-0.79.0-150200.3.26.1 * poppler-tools-0.79.0-150200.3.26.1 * libpoppler-glib8-0.79.0-150200.3.26.1 * poppler-tools-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.26.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libpoppler-glib-devel-0.79.0-150200.3.26.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.26.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler-devel-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler-cpp0-0.79.0-150200.3.26.1 * poppler-tools-0.79.0-150200.3.26.1 * libpoppler-glib8-0.79.0-150200.3.26.1 * poppler-tools-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.26.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libpoppler-glib-devel-0.79.0-150200.3.26.1 * libpoppler-cpp0-debuginfo-0.79.0-150200.3.26.1 * libpoppler-glib8-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler-devel-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler-cpp0-0.79.0-150200.3.26.1 * poppler-tools-0.79.0-150200.3.26.1 * libpoppler-glib8-0.79.0-150200.3.26.1 * poppler-tools-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * typelib-1_0-Poppler-0_18-0.79.0-150200.3.26.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 * openSUSE Leap 15.4 (x86_64) * libpoppler89-32bit-0.79.0-150200.3.26.1 * libpoppler89-32bit-debuginfo-0.79.0-150200.3.26.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler89-debuginfo-0.79.0-150200.3.26.1 * poppler-debugsource-0.79.0-150200.3.26.1 * libpoppler89-0.79.0-150200.3.26.1 ## References: * https://www.suse.com/security/cve/CVE-2019-9545.html * https://www.suse.com/security/cve/CVE-2020-36023.html * https://www.suse.com/security/cve/CVE-2022-37052.html * https://bugzilla.suse.com/show_bug.cgi?id=1128114 * https://bugzilla.suse.com/show_bug.cgi?id=1214256 * https://bugzilla.suse.com/show_bug.cgi?id=1214726

1 0

SUSE-SU-2023:4549-1: moderate: Security update for fdo-client
by security＠lists.opensuse.org 27 Nov '23

27 Nov '23

# Security update for fdo-client Announcement ID: SUSE-SU-2023:4549-1 Rating: moderate References: * bsc#1216293 Affected Products: * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one security fix can now be installed. ## Description: This update for fdo-client fixes the following issues: * Removed build key via utils/keys_gen.sh. (bsc#1216293) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4549=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4549=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4549=1 ## Package List: * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * fdo-client-devel-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debuginfo-1.0.0+git20210816.baa09b5-150400.3.3.1 * fdo-client-debugsource-1.0.0+git20210816.baa09b5-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1216293

1 0

SUSE-SU-2023:4561-1: important: Security update for webkit2gtk3
by security＠lists.opensuse.org 27 Nov '23

27 Nov '23

# Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:4561-1 Rating: important References: * bsc#1217210 Cross-References: * CVE-2022-32919 * CVE-2022-32933 * CVE-2022-46705 * CVE-2022-46725 * CVE-2023-32359 * CVE-2023-41983 * CVE-2023-42852 CVSS scores: * CVE-2022-46705 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46705 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2022-46725 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-32359 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-32359 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-41983 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-41983 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-42852 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-42852 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 (bsc#1217210): * CVE-2023-41983: Processing web content may lead to a denial-of-service. * CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: * CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4). * CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0). * CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4). * CVE-2023-32359: A userâ€™s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4561=1 openSUSE-SLE-15.4-2023-4561=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4561=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4561=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4561=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4561=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4561=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4561=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4561=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-devel-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * webkit-jsc-6.0-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-6.0-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * webkit-jsc-4.1-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-debuginfo-2.42.2-150400.4.64.2 * webkit-jsc-4-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-2.42.2-150400.4.64.2 * typelib-1_0-WebKit-6_0-2.42.2-150400.4.64.2 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * webkit-jsc-4.1-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-4-debuginfo-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * openSUSE Leap 15.4 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-2.42.2-150400.4.64.2 * openSUSE Leap 15.4 (aarch64_ilp32) * libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-64bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk4-devel-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * webkit-jsc-6.0-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-6.0-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * webkit-jsc-4.1-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit-jsc-4-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk3-minibrowser-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * webkit2gtk4-minibrowser-2.42.2-150400.4.64.2 * typelib-1_0-WebKit-6_0-2.42.2-150400.4.64.2 * typelib-1_0-WebKitWebProcessExtension-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * webkit-jsc-4.1-debuginfo-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-6_0-2.42.2-150400.4.64.2 * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * webkit-jsc-4-debuginfo-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-minibrowser-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (x86_64) * libjavascriptcoregtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-32bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.42.2-150400.4.64.2 * openSUSE Leap 15.5 (aarch64_ilp32) * libwebkit2gtk-4_0-37-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.42.2-150400.4.64.2 * Basesystem Module 15-SP4 (noarch) * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * Basesystem Module 15-SP5 (noarch) * WebKitGTK-4.0-lang-2.42.2-150400.4.64.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_0-37-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-2.42.2-150400.4.64.2 * webkit2gtk-4_0-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_0-2.42.2-150400.4.64.2 * webkit2gtk3-soup2-debugsource-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_0-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP4 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP5 (noarch) * WebKitGTK-4.1-lang-2.42.2-150400.4.64.2 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-debuginfo-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2WebExtension-4_1-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-2.42.2-150400.4.64.2 * typelib-1_0-JavaScriptCore-4_1-2.42.2-150400.4.64.2 * typelib-1_0-WebKit2-4_1-2.42.2-150400.4.64.2 * libwebkit2gtk-4_1-0-2.42.2-150400.4.64.2 * webkit2gtk3-devel-2.42.2-150400.4.64.2 * webkit2gtk-4_1-injected-bundles-debuginfo-2.42.2-150400.4.64.2 * libjavascriptcoregtk-4_1-0-2.42.2-150400.4.64.2 * Development Tools Module 15-SP4 (noarch) * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 * Development Tools Module 15-SP5 (noarch) * WebKitGTK-6.0-lang-2.42.2-150400.4.64.2 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-6_0-1-debuginfo-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-2.42.2-150400.4.64.2 * webkit2gtk4-debugsource-2.42.2-150400.4.64.2 * webkitgtk-6_0-injected-bundles-2.42.2-150400.4.64.2 * libjavascriptcoregtk-6_0-1-2.42.2-150400.4.64.2 * libwebkitgtk-6_0-4-debuginfo-2.42.2-150400.4.64.2 ## References: * https://www.suse.com/security/cve/CVE-2022-32919.html * https://www.suse.com/security/cve/CVE-2022-32933.html * https://www.suse.com/security/cve/CVE-2022-46705.html * https://www.suse.com/security/cve/CVE-2022-46725.html * https://www.suse.com/security/cve/CVE-2023-32359.html * https://www.suse.com/security/cve/CVE-2023-41983.html * https://www.suse.com/security/cve/CVE-2023-42852.html * https://bugzilla.suse.com/show_bug.cgi?id=1217210

1 0

SUSE-SU-2023:4557-1: important: Security update for vim
by security＠lists.opensuse.org 27 Nov '23

27 Nov '23

# Security update for vim Announcement ID: SUSE-SU-2023:4557-1 Rating: important References: * bsc#1214922 * bsc#1214924 * bsc#1214925 * bsc#1215004 * bsc#1215006 * bsc#1215033 * bsc#1215940 * bsc#1216001 * bsc#1216167 * bsc#1216696 Cross-References: * CVE-2023-46246 * CVE-2023-4733 * CVE-2023-4734 * CVE-2023-4735 * CVE-2023-4738 * CVE-2023-4752 * CVE-2023-4781 * CVE-2023-5344 * CVE-2023-5441 * CVE-2023-5535 CVSS scores: * CVE-2023-46246 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-46246 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-4733 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2023-4733 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4733 ( NVD ): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4734 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-4734 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4734 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4735 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2023-4735 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4735 ( NVD ): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-4738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4738 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4738 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4752 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-4781 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5344 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5344 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5344 ( NVD ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-5441 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-5441 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-5535 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-5535 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for vim fixes the following issues: Updated to version 9.0 with patch level 2103, fixes the following security problems * CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) * CVE-2023-5441: vim: segfault in exmode when redrawing (bsc#1216001) * CVE-2023-5535: vim: use-after-free from buf_contents_changed() (bsc#1216167) * CVE-2023-46246: vim: Integer Overflow in :history command (bsc#1216696) * CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both (bsc#1214922) * CVE-2023-4735: vim: OOB Write ops.c (bsc#1214924) * CVE-2023-4734: vim: segmentation fault in function f_fullcommand (bsc#1214925) * CVE-2023-4733: vim: use-after-free in function buflist_altfpos (bsc#1215004) * CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp (bsc#1215006) * CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both (bsc#1215033) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4557=1 openSUSE-SLE-15.5-2023-4557=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4557=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4557=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4557=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * vim-9.0.2103-150500.20.6.1 * gvim-debuginfo-9.0.2103-150500.20.6.1 * vim-small-9.0.2103-150500.20.6.1 * gvim-9.0.2103-150500.20.6.1 * vim-debugsource-9.0.2103-150500.20.6.1 * vim-small-debuginfo-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * openSUSE Leap 15.5 (noarch) * vim-data-9.0.2103-150500.20.6.1 * vim-data-common-9.0.2103-150500.20.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * vim-data-common-9.0.2103-150500.20.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * vim-debugsource-9.0.2103-150500.20.6.1 * vim-small-debuginfo-9.0.2103-150500.20.6.1 * vim-small-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * vim-9.0.2103-150500.20.6.1 * vim-small-9.0.2103-150500.20.6.1 * vim-debugsource-9.0.2103-150500.20.6.1 * vim-small-debuginfo-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * Basesystem Module 15-SP5 (noarch) * vim-data-9.0.2103-150500.20.6.1 * vim-data-common-9.0.2103-150500.20.6.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * vim-debugsource-9.0.2103-150500.20.6.1 * gvim-debuginfo-9.0.2103-150500.20.6.1 * vim-debuginfo-9.0.2103-150500.20.6.1 * gvim-9.0.2103-150500.20.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46246.html * https://www.suse.com/security/cve/CVE-2023-4733.html * https://www.suse.com/security/cve/CVE-2023-4734.html * https://www.suse.com/security/cve/CVE-2023-4735.html * https://www.suse.com/security/cve/CVE-2023-4738.html * https://www.suse.com/security/cve/CVE-2023-4752.html * https://www.suse.com/security/cve/CVE-2023-4781.html * https://www.suse.com/security/cve/CVE-2023-5344.html * https://www.suse.com/security/cve/CVE-2023-5441.html * https://www.suse.com/security/cve/CVE-2023-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1214922 * https://bugzilla.suse.com/show_bug.cgi?id=1214924 * https://bugzilla.suse.com/show_bug.cgi?id=1214925 * https://bugzilla.suse.com/show_bug.cgi?id=1215004 * https://bugzilla.suse.com/show_bug.cgi?id=1215006 * https://bugzilla.suse.com/show_bug.cgi?id=1215033 * https://bugzilla.suse.com/show_bug.cgi?id=1215940 * https://bugzilla.suse.com/show_bug.cgi?id=1216001 * https://bugzilla.suse.com/show_bug.cgi?id=1216167 * https://bugzilla.suse.com/show_bug.cgi?id=1216696

1 0

openSUSE-SU-2023:0379-1: important: Security update for gstreamer-plugins-bad
by opensuse-security＠opensuse.org 26 Nov '23

26 Nov '23

openSUSE Security Update: Security update for gstreamer-plugins-bad ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0379-1 Rating: important References: #1213126 Cross-References: CVE-2023-37329 CVSS scores: CVE-2023-37329 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4 openSUSE Leap 15.5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-37329: Fixed GStreamer SRT File Parsing Heap-based Buffer Overflow (bsc#1213126). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.5: zypper in -t patch openSUSE-2023-379=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-2023-379=1 Package List: - openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64): gstreamer-plugins-bad-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-chromaprint-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-debuginfo-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-debugsource-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-devel-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-fluidsynth-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-fluidsynth-debuginfo-1.22.0-lp155.3.4.1 gstreamer-transcoder-1.22.0-lp155.3.4.1 gstreamer-transcoder-debuginfo-1.22.0-lp155.3.4.1 gstreamer-transcoder-devel-1.22.0-lp155.3.4.1 libgstadaptivedemux-1_0-0-1.22.0-lp155.3.4.1 libgstadaptivedemux-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstbadaudio-1_0-0-1.22.0-lp155.3.4.1 libgstbadaudio-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstbasecamerabinsrc-1_0-0-1.22.0-lp155.3.4.1 libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstcodecparsers-1_0-0-1.22.0-lp155.3.4.1 libgstcodecparsers-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstcodecs-1_0-0-1.22.0-lp155.3.4.1 libgstcodecs-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstcuda-1_0-0-1.22.0-lp155.3.4.1 libgstcuda-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstinsertbin-1_0-0-1.22.0-lp155.3.4.1 libgstinsertbin-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstisoff-1_0-0-1.22.0-lp155.3.4.1 libgstisoff-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstmpegts-1_0-0-1.22.0-lp155.3.4.1 libgstmpegts-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstphotography-1_0-0-1.22.0-lp155.3.4.1 libgstphotography-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstplay-1_0-0-1.22.0-lp155.3.4.1 libgstplay-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstplayer-1_0-0-1.22.0-lp155.3.4.1 libgstplayer-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstsctp-1_0-0-1.22.0-lp155.3.4.1 libgstsctp-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgsttranscoder-1_0-0-1.22.0-lp155.3.4.1 libgsttranscoder-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgsturidownloader-1_0-0-1.22.0-lp155.3.4.1 libgsturidownloader-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstva-1_0-0-1.22.0-lp155.3.4.1 libgstva-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstvulkan-1_0-0-1.22.0-lp155.3.4.1 libgstvulkan-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstwayland-1_0-0-1.22.0-lp155.3.4.1 libgstwayland-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstwebrtc-1_0-0-1.22.0-lp155.3.4.1 libgstwebrtc-1_0-0-debuginfo-1.22.0-lp155.3.4.1 libgstwebrtcnice-1_0-0-1.22.0-lp155.3.4.1 libgstwebrtcnice-1_0-0-debuginfo-1.22.0-lp155.3.4.1 typelib-1_0-CudaGst-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstBadAudio-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstCodecs-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstCuda-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstInsertBin-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstMpegts-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstPlay-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstPlayer-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstTranscoder-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstVa-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstVulkan-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstVulkanWayland-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstVulkanXCB-1_0-1.22.0-lp155.3.4.1 typelib-1_0-GstWebRTC-1_0-1.22.0-lp155.3.4.1 - openSUSE Leap 15.5 (aarch64_ilp32): gstreamer-plugins-bad-64bit-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-64bit-debuginfo-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-chromaprint-64bit-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-fluidsynth-64bit-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-fluidsynth-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstadaptivedemux-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstbadaudio-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstcodecparsers-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstcodecs-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstcuda-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstcuda-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstinsertbin-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstisoff-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstisoff-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstmpegts-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstphotography-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstphotography-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstplay-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstplay-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstplayer-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstplayer-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstsctp-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstsctp-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgsturidownloader-1_0-0-64bit-1.22.0-lp155.3.4.1 libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstva-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstva-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstvulkan-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstwayland-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstwayland-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstwebrtc-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 libgstwebrtcnice-1_0-0-64bit-1.22.0-lp155.3.4.1 libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-lp155.3.4.1 - openSUSE Leap 15.5 (noarch): gstreamer-plugins-bad-lang-1.22.0-lp155.3.4.1 - openSUSE Leap 15.5 (x86_64): gstreamer-plugins-bad-32bit-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-32bit-debuginfo-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-chromaprint-32bit-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-fluidsynth-32bit-1.22.0-lp155.3.4.1 gstreamer-plugins-bad-fluidsynth-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstadaptivedemux-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstbadaudio-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstcodecparsers-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstcodecs-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstcuda-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstcuda-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstinsertbin-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstisoff-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstisoff-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstmpegts-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstphotography-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstphotography-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstplay-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstplay-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstplayer-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstplayer-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstsctp-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstsctp-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgsturidownloader-1_0-0-32bit-1.22.0-lp155.3.4.1 libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstva-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstva-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstvulkan-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstwayland-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstwayland-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstwebrtc-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 libgstwebrtcnice-1_0-0-32bit-1.22.0-lp155.3.4.1 libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-lp155.3.4.1 - openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64): gstreamer-plugins-bad-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-chromaprint-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-chromaprint-debuginfo-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-debuginfo-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-debugsource-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-devel-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-fluidsynth-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-fluidsynth-debuginfo-1.20.1-lp154.2.4.1 gstreamer-transcoder-1.20.1-lp154.2.4.1 gstreamer-transcoder-debuginfo-1.20.1-lp154.2.4.1 gstreamer-transcoder-devel-1.20.1-lp154.2.4.1 libgstadaptivedemux-1_0-0-1.20.1-lp154.2.4.1 libgstadaptivedemux-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstbadaudio-1_0-0-1.20.1-lp154.2.4.1 libgstbadaudio-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstbasecamerabinsrc-1_0-0-1.20.1-lp154.2.4.1 libgstbasecamerabinsrc-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstcodecparsers-1_0-0-1.20.1-lp154.2.4.1 libgstcodecparsers-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstcodecs-1_0-0-1.20.1-lp154.2.4.1 libgstcodecs-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstinsertbin-1_0-0-1.20.1-lp154.2.4.1 libgstinsertbin-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstisoff-1_0-0-1.20.1-lp154.2.4.1 libgstisoff-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstmpegts-1_0-0-1.20.1-lp154.2.4.1 libgstmpegts-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstphotography-1_0-0-1.20.1-lp154.2.4.1 libgstphotography-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstplay-1_0-0-1.20.1-lp154.2.4.1 libgstplay-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstplayer-1_0-0-1.20.1-lp154.2.4.1 libgstplayer-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstsctp-1_0-0-1.20.1-lp154.2.4.1 libgstsctp-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgsttranscoder-1_0-0-1.20.1-lp154.2.4.1 libgsttranscoder-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgsturidownloader-1_0-0-1.20.1-lp154.2.4.1 libgsturidownloader-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstva-1_0-0-1.20.1-lp154.2.4.1 libgstva-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstvulkan-1_0-0-1.20.1-lp154.2.4.1 libgstvulkan-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstwayland-1_0-0-1.20.1-lp154.2.4.1 libgstwayland-1_0-0-debuginfo-1.20.1-lp154.2.4.1 libgstwebrtc-1_0-0-1.20.1-lp154.2.4.1 libgstwebrtc-1_0-0-debuginfo-1.20.1-lp154.2.4.1 typelib-1_0-GstBadAudio-1_0-1.20.1-lp154.2.4.1 typelib-1_0-GstCodecs-1_0-1.20.1-lp154.2.4.1 typelib-1_0-GstInsertBin-1_0-1.20.1-lp154.2.4.1 typelib-1_0-GstMpegts-1_0-1.20.1-lp154.2.4.1 typelib-1_0-GstPlay-1_0-1.20.1-lp154.2.4.1 typelib-1_0-GstPlayer-1_0-1.20.1-lp154.2.4.1 typelib-1_0-GstTranscoder-1_0-1.20.1-lp154.2.4.1 typelib-1_0-GstVulkan-1_0-1.20.1-lp154.2.4.1 typelib-1_0-GstVulkanWayland-1_0-1.20.1-lp154.2.4.1 typelib-1_0-GstVulkanXCB-1_0-1.20.1-lp154.2.4.1 typelib-1_0-GstWebRTC-1_0-1.20.1-lp154.2.4.1 - openSUSE Leap 15.4 (aarch64_ilp32): gstreamer-plugins-bad-64bit-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-64bit-debuginfo-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-chromaprint-64bit-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-fluidsynth-64bit-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-fluidsynth-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstadaptivedemux-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstadaptivedemux-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstbadaudio-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstbadaudio-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstbasecamerabinsrc-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstcodecparsers-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstcodecparsers-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstcodecs-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstcodecs-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstinsertbin-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstinsertbin-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstisoff-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstisoff-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstmpegts-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstmpegts-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstphotography-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstphotography-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstplay-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstplay-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstplayer-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstplayer-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstsctp-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstsctp-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgsturidownloader-1_0-0-64bit-1.20.1-lp154.2.4.1 libgsturidownloader-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstva-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstva-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstvulkan-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstvulkan-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstwayland-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstwayland-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 libgstwebrtc-1_0-0-64bit-1.20.1-lp154.2.4.1 libgstwebrtc-1_0-0-64bit-debuginfo-1.20.1-lp154.2.4.1 - openSUSE Leap 15.4 (x86_64): gstreamer-plugins-bad-32bit-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-32bit-debuginfo-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-chromaprint-32bit-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-fluidsynth-32bit-1.20.1-lp154.2.4.1 gstreamer-plugins-bad-fluidsynth-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstadaptivedemux-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstadaptivedemux-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstbadaudio-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstbadaudio-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstbasecamerabinsrc-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstcodecparsers-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstcodecparsers-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstcodecs-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstcodecs-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstinsertbin-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstinsertbin-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstisoff-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstisoff-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstmpegts-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstmpegts-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstphotography-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstphotography-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstplay-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstplay-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstplayer-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstplayer-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstsctp-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstsctp-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgsturidownloader-1_0-0-32bit-1.20.1-lp154.2.4.1 libgsturidownloader-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstva-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstva-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstvulkan-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstvulkan-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstwayland-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstwayland-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 libgstwebrtc-1_0-0-32bit-1.20.1-lp154.2.4.1 libgstwebrtc-1_0-0-32bit-debuginfo-1.20.1-lp154.2.4.1 - openSUSE Leap 15.4 (noarch): gstreamer-plugins-bad-lang-1.20.1-lp154.2.4.1 References: https://www.suse.com/security/cve/CVE-2023-37329.html https://bugzilla.suse.com/1213126

1 0

SUSE-SU-2023:4537-1: moderate: Security update for libxml2
by security＠lists.opensuse.org 23 Nov '23

23 Nov '23

# Security update for libxml2 Announcement ID: SUSE-SU-2023:4537-1 Rating: moderate References: * bsc#1216129 Cross-References: * CVE-2023-45322 CVSS scores: * CVE-2023-45322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-45322 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Python 3 Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4537=1 openSUSE-SLE-15.4-2023-4537=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4537=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4537=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4537=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4537=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4537=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4537=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4537=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-4537=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-devel-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python311-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python311-libxml2-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * openSUSE Leap 15.4 (x86_64) * libxml2-2-32bit-debuginfo-2.9.14-150400.5.25.1 * libxml2-2-32bit-2.9.14-150400.5.25.1 * libxml2-devel-32bit-2.9.14-150400.5.25.1 * openSUSE Leap 15.4 (noarch) * libxml2-doc-2.9.14-150400.5.25.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libxml2-devel-64bit-2.9.14-150400.5.25.1 * libxml2-2-64bit-debuginfo-2.9.14-150400.5.25.1 * libxml2-2-64bit-2.9.14-150400.5.25.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-python-debugsource-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libxml2-tools-2.9.14-150400.5.25.1 * libxml2-2-2.9.14-150400.5.25.1 * libxml2-devel-2.9.14-150400.5.25.1 * libxml2-2-debuginfo-2.9.14-150400.5.25.1 * libxml2-debugsource-2.9.14-150400.5.25.1 * libxml2-tools-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-debuginfo-2.9.14-150400.5.25.1 * python3-libxml2-2.9.14-150400.5.25.1 * Basesystem Module 15-SP4 (x86_64) * libxml2-2-32bit-debuginfo-2.9.14-150400.5.25.1 * libxml2-2-32bit-2.9.14-150400.5.25.1 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python311-libxml2-debuginfo-2.9.14-150400.5.25.1 * python311-libxml2-2.9.14-150400.5.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45322.html * https://bugzilla.suse.com/show_bug.cgi?id=1216129

1 0