August 2023 - openSUSE Security Announce

SUSE-SU-2023:3172-1: important: Security update for the Linux Kernel
by security＠lists.opensuse.org 03 Aug '23

03 Aug '23

# Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:3172-1 Rating: important References: * #1150305 * #1193629 * #1194869 * #1207894 * #1208788 * #1211243 * #1211867 * #1212256 * #1212301 * #1212525 * #1212846 * #1212905 * #1213059 * #1213061 * #1213205 * #1213206 * #1213226 * #1213233 * #1213245 * #1213247 * #1213252 * #1213258 * #1213259 * #1213263 * #1213264 * #1213286 * #1213493 * #1213523 * #1213524 * #1213533 * #1213543 * #1213705 Cross-References: * CVE-2023-20593 * CVE-2023-2985 * CVE-2023-3117 * CVE-2023-31248 * CVE-2023-3390 * CVE-2023-35001 * CVE-2023-3812 CVSS scores: * CVE-2023-20593 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-20593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2985 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2985 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3117 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3117 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31248 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3390 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-3812 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Development Tools Module 15-SP5 * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves seven vulnerabilities, contains two features and has 25 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). * CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). * CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). * CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). * CVE-2023-20593: Fixed a ZenBleed issue in "Zen 2" CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). * CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). * CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). The following non-security bugs were fixed: * Dropped patch that caused issues with k3s (bsc#1213705). * ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices (git- fixes). * ASoC: SOF: topology: Fix logic for copying tuples (git-fixes). * Bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG (git- fixes). * Bluetooth: ISO: consider right CIS when removing CIG at cleanup (git-fixes). * Bluetooth: ISO: fix iso_conn related locking and validity issues (git- fixes). * Bluetooth: ISO: use hci_sync for setting CIG parameters (git-fixes). * Bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes). * Bluetooth: fix use-bdaddr-property quirk (git-fixes). * Bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes). * Bluetooth: hci_event: call disconnect callback before deleting conn (git- fixes). * Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() (git-fixes). * Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync (git- fixes). * Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758) * PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (bsc#1212525). * PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain() (git- fixes). * Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git- fixes) * Revert "drm/i915: Disable DSB usage for now" (git-fixes). * USB: dwc2: Fix some error handling paths (git-fixes). * USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes). * USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes). * USB: typec: Fix fast_role_swap_current show function (git-fixes). * Update config and supported.conf files due to renaming. * acpi: Fix suspend with Xen PV (git-fixes). * adreno: Shutdown the GPU properly (git-fixes). * arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes) * arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git- fixes) * arm64: vdso: Pass (void *) to virt_to_page() (git-fixes) * arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes) * can: bcm: Fix UAF in bcm_proc_show() (git-fixes). * ceph: add a dedicated private data for netfs rreq (bsc#1213205). * ceph: fix blindly expanding the readahead windows (bsc#1213206). * cifs: add a warning when the in-flight count goes negative (bsc#1193629). * cifs: address unused variable warning (bsc#1193629). * cifs: do all necessary checks for credits within or before locking (bsc#1193629). * cifs: fix lease break oops in xfstest generic/098 (bsc#1193629). * cifs: fix max_credits implementation (bsc#1193629). * cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629). * cifs: fix session state check in smb2_find_smb_ses (bsc#1193629). * cifs: fix session state transition to avoid use-after-free issue (bsc#1193629). * cifs: fix sockaddr comparison in iface_cmp (bsc#1193629). * cifs: fix status checks in cifs_tree_connect (bsc#1193629). * cifs: log session id when a matching ses is not found (bsc#1193629). * cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629). * cifs: prevent use-after-free by freeing the cfile later (bsc#1193629). * cifs: print all credit counters in DebugData (bsc#1193629). * cifs: print client_guid in DebugData (bsc#1193629). * cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629). * cifs: print nosharesock value while dumping mount options (bsc#1193629). * codel: fix kernel-doc notation warnings (git-fixes). * cpufreq: tegra194: Fix module loading (git-fixes). * devlink: fix kernel-doc notation warnings (git-fixes). * dma-buf/dma-resv: Stop leaking on krealloc() failure (git-fixes). * drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes). * drm/amd/amdgpu: limit one queue per gang (git-fixes). * drm/amd/amdgpu: update mes11 api def (git-fixes). * drm/amd/display (gcc13): fix enum mismatch (git-fixes). * drm/amd/display: Add Z8 allow states to z-state support list (git-fixes). * drm/amd/display: Add debug option to skip PSR CRTC disable (git-fixes). * drm/amd/display: Add minimum Z8 residency debug option (git-fixes). * drm/amd/display: Add missing WA and MCLK validation (git-fixes). * drm/amd/display: Change default Z8 watermark values (git-fixes). * drm/amd/display: Correct DML calculation to align HW formula (git-fixes). * drm/amd/display: Correct DML calculation to follow HW SPEC (git-fixes). * drm/amd/display: Do not update DRR while BW optimizations pending (git- fixes). * drm/amd/display: Enable HostVM based on rIOMMU active (git-fixes). * drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes (git-fixes). * drm/amd/display: Ensure vmin and vmax adjust for DCE (git-fixes). * drm/amd/display: Fix 4to1 MPC black screen with DPP RCO (git-fixes). * drm/amd/display: Fix Z8 support configurations (git-fixes). * drm/amd/display: Fix a test CalculatePrefetchSchedule() (git-fixes). * drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (git-fixes). * drm/amd/display: Have Payload Properly Created After Resume (git-fixes). * drm/amd/display: Lowering min Z8 residency time (git-fixes). * drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes). * drm/amd/display: Refactor eDP PSR codes (git-fixes). * drm/amd/display: Remove FPU guards from the DML folder (git-fixes). * drm/amd/display: Remove optimization for VRR updates (git-fixes). * drm/amd/display: Remove stutter only configurations (git-fixes). * drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes). * drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes). * drm/amd/display: Update minimum stutter residency for DCN314 Z8 (git-fixes). * drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes). * drm/amd/display: fix PSR-SU/DSC interoperability support (git-fixes). * drm/amd/display: fix a divided-by-zero error (git-fixes). * drm/amd/display: fixed dcn30+ underflow issue (git-fixes). * drm/amd/display: limit timing for single dimm memory (git-fixes). * drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes). * drm/amd/display: set dcn315 lb bpp to 48 (git-fixes). * drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 (git-fixes). * drm/amd/pm: avoid potential UBSAN issue on legacy asics (git-fixes). * drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs (git-fixes). * drm/amd/pm: fix possible power mode mismatch between driver and PMFW (git- fixes). * drm/amd/pm: resolve reboot exception for si oland (git-fixes). * drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (git-fixes). * drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (git-fixes). * drm/amd/pm: workaround for compute workload type on some skus (git-fixes). * drm/amd: Add a new helper for loading/validating microcode (git-fixes). * drm/amd: Do not allow s0ix on APUs older than Raven (git-fixes). * drm/amd: Load MES microcode during early_init (git-fixes). * drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes). * drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (git- fixes). * drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes). * drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes). * drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes). * drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes). * drm/amdgpu/mes11: enable reg active poll (git-fixes). * drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes (git-fixes). * drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git- fixes). * drm/amdgpu: Do not set struct drm_driver.output_poll_changed (git-fixes). * drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes). * drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function (git-fixes). * drm/amdgpu: Fix sdma v4 sw fini error (git-fixes). * drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes). * drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs (git- fixes). * drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes). * drm/amdgpu: change reserved vram info print (git-fixes). * drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes). * drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes). * drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes). * drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes). * drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes). * drm/amdgpu: refine get gpu clock counter method (git-fixes). * drm/amdgpu: remove deprecated MES version vars (git-fixes). * drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes). * drm/amdgpu: set gfx9 onwards APU atomics support to be true (git-fixes). * drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes). * drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes). * drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (git-fixes). * drm/bridge: anx7625: Prevent endless probe loop (git-fixes). * drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (git-fixes). * drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (git-fixes). * drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git- fixes). * drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes). * drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes). * drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes). * drm/client: Fix memory leak in drm_client_target_cloned (git-fixes). * drm/display/dp_mst: Fix payload addition on a disconnected sink (git-fixes). * drm/display: Do not block HDR_OUTPUT_METADATA on unknown EOTF (git-fixes). * drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes). * drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes). * drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage (git-fixes). * drm/etnaviv: move idle mapping reaping into separate function (git-fixes). * drm/etnaviv: reap idle mapping if it does not match the softpin address (git-fixes). * drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs (bsc#1213493). * drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes). * drm/i915/gt: Cleanup partial engine discovery failures (git-fixes). * drm/i915/guc: Add error-capture init warnings when needed (git-fixes). * drm/i915/guc: Fix missing ecodes (git-fixes). * drm/i915/guc: Limit scheduling properties to avoid overflow (git-fixes). * drm/i915/guc: Rename GuC register state capture node to be more obvious (git-fixes). * drm/i915/mtl: update scaler source and destination limits for MTL (git- fixes). * drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (git- fixes). * drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git- fixes). * drm/i915/tc: Fix TC port link ref init for DP MST during HW readout (git- fixes). * drm/i915: Allow panel fixed modes to have differing sync polarities (git- fixes). * drm/i915: Check pipe source size when using skl+ scalers (git-fixes). * drm/i915: Do panel VBT init early if the VBT declares an explicit panel type (git-fixes). * drm/i915: Fix TypeC mode initialization during system resume (git-fixes). * drm/i915: Fix a memory leak with reused mmap_offset (git-fixes). * drm/i915: Fix negative value passed as remaining time (git-fixes). * drm/i915: Fix one wrong caching mode enum usage (git-fixes). * drm/i915: Introduce intel_panel_init_alloc() (git-fixes). * drm/i915: Never return 0 if not all requests retired (git-fixes). * drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes). * drm/i915: Print return value on error (git-fixes). * drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes). * drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (git-fixes). * drm/msm/a5xx: really check for A510 in a5xx_gpu_init (git-fixes). * drm/msm/adreno: Simplify read64/write64 helpers (git-fixes). * drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes). * drm/msm/disp/dpu: get timing engine status from intf status register (git- fixes). * drm/msm/dpu: Add DSC hardware blocks to register snapshot (git-fixes). * drm/msm/dpu: Assign missing writeback log_mask (git-fixes). * drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes). * drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes). * drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register (git- fixes). * drm/msm/hdmi: use devres helper for runtime PM management (git-fixes). * drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (git- fixes). * drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git- fixes). * drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes). * drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes). * drm/ttm: Do not leak a resource on swapout move error (git-fixes). * drm/virtio: Fix memory leak in virtio_gpu_object_create() (git-fixes). * drm/virtio: Simplify error handling of virtio_gpu_object_create() (git- fixes). * drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable implementation (git-fixes). * drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable implementation (git-fixes). * drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable (git-fixes). * drm/vmwgfx: Remove ttm object hashtable (git-fixes). * drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes). * drm/vmwgfx: Write the driver id registers (git-fixes). * drm: Add fixed-point helper to get rounded integer values (git-fixes). * drm: Add missing DP DSC extended capability definitions (git-fixes). * drm: Optimize drm buddy top-down allocation method (git-fixes). * drm: buddy_allocator: Fix buddy allocator init on 32-bit systems (git- fixes). * drm: panel-orientation-quirks: Add quirk for DynaBook K50 (git-fixes). * drm: rcar-du: Add quirk for H3 ES1.x pclk workaround (git-fixes). * drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes). * drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes). * fuse: ioctl: translate ENOSYS in outarg (bsc#1213524). * fuse: revalidate: do not invalidate if interrupted (bsc#1213523). * i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226). * irqchip/gic-v3: Claim iomem resources (bsc#1213533) * irqchip/gicv3: Handle resource request failure consistently (bsc#1213533) * irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533) * kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243). * kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of- tree production drivers * kabi/severities: ignore kABI of i915 module It's exported only for its sub- module, not really used by externals * kabi/severities: ignore kABI of vmwgfx The driver exports a function unnecessarily without used by anyone else. Ignore the kABI changes. * memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905). * net: mana: Add support for vlan tagging (bsc#1212301). * net: phy: prevent stale pointer dereference in phy_init() (git-fixes). * net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (git- fixes). * net: qrtr: start MHI channel after endpoit creation (git-fixes). * nilfs2: reject devices with insufficient block count (git-fixes). * ocfs2: Switch to security_inode_init_security() (git-fixes). * ocfs2: check new file size on fallocate call (git-fixes). * ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes). * perf/x86/amd/core: Always clear status for idx (bsc#1213233). * pie: fix kernel-doc notation warning (git-fixes). * powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869). * powerpc/64s: Fix VAS mm use after free (bsc#1194869). * powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869). * powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869). * powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869). * powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869). * powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross- boundary (bsc#1150305 ltc#176097 git-fixes). * powerpc/mm: Switch obsolete dssall to .long (bsc#1194869). * powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869). * powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869). * powerpc/prom_init: Fix kernel config grep (bsc#1194869). * powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close (jsc#PED-542 git-fixes). * powerpc/secvar: fix refcount leak in format_show() (bsc#1194869). * powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869). * powerpc: clean vdso32 and vdso64 directories (bsc#1194869). * powerpc: define get_cycles macro for arch-override (bsc#1194869). * powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869). * rpm/check-for-config-changes: ignore also RISCV_ISA_ _and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS__. * rsi: remove kernel-doc comment marker (git-fixes). * s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259). * s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258). * s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263). * s390/pci: clean up left over special treatment for function zero (bsc#1212525). * s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525). * s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525). * s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252). * s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264). * s390: discard .interp section (git-fixes bsc#1213247). * security: keys: Modify mismatched function name (git-fixes). * selftests/ir: fix build with ancient kernel headers (git-fixes). * selftests: cgroup: fix unsigned comparison with less than zero (git-fixes). * selftests: forwarding: Fix packet matching in mirroring selftests (git- fixes). * selftests: tc: add 'ct' action kconfig dep (git-fixes). * selftests: tc: add ConnTrack procfs kconfig (git-fixes). * selftests: tc: set timeout to 15 minutes (git-fixes). * signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869). * signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869). * smb3: do not reserve too many oplock credits (bsc#1193629). * smb3: missing null check in SMB2_change_notify (bsc#1193629). * smb: client: fix broken file attrs with nodfs mounts (bsc#1193629). * smb: client: fix missed ses refcounting (git-fixes). * smb: client: fix parsing of source mount option (bsc#1193629). * smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629). * smb: client: fix warning in CIFSFindFirst() (bsc#1193629). * smb: client: fix warning in CIFSFindNext() (bsc#1193629). * smb: client: fix warning in cifs_match_super() (bsc#1193629). * smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629). * smb: client: fix warning in generic_ip_connect() (bsc#1193629). * smb: client: improve DFS mount check (bsc#1193629). * smb: client: remove redundant pointer 'server' (bsc#1193629). * smb: delete an unnecessary statement (bsc#1193629). * smb: move client and server files to common directory fs/smb (bsc#1193629). * smb: remove obsolete comment (bsc#1193629). * soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (git-fixes). * soundwire: cadence: Drain the RX FIFO after an IO timeout (git-fixes). * soundwire: stream: Add missing clear of alloc_slave_rt (git-fixes). * spi: bcm63xx: fix max prepend length (git-fixes). * swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes). * tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git- fixes). * wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes). * wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart (git-fixes). * wifi: ath11k: Add missing check for ioremap (git-fixes). * wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git- fixes). * x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes). * x86/platform/uv: Add platform resolving #defines for misc GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Fix printed information in calc_mmioh_map (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Helper functions for allocating and freeing conversion tables (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Introduce helper function uv_pnode_to_socket (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Remove remaining BUG_ON() and BUG() calls (bsc#1212256 jsc#PED-4718). * x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256 jsc#PED-4718). * x86/platform/uv: Update UV platform code for SNC (bsc#1212256 jsc#PED-4718). * x86/platform/uv: When searching for minimums, start at INT_MAX not 99999 (bsc#1212256 jsc#PED-4718). * x86: Fix .brk attribute in linker script (git-fixes). * xfs: clean up the rtbitmap fsmap backend (git-fixes). * xfs: do not deplete the reserve pool when trying to shrink the fs (git- fixes). * xfs: do not reverse order of items in bulk AIL insertion (git-fixes). * xfs: fix getfsmap reporting past the last rt extent (git-fixes). * xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git- fixes). * xfs: fix interval filtering in multi-step fsmap queries (git-fixes). * xfs: fix logdev fsmap query result filtering (git-fixes). * xfs: fix off-by-one error when the last rt extent is in use (git-fixes). * xfs: fix uninitialized variable access (git-fixes). * xfs: make fsmap backend function key parameters const (git-fixes). * xfs: make the record pointer passed to query_range functions const (git- fixes). * xfs: pass explicit mount pointer to rtalloc query functions (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3172=1 openSUSE-SLE-15.5-2023-3172=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3172=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3172=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-3172=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3172=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-3172=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3172=1 ## Package List: * openSUSE Leap 15.5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (noarch) * kernel-source-5.14.21-150500.55.12.1 * kernel-macros-5.14.21-150500.55.12.1 * kernel-source-vanilla-5.14.21-150500.55.12.1 * kernel-devel-5.14.21-150500.55.12.1 * kernel-docs-html-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (ppc64le x86_64) * kernel-debug-devel-debuginfo-5.14.21-150500.55.12.1 * kernel-debug-livepatch-devel-5.14.21-150500.55.12.1 * kernel-debug-debugsource-5.14.21-150500.55.12.1 * kernel-debug-debuginfo-5.14.21-150500.55.12.1 * kernel-debug-devel-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (x86_64) * kernel-debug-vdso-5.14.21-150500.55.12.1 * kernel-default-vdso-debuginfo-5.14.21-150500.55.12.1 * kernel-default-vdso-5.14.21-150500.55.12.1 * kernel-debug-vdso-debuginfo-5.14.21-150500.55.12.1 * kernel-kvmsmall-vdso-debuginfo-5.14.21-150500.55.12.1 * kernel-kvmsmall-vdso-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debugsource-5.14.21-150500.55.12.1 * kernel-kvmsmall-devel-5.14.21-150500.55.12.1 * kernel-default-base-5.14.21-150500.55.12.1.150500.6.4.2 * kernel-default-base-rebuild-5.14.21-150500.55.12.1.150500.6.4.2 * kernel-kvmsmall-livepatch-devel-5.14.21-150500.55.12.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150500.55.12.1 * kernel-kvmsmall-debuginfo-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-5.14.21-150500.55.12.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.12.1 * kernel-obs-build-debugsource-5.14.21-150500.55.12.1 * dlm-kmp-default-5.14.21-150500.55.12.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.12.1 * kernel-obs-build-5.14.21-150500.55.12.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-extra-5.14.21-150500.55.12.1 * kernel-syms-5.14.21-150500.55.12.1 * kernel-default-optional-5.14.21-150500.55.12.1 * kselftests-kmp-default-5.14.21-150500.55.12.1 * kernel-default-optional-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * reiserfs-kmp-default-5.14.21-150500.55.12.1 * kselftests-kmp-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-extra-debuginfo-5.14.21-150500.55.12.1 * kernel-default-livepatch-devel-5.14.21-150500.55.12.1 * kernel-default-livepatch-5.14.21-150500.55.12.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.12.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.12.1 * ocfs2-kmp-default-5.14.21-150500.55.12.1 * cluster-md-kmp-default-5.14.21-150500.55.12.1 * kernel-obs-qa-5.14.21-150500.55.12.1 * kernel-default-devel-5.14.21-150500.55.12.1 * gfs2-kmp-default-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-1-150500.11.3.2 * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-1-150500.11.3.2 * kernel-livepatch-SLE15-SP5_Update_2-debugsource-1-150500.11.3.2 * openSUSE Leap 15.5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.12.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (nosrc) * dtb-aarch64-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64) * reiserfs-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * dtb-sprd-5.14.21-150500.55.12.1 * dtb-exynos-5.14.21-150500.55.12.1 * dtb-allwinner-5.14.21-150500.55.12.1 * kernel-64kb-extra-debuginfo-5.14.21-150500.55.12.1 * kernel-64kb-devel-5.14.21-150500.55.12.1 * kernel-64kb-livepatch-devel-5.14.21-150500.55.12.1 * dtb-altera-5.14.21-150500.55.12.1 * dtb-arm-5.14.21-150500.55.12.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * kernel-64kb-extra-5.14.21-150500.55.12.1 * kernel-64kb-optional-debuginfo-5.14.21-150500.55.12.1 * dtb-amlogic-5.14.21-150500.55.12.1 * dtb-apple-5.14.21-150500.55.12.1 * kselftests-kmp-64kb-5.14.21-150500.55.12.1 * dtb-socionext-5.14.21-150500.55.12.1 * dtb-xilinx-5.14.21-150500.55.12.1 * dtb-apm-5.14.21-150500.55.12.1 * dlm-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * dtb-lg-5.14.21-150500.55.12.1 * dtb-renesas-5.14.21-150500.55.12.1 * dtb-qcom-5.14.21-150500.55.12.1 * dtb-nvidia-5.14.21-150500.55.12.1 * kernel-64kb-optional-5.14.21-150500.55.12.1 * gfs2-kmp-64kb-5.14.21-150500.55.12.1 * dtb-broadcom-5.14.21-150500.55.12.1 * dtb-cavium-5.14.21-150500.55.12.1 * kernel-64kb-debugsource-5.14.21-150500.55.12.1 * dtb-marvell-5.14.21-150500.55.12.1 * dtb-rockchip-5.14.21-150500.55.12.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * dtb-amd-5.14.21-150500.55.12.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.12.1 * dtb-hisilicon-5.14.21-150500.55.12.1 * ocfs2-kmp-64kb-5.14.21-150500.55.12.1 * dtb-freescale-5.14.21-150500.55.12.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * reiserfs-kmp-64kb-5.14.21-150500.55.12.1 * dlm-kmp-64kb-5.14.21-150500.55.12.1 * dtb-amazon-5.14.21-150500.55.12.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150500.55.12.1 * cluster-md-kmp-64kb-5.14.21-150500.55.12.1 * kernel-64kb-debuginfo-5.14.21-150500.55.12.1 * dtb-mediatek-5.14.21-150500.55.12.1 * openSUSE Leap 15.5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (aarch64 nosrc) * kernel-64kb-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (aarch64) * kernel-64kb-debuginfo-5.14.21-150500.55.12.1 * kernel-64kb-devel-debuginfo-5.14.21-150500.55.12.1 * kernel-64kb-devel-5.14.21-150500.55.12.1 * kernel-64kb-debugsource-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150500.55.12.1.150500.6.4.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150500.55.12.1 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-devel-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (noarch) * kernel-macros-5.14.21-150500.55.12.1 * kernel-devel-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (nosrc s390x) * kernel-zfcpdump-5.14.21-150500.55.12.1 * Basesystem Module 15-SP5 (s390x) * kernel-zfcpdump-debuginfo-5.14.21-150500.55.12.1 * kernel-zfcpdump-debugsource-5.14.21-150500.55.12.1 * Development Tools Module 15-SP5 (noarch nosrc) * kernel-docs-5.14.21-150500.55.12.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.14.21-150500.55.12.1 * kernel-obs-build-debugsource-5.14.21-150500.55.12.1 * kernel-syms-5.14.21-150500.55.12.1 * Development Tools Module 15-SP5 (noarch) * kernel-source-5.14.21-150500.55.12.1 * Legacy Module 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.12.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.14.21-150500.55.12.1 * reiserfs-kmp-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 * SUSE Linux Enterprise Live Patching 15-SP5 (nosrc) * kernel-default-5.14.21-150500.55.12.1 * SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150500_55_12-default-debuginfo-1-150500.11.3.2 * kernel-default-livepatch-devel-5.14.21-150500.55.12.1 * kernel-default-livepatch-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 * kernel-livepatch-5_14_21-150500_55_12-default-1-150500.11.3.2 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-5.14.21-150500.55.12.1 * ocfs2-kmp-default-debuginfo-5.14.21-150500.55.12.1 * dlm-kmp-default-5.14.21-150500.55.12.1 * gfs2-kmp-default-debuginfo-5.14.21-150500.55.12.1 * gfs2-kmp-default-5.14.21-150500.55.12.1 * cluster-md-kmp-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 * ocfs2-kmp-default-5.14.21-150500.55.12.1 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * cluster-md-kmp-default-5.14.21-150500.55.12.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.12.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (nosrc) * kernel-default-5.14.21-150500.55.12.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150500.55.12.1 * kernel-default-debuginfo-5.14.21-150500.55.12.1 * kernel-default-extra-5.14.21-150500.55.12.1 * kernel-default-debugsource-5.14.21-150500.55.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20593.html * https://www.suse.com/security/cve/CVE-2023-2985.html * https://www.suse.com/security/cve/CVE-2023-3117.html * https://www.suse.com/security/cve/CVE-2023-31248.html * https://www.suse.com/security/cve/CVE-2023-3390.html * https://www.suse.com/security/cve/CVE-2023-35001.html * https://www.suse.com/security/cve/CVE-2023-3812.html * https://bugzilla.suse.com/show_bug.cgi?id=1150305 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1194869 * https://bugzilla.suse.com/show_bug.cgi?id=1207894 * https://bugzilla.suse.com/show_bug.cgi?id=1208788 * https://bugzilla.suse.com/show_bug.cgi?id=1211243 * https://bugzilla.suse.com/show_bug.cgi?id=1211867 * https://bugzilla.suse.com/show_bug.cgi?id=1212256 * https://bugzilla.suse.com/show_bug.cgi?id=1212301 * https://bugzilla.suse.com/show_bug.cgi?id=1212525 * https://bugzilla.suse.com/show_bug.cgi?id=1212846 * https://bugzilla.suse.com/show_bug.cgi?id=1212905 * https://bugzilla.suse.com/show_bug.cgi?id=1213059 * https://bugzilla.suse.com/show_bug.cgi?id=1213061 * https://bugzilla.suse.com/show_bug.cgi?id=1213205 * https://bugzilla.suse.com/show_bug.cgi?id=1213206 * https://bugzilla.suse.com/show_bug.cgi?id=1213226 * https://bugzilla.suse.com/show_bug.cgi?id=1213233 * https://bugzilla.suse.com/show_bug.cgi?id=1213245 * https://bugzilla.suse.com/show_bug.cgi?id=1213247 * https://bugzilla.suse.com/show_bug.cgi?id=1213252 * https://bugzilla.suse.com/show_bug.cgi?id=1213258 * https://bugzilla.suse.com/show_bug.cgi?id=1213259 * https://bugzilla.suse.com/show_bug.cgi?id=1213263 * https://bugzilla.suse.com/show_bug.cgi?id=1213264 * https://bugzilla.suse.com/show_bug.cgi?id=1213286 * https://bugzilla.suse.com/show_bug.cgi?id=1213493 * https://bugzilla.suse.com/show_bug.cgi?id=1213523 * https://bugzilla.suse.com/show_bug.cgi?id=1213524 * https://bugzilla.suse.com/show_bug.cgi?id=1213533 * https://bugzilla.suse.com/show_bug.cgi?id=1213543 * https://bugzilla.suse.com/show_bug.cgi?id=1213705 * https://jira.suse.com/browse/PED-4718 * https://jira.suse.com/browse/PED-4758

1 0

SUSE-SU-2023:3168-1: moderate: Security update for poppler
by security＠lists.opensuse.org 02 Aug '23

02 Aug '23

# Security update for poppler Announcement ID: SUSE-SU-2023:3168-1 Rating: moderate References: * #1199272 Cross-References: * CVE-2022-27337 CVSS scores: * CVE-2022-27337 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-27337 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for poppler fixes the following issues: * CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3168=1 openSUSE-SLE-15.4-2023-3168=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3168=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-3168=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-3168=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * poppler-qt6-debugsource-22.01.0-150400.3.6.1 * libpoppler-qt5-devel-22.01.0-150400.3.6.1 * libpoppler117-debuginfo-22.01.0-150400.3.6.1 * libpoppler117-22.01.0-150400.3.6.1 * poppler-tools-22.01.0-150400.3.6.1 * libpoppler-cpp0-22.01.0-150400.3.6.1 * poppler-debugsource-22.01.0-150400.3.6.1 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.6.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.6.1 * poppler-qt5-debugsource-22.01.0-150400.3.6.1 * libpoppler-glib8-22.01.0-150400.3.6.1 * libpoppler-qt6-3-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt5-1-22.01.0-150400.3.6.1 * libpoppler-qt6-3-22.01.0-150400.3.6.1 * libpoppler-glib-devel-22.01.0-150400.3.6.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.6.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.6.1 * libpoppler-devel-22.01.0-150400.3.6.1 * poppler-tools-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt6-devel-22.01.0-150400.3.6.1 * openSUSE Leap 15.4 (x86_64) * libpoppler-cpp0-32bit-22.01.0-150400.3.6.1 * libpoppler-qt5-1-32bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler117-32bit-22.01.0-150400.3.6.1 * libpoppler-glib8-32bit-22.01.0-150400.3.6.1 * libpoppler-cpp0-32bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt5-1-32bit-22.01.0-150400.3.6.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.6.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpoppler117-64bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt5-1-64bit-22.01.0-150400.3.6.1 * libpoppler-glib8-64bit-22.01.0-150400.3.6.1 * libpoppler-cpp0-64bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt5-1-64bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-glib8-64bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-cpp0-64bit-22.01.0-150400.3.6.1 * libpoppler117-64bit-22.01.0-150400.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler117-debuginfo-22.01.0-150400.3.6.1 * libpoppler117-22.01.0-150400.3.6.1 * poppler-tools-22.01.0-150400.3.6.1 * libpoppler-cpp0-22.01.0-150400.3.6.1 * poppler-debugsource-22.01.0-150400.3.6.1 * typelib-1_0-Poppler-0_18-22.01.0-150400.3.6.1 * libpoppler-glib8-22.01.0-150400.3.6.1 * libpoppler-glib-devel-22.01.0-150400.3.6.1 * libpoppler-glib8-debuginfo-22.01.0-150400.3.6.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.6.1 * libpoppler-devel-22.01.0-150400.3.6.1 * poppler-tools-debuginfo-22.01.0-150400.3.6.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * libpoppler-qt5-devel-22.01.0-150400.3.6.1 * libpoppler-qt5-1-debuginfo-22.01.0-150400.3.6.1 * poppler-qt5-debugsource-22.01.0-150400.3.6.1 * libpoppler-cpp0-22.01.0-150400.3.6.1 * poppler-debugsource-22.01.0-150400.3.6.1 * libpoppler-devel-22.01.0-150400.3.6.1 * libpoppler-cpp0-debuginfo-22.01.0-150400.3.6.1 * libpoppler-qt5-1-22.01.0-150400.3.6.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libpoppler117-32bit-22.01.0-150400.3.6.1 * libpoppler-glib8-32bit-22.01.0-150400.3.6.1 * libpoppler117-32bit-debuginfo-22.01.0-150400.3.6.1 * libpoppler-glib8-32bit-debuginfo-22.01.0-150400.3.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * poppler-debugsource-22.01.0-150400.3.6.1 * libpoppler117-debuginfo-22.01.0-150400.3.6.1 * libpoppler117-22.01.0-150400.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-27337.html * https://bugzilla.suse.com/show_bug.cgi?id=1199272

1 0

openSUSE-SU-2023:0201-1: important: Security update for libredwg
by opensuse-security＠opensuse.org 02 Aug '23

02 Aug '23

openSUSE Security Update: Security update for libredwg ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0201-1 Rating: important References: #1200898 #1212705 #1212706 #1212707 #1212709 Cross-References: CVE-2022-33025 CVE-2023-36271 CVE-2023-36272 CVE-2023-36273 CVE-2023-36274 CVSS scores: CVE-2022-33025 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-36271 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-36272 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-36273 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-36274 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for libredwg fixes the following issues: Update to version 0.12.5.5907 Security issues fixed: * CVE-2022-33025: Fixed multiple security issues [boo#1200898] * CVE-2023-36271: Fixed heap buffer overflow via the function bit_wcs2nlen [boo#1212709] * CVE-2023-36272: Fixed heap buffer overflow via the function bit_utf8_to_TU [boo#1212707] * CVE-2023-36273: Fixed heap buffer overflow via the function bit_calc_CRC [boo#1212706] * CVE-2023-36274: Fixed heap buffer overflow via the function bit_write_TF [boo#1212705] Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2023-201=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 x86_64): libredwg-devel-0.12.5.5907-bp155.3.3.1 libredwg-tools-0.12.5.5907-bp155.3.3.1 libredwg0-0.12.5.5907-bp155.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-33025.html https://www.suse.com/security/cve/CVE-2023-36271.html https://www.suse.com/security/cve/CVE-2023-36272.html https://www.suse.com/security/cve/CVE-2023-36273.html https://www.suse.com/security/cve/CVE-2023-36274.html https://bugzilla.suse.com/1200898 https://bugzilla.suse.com/1212705 https://bugzilla.suse.com/1212706 https://bugzilla.suse.com/1212707 https://bugzilla.suse.com/1212709

1 0

SUSE-SU-2023:3162-1: important: Security update for MozillaFirefox
by security＠lists.opensuse.org 02 Aug '23

02 Aug '23

# Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:3162-1 Rating: important References: * #1213657 * #1213746 Cross-References: * CVE-2023-4045 * CVE-2023-4046 * CVE-2023-4047 * CVE-2023-4048 * CVE-2023-4049 * CVE-2023-4050 * CVE-2023-4052 * CVE-2023-4054 * CVE-2023-4055 * CVE-2023-4056 * CVE-2023-4057 CVSS scores: * CVE-2023-4045 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following security issues: Firefox was updated to Extended Support Release 115.1.0 ESR (bsc#1213746): * CVE-2023-4045: Fixed cross-origin restrictions bypass with Offscreen Canvas (bmo#1833876). * CVE-2023-4046: Fixed incorrect value used during WASM compilation (bmo#1837686). * CVE-2023-4047: Fixed potential permissions request bypass via clickjacking (bmo#1839073). * CVE-2023-4048: Fixed crash in DOMParser due to out-of-memory conditions (bmo#1841368). * CVE-2023-4049: Fixed potential race conditions when releasing platform objects (bmo#1842658). * CVE-2023-4050: Fixed stack buffer overflow in StorageManager (bmo#1843038). * CVE-2023-4052: Fixed file deletion and privilege escalation through Firefox uninstaller (bmo#1824420). * CVE-2023-4054: Fixed lack of warning when opening appref-ms files (bmo#1840777). * CVE-2023-4055: Fixed cookie jar overflow caused unexpected cookie jar state (bmo#1782561). * CVE-2023-4056: Fixed memory safety bugs (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847). * CVE-2023-4057: Fixed memory safety bugs (bmo#1841682). Bugfixes: * Remove bashisms from startup-script (bsc#1213657) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3162=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3162=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-3162=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-3162=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3162=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3162=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3162=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3162=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3162=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3162=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3162=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3162=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-branding-upstream-115.1.0-150200.152.99.1 * openSUSE Leap 15.4 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-branding-upstream-115.1.0-150200.152.99.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * Desktop Applications Module 15-SP4 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-115.1.0-150200.152.99.1 * MozillaFirefox-debugsource-115.1.0-150200.152.99.1 * MozillaFirefox-translations-other-115.1.0-150200.152.99.1 * MozillaFirefox-translations-common-115.1.0-150200.152.99.1 * MozillaFirefox-debuginfo-115.1.0-150200.152.99.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-115.1.0-150200.152.99.1 ## References: * https://www.suse.com/security/cve/CVE-2023-4045.html * https://www.suse.com/security/cve/CVE-2023-4046.html * https://www.suse.com/security/cve/CVE-2023-4047.html * https://www.suse.com/security/cve/CVE-2023-4048.html * https://www.suse.com/security/cve/CVE-2023-4049.html * https://www.suse.com/security/cve/CVE-2023-4050.html * https://www.suse.com/security/cve/CVE-2023-4052.html * https://www.suse.com/security/cve/CVE-2023-4054.html * https://www.suse.com/security/cve/CVE-2023-4055.html * https://www.suse.com/security/cve/CVE-2023-4056.html * https://www.suse.com/security/cve/CVE-2023-4057.html * https://bugzilla.suse.com/show_bug.cgi?id=1213657 * https://bugzilla.suse.com/show_bug.cgi?id=1213746

1 0

SUSE-SU-2023:3164-1: moderate: Security update for jtidy
by security＠lists.opensuse.org 02 Aug '23

02 Aug '23

# Security update for jtidy Announcement ID: SUSE-SU-2023:3164-1 Rating: moderate References: * #1212404 Cross-References: * CVE-2023-34623 CVSS scores: * CVE-2023-34623 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-34623 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for jtidy fixes the following issues: * CVE-2023-34623: Prevent crash when parsing documents with excessive nesting (bsc#1212404). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3164=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3164=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3164=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3164=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3164=1 ## Package List: * openSUSE Leap 15.5 (noarch) * jtidy-javadoc-8.0-150200.11.7.1 * jtidy-scripts-8.0-150200.11.7.1 * jtidy-8.0-150200.11.7.1 * Development Tools Module 15-SP4 (noarch) * jtidy-8.0-150200.11.7.1 * Development Tools Module 15-SP5 (noarch) * jtidy-8.0-150200.11.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * jtidy-8.0-150200.11.7.1 * openSUSE Leap 15.4 (noarch) * jtidy-javadoc-8.0-150200.11.7.1 * jtidy-scripts-8.0-150200.11.7.1 * jtidy-8.0-150200.11.7.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34623.html * https://bugzilla.suse.com/show_bug.cgi?id=1212404

1 0

SUSE-SU-2023:3153-1: important: Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP5)
by security＠lists.opensuse.org 02 Aug '23

02 Aug '23

# Security update for the Linux Kernel RT (Live Patch 0 for SLE 15 SP5) Announcement ID: SUSE-SU-2023:3153-1 Rating: important References: * #1210566 * #1210987 * #1212348 * #1212509 Cross-References: * CVE-2023-2002 * CVE-2023-2235 * CVE-2023-33952 * CVE-2023-35788 CVSS scores: * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-2235 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2235 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33952 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-33952 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35788 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2023-35788 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150500_11 fixes several issues. The following security issues were fixed: * * CVE-2023-33952: Fixed a vmwgfx Driver Double Free Local Privilege Escalation Vulnerability (bsc#1212348). * CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212509). * CVE-2023-2235: Fixed an use-after-free in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210987). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210566). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3153=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-3153=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-2-150500.3.1 * kernel-livepatch-5_14_21-150500_11-rt-2-150500.3.1 * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-2-150500.3.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-2-150500.3.1 * kernel-livepatch-5_14_21-150500_11-rt-2-150500.3.1 * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-2-150500.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-2235.html * https://www.suse.com/security/cve/CVE-2023-33952.html * https://www.suse.com/security/cve/CVE-2023-35788.html * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1210987 * https://bugzilla.suse.com/show_bug.cgi?id=1212348 * https://bugzilla.suse.com/show_bug.cgi?id=1212509

1 0

SUSE-SU-2023:3136-1: critical: Maintenance update for SUSE Manager 4.3.7 Release Notes
by security＠lists.opensuse.org 02 Aug '23

02 Aug '23

# Maintenance update for SUSE Manager 4.3.7 Release Notes Announcement ID: SUSE-SU-2023:3136-1 Rating: critical References: * #1175823 * #1179747 * #1195380 * #1201337 * #1204089 * #1207330 * #1207550 * #1207691 * #1207941 * #1208528 * #1208577 * #1208612 * #1208720 * #1208984 * #1209156 * #1210011 * #1210103 * #1210394 * #1210406 * #1210456 * #1210475 * #1210659 * #1210834 * #1210957 * #1210994 * #1211062 * #1211276 * #1211330 * #1211469 * #1211621 * #1211650 * #1211713 * #1211897 * #1211929 * #1212032 * #1212550 * #1212588 * #1212700 * #1212770 * #1212771 * #1213432 Cross-References: * CVE-2023-2183 * CVE-2023-2801 * CVE-2023-3128 CVSS scores: * CVE-2023-2183 ( SUSE ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N * CVE-2023-2183 ( NVD ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N * CVE-2023-2801 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2801 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-3128 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L * CVE-2023-3128 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: * openSUSE Leap 15.4 An update that solves three vulnerabilities, contains one feature and has 38 fixes can now be installed. ## Description: Maintenance update for SUSE Manager 4.3.7 Release Notes: This is a codestream only update ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3136=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-proxy-4.3.7-150400.3.58.1 * release-notes-susemanager-4.3.7-150400.3.72.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2183.html * https://www.suse.com/security/cve/CVE-2023-2801.html * https://www.suse.com/security/cve/CVE-2023-3128.html * https://bugzilla.suse.com/show_bug.cgi?id=1175823 * https://bugzilla.suse.com/show_bug.cgi?id=1179747 * https://bugzilla.suse.com/show_bug.cgi?id=1195380 * https://bugzilla.suse.com/show_bug.cgi?id=1201337 * https://bugzilla.suse.com/show_bug.cgi?id=1204089 * https://bugzilla.suse.com/show_bug.cgi?id=1207330 * https://bugzilla.suse.com/show_bug.cgi?id=1207550 * https://bugzilla.suse.com/show_bug.cgi?id=1207691 * https://bugzilla.suse.com/show_bug.cgi?id=1207941 * https://bugzilla.suse.com/show_bug.cgi?id=1208528 * https://bugzilla.suse.com/show_bug.cgi?id=1208577 * https://bugzilla.suse.com/show_bug.cgi?id=1208612 * https://bugzilla.suse.com/show_bug.cgi?id=1208720 * https://bugzilla.suse.com/show_bug.cgi?id=1208984 * https://bugzilla.suse.com/show_bug.cgi?id=1209156 * https://bugzilla.suse.com/show_bug.cgi?id=1210011 * https://bugzilla.suse.com/show_bug.cgi?id=1210103 * https://bugzilla.suse.com/show_bug.cgi?id=1210394 * https://bugzilla.suse.com/show_bug.cgi?id=1210406 * https://bugzilla.suse.com/show_bug.cgi?id=1210456 * https://bugzilla.suse.com/show_bug.cgi?id=1210475 * https://bugzilla.suse.com/show_bug.cgi?id=1210659 * https://bugzilla.suse.com/show_bug.cgi?id=1210834 * https://bugzilla.suse.com/show_bug.cgi?id=1210957 * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211062 * https://bugzilla.suse.com/show_bug.cgi?id=1211276 * https://bugzilla.suse.com/show_bug.cgi?id=1211330 * https://bugzilla.suse.com/show_bug.cgi?id=1211469 * https://bugzilla.suse.com/show_bug.cgi?id=1211621 * https://bugzilla.suse.com/show_bug.cgi?id=1211650 * https://bugzilla.suse.com/show_bug.cgi?id=1211713 * https://bugzilla.suse.com/show_bug.cgi?id=1211897 * https://bugzilla.suse.com/show_bug.cgi?id=1211929 * https://bugzilla.suse.com/show_bug.cgi?id=1212032 * https://bugzilla.suse.com/show_bug.cgi?id=1212550 * https://bugzilla.suse.com/show_bug.cgi?id=1212588 * https://bugzilla.suse.com/show_bug.cgi?id=1212700 * https://bugzilla.suse.com/show_bug.cgi?id=1212770 * https://bugzilla.suse.com/show_bug.cgi?id=1212771 * https://bugzilla.suse.com/show_bug.cgi?id=1213432 * https://jira.suse.com/browse/MSQA-679

1 0

SUSE-SU-2023:3139-1: moderate: Security update for salt
by security＠lists.opensuse.org 02 Aug '23

02 Aug '23

# Security update for salt Announcement ID: SUSE-SU-2023:3139-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * Transactional Server Module 15-SP5 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741) Bug fixes: * Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-3139=1 openSUSE-SLE-15.5-2023-3139=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3139=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-3139=1 * Transactional Server Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP5-2023-3139=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * salt-master-3006.0-150500.4.12.2 * salt-proxy-3006.0-150500.4.12.2 * salt-standalone-formulas-configuration-3006.0-150500.4.12.2 * salt-tests-3006.0-150500.4.12.2 * salt-ssh-3006.0-150500.4.12.2 * salt-cloud-3006.0-150500.4.12.2 * salt-3006.0-150500.4.12.2 * python3-salt-3006.0-150500.4.12.2 * salt-api-3006.0-150500.4.12.2 * salt-transactional-update-3006.0-150500.4.12.2 * salt-syndic-3006.0-150500.4.12.2 * salt-doc-3006.0-150500.4.12.2 * salt-minion-3006.0-150500.4.12.2 * openSUSE Leap 15.5 (noarch) * salt-fish-completion-3006.0-150500.4.12.2 * salt-bash-completion-3006.0-150500.4.12.2 * salt-zsh-completion-3006.0-150500.4.12.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-salt-3006.0-150500.4.12.2 * salt-minion-3006.0-150500.4.12.2 * salt-3006.0-150500.4.12.2 * salt-doc-3006.0-150500.4.12.2 * Basesystem Module 15-SP5 (noarch) * salt-bash-completion-3006.0-150500.4.12.2 * salt-zsh-completion-3006.0-150500.4.12.2 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * salt-master-3006.0-150500.4.12.2 * salt-proxy-3006.0-150500.4.12.2 * salt-standalone-formulas-configuration-3006.0-150500.4.12.2 * salt-ssh-3006.0-150500.4.12.2 * salt-cloud-3006.0-150500.4.12.2 * salt-api-3006.0-150500.4.12.2 * salt-syndic-3006.0-150500.4.12.2 * Server Applications Module 15-SP5 (noarch) * salt-fish-completion-3006.0-150500.4.12.2 * Transactional Server Module 15-SP5 (aarch64 ppc64le s390x x86_64) * salt-transactional-update-3006.0-150500.4.12.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741

1 0

SUSE-SU-2023:3144-1: moderate: Security update for SUSE Manager Client Tools
by security＠lists.opensuse.org 02 Aug '23

02 Aug '23

# Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:3144-1 Rating: moderate References: * #1208612 * #1211741 * #1212279 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that solves one vulnerability, contains three features and has two fixes can now be installed. ## Description: This update fixes the following issues: python-tornado: * Security fixes: * CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741) prometheus-blackbox_exporter: * Use obscpio for go modules service * Set version number * Set build date from SOURCE_DATE_EPOCH * Update to 0.24.0 (bsc#1212279, jsc#PED-4556) * Requires go1.19 * Avoid empty validation script * Add rc symlink for backwards compatibility spacecmd: * Version 4.3.22-1 * Bypass traditional systems check on older SUMA instances (bsc#1208612) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3144=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3144=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3144=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3144=1 * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-3144=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-3144=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3144=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3144=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3144=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3144=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3144=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-3144=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-3144=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-3144=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-3144=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-3144=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3144=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3144=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3144=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3144=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-3144=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3144=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3144=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3144=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3144=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3144=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3144=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3144=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-3144=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3144=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3144=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3144=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3144=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-3144=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * openSUSE Leap 15.4 (noarch) * spacecmd-4.3.22-150000.3.101.1 * system-user-prometheus-1.0.0-150000.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * openSUSE Leap 15.5 (noarch) * spacecmd-4.3.22-150000.3.101.1 * system-user-prometheus-1.0.0-150000.10.1 * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * SUSE Manager Client Tools for SLE 15 (noarch) * spacecmd-4.3.22-150000.3.101.1 * system-user-prometheus-1.0.0-150000.10.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * system-user-prometheus-1.0.0-150000.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Manager Proxy 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * system-user-prometheus-1.0.0-150000.10.1 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * prometheus-blackbox_exporter-0.24.0-150000.1.20.2 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * system-user-prometheus-1.0.0-150000.10.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * system-user-prometheus-1.0.0-150000.10.1 * SUSE Manager Server 4.3 Module 4.3 (noarch) * system-user-prometheus-1.0.0-150000.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Manager Proxy 4.2 (x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE CaaS Platform 4.0 (x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * python2-tornado-4.5.3-150000.3.6.1 * python2-tornado-debuginfo-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python-tornado-debugsource-4.5.3-150000.3.6.1 * python-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-debuginfo-4.5.3-150000.3.6.1 * python3-tornado-4.5.3-150000.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1208612 * https://bugzilla.suse.com/show_bug.cgi?id=1211741 * https://bugzilla.suse.com/show_bug.cgi?id=1212279 * https://jira.suse.com/browse/MSQA-679 * https://jira.suse.com/browse/PED-3694 * https://jira.suse.com/browse/PED-4556

1 0

SUSE-SU-2023:3145-1: moderate: Security update for salt
by security＠lists.opensuse.org 02 Aug '23

02 Aug '23

# Security update for salt Announcement ID: SUSE-SU-2023:3145-1 Rating: moderate References: * #1210994 * #1211591 * #1211741 Cross-References: * CVE-2023-28370 CVSS scores: * CVE-2023-28370 ( SUSE ): 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N * CVE-2023-28370 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Transactional Server Module 15-SP4 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741) Bug fixes: * Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994) * Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3145=1 openSUSE-SLE-15.4-2023-3145=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-3145=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-3145=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3145=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-3145=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3145=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-3145=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-3145=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-3145=1 * Transactional Server Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2023-3145=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * salt-doc-3006.0-150400.8.37.2 * salt-standalone-formulas-configuration-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * salt-cloud-3006.0-150400.8.37.2 * salt-api-3006.0-150400.8.37.2 * salt-tests-3006.0-150400.8.37.2 * salt-ssh-3006.0-150400.8.37.2 * salt-proxy-3006.0-150400.8.37.2 * salt-syndic-3006.0-150400.8.37.2 * salt-master-3006.0-150400.8.37.2 * salt-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * openSUSE Leap 15.4 (noarch) * salt-bash-completion-3006.0-150400.8.37.2 * salt-fish-completion-3006.0-150400.8.37.2 * salt-zsh-completion-3006.0-150400.8.37.2 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * salt-3006.0-150400.8.37.2 * salt-transactional-update-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-3006.0-150400.8.37.2 * python3-salt-3006.0-150400.8.37.2 * salt-minion-3006.0-150400.8.37.2 * salt-doc-3006.0-150400.8.37.2 * Basesystem Module 15-SP4 (noarch) * salt-bash-completion-3006.0-150400.8.37.2 * salt-zsh-completion-3006.0-150400.8.37.2 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-standalone-formulas-configuration-3006.0-150400.8.37.2 * salt-cloud-3006.0-150400.8.37.2 * salt-api-3006.0-150400.8.37.2 * salt-ssh-3006.0-150400.8.37.2 * salt-proxy-3006.0-150400.8.37.2 * salt-syndic-3006.0-150400.8.37.2 * salt-master-3006.0-150400.8.37.2 * Server Applications Module 15-SP4 (noarch) * salt-fish-completion-3006.0-150400.8.37.2 * Transactional Server Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-transactional-update-3006.0-150400.8.37.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28370.html * https://bugzilla.suse.com/show_bug.cgi?id=1210994 * https://bugzilla.suse.com/show_bug.cgi?id=1211591 * https://bugzilla.suse.com/show_bug.cgi?id=1211741

1 0