August 2024 - openSUSE Security Announce

openSUSE-SU-2024:0272-1: important: Security update for python-Django
by opensuse-security＠opensuse.org 30 Aug '24

30 Aug '24

openSUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0272-1 Rating: important References: #1228629 #1228630 #1228631 #1228632 Cross-References: CVE-2024-41989 CVE-2024-41990 CVE-2024-41991 CVE-2024-42005 CVSS scores: CVE-2024-41989 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41989 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41990 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41990 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41991 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-41991 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-42005 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2024-42005 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for python-Django fixes the following issues: * CVE-2024-42005: Fixed potential SQL injection in QuerySet.values() and values_list() (boo#1228629) * CVE-2024-41989: Fixed memory exhaustion in django.utils.numberformat.floatformat() (boo#1228630) * CVE-2024-41990: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() (boo#1228631) * CVE-2024-41991: Fixed potential denial-of-service vulnerability in django.utils.html.urlize() and AdminURLFieldWidget (boo#1228632) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-272=1 Package List: References: https://www.suse.com/security/cve/CVE-2024-41989.html https://www.suse.com/security/cve/CVE-2024-41990.html https://www.suse.com/security/cve/CVE-2024-41991.html https://www.suse.com/security/cve/CVE-2024-42005.html https://bugzilla.suse.com/1228629 https://bugzilla.suse.com/1228630 https://bugzilla.suse.com/1228631 https://bugzilla.suse.com/1228632

1 0

openSUSE-SU-2024:0269-1: moderate: Security update for trivy
by opensuse-security＠opensuse.org 30 Aug '24

30 Aug '24

openSUSE Security Update: Security update for trivy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0269-1 Rating: moderate References: #1224781 #1227022 Cross-References: CVE-2023-42363 CVE-2024-35192 CVE-2024-6257 CVSS scores: CVE-2023-42363 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-42363 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: trivy was updated to fix the following issues: Update to version 0.54.1: * fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285) * fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) * fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279) * release: v0.54.0 [main] (#7075) * docs: update ecosystem page reporting with plopsec.com app (#7262) * feat(vex): retrieve VEX attestations from OCI registries (#7249) * feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257) * refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259) * fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110) * chore: show VEX notice for OSS maintainers in CI environments (#7246) * feat(vuln): add `--pkg-relationships` (#7237) * docs: show VEX cli pages + update config file page for VEX flags (#7244) * fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194) * feat(vex): VEX Repository support (#7206) * fix(secret): skip regular strings contain secret patterns (#7182) * feat: share build-in rules (#7207) * fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171) * fix(cli): error on missing config file (#7154) * fix(secret): update length of `hugging-face-access-token` (#7216) * feat(sbom): add vulnerability support for SPDX formats (#7213) * fix(secret): trim excessively long lines (#7192) * chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201) * fix(server): pass license categories to options (#7203) * feat(mariner): Add support for Azure Linux (#7186) * docs: updates config file (#7188) * refactor(fs): remove unused field for CompositeFS (#7195) * fix: add missing platform and type to spec (#7149) * feat(misconf): enabled China configuration for ACRs (#7156) * fix: close file when failed to open gzip (#7164) * docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141) * docs(misconf): add info about limitations for terraform plan json (#7143) * chore: add VEX for Trivy images (#7140) * chore: add VEX document and generator for Trivy (#7128) * fix(misconf): do not evaluate TF when a load error occurs (#7109) * feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104) * refactor(secret): move warning about file size after `IsBinary` check (#7123) * feat: add openSUSE tumbleweed detection and scanning (#6965) * test: add missing advisory details for integration tests database (#7122) * fix: Add dependencyManagement exclusions to the child exclusions (#6969) * fix: ignore nodes when listing permission is not allowed (#7107) * fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088) * refactor(secret): add warning about large files (#7085) * feat(nodejs): add license parser to pnpm analyser (#7036) * refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074) * feat: add `log.FilePath()` function for logger (#7080) * chore: bump golangci-lint from v1.58 to v1.59 (#7077) * perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065) * refactor: pass DB dir to trivy-db (#7057) * docs: navigate to the release highlights and summary (#7072) Update to version 0.53.0 (bsc#1227022, CVE-2024-6257): * release: v0.53.0 [main] (#6855) * feat(conda): add licenses support for `environment.yml` files (#6953) * fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051) * feat: add memory cache backend (#7048) * fix(sbom): use package UIDs for uniqueness (#7042) * feat(php): add installed.json file support (#4865) * docs: ✨ Updated ecosystem docs with reference to new community app (#7041) * fix: use embedded when command path not found (#7037) * refactor: use google/wire for cache (#7024) * fix(cli): show info message only when --scanners is available (#7032) * chore: enable float-compare rule from testifylint (#6967) * docs: Add sudo on commands, chmod before mv on install docs (#7009) * fix(plugin): respect `--insecure` (#7022) * feat(k8s)!: node-collector dynamic commands support (#6861) * fix(sbom): take pkg name from `purl` for maven pkgs (#7008) * feat!: add clean subcommand (#6993) * chore: use `!` for breaking changes (#6994) * feat(aws)!: Remove aws subcommand (#6995) * refactor: replace global cache directory with parameter passing (#6986) * fix(sbom): use `purl` for `bitnami` pkg names (#6982) * chore: bump Go toolchain version (#6984) * refactor: unify cache implementations (#6977) * docs: non-packaged and sbom clarifications (#6975) * BREAKING(aws): Deprecate `trivy aws` as subcmd in favour of a plugin (#6819) * docs: delete unknown URL (#6972) * refactor: use version-specific URLs for documentation references (#6966) * refactor: delete db mock (#6940) * refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726) * feat: Add local ImageID to SARIF metadata (#6522) * fix(suse): Add SLES 15.6 and Leap 15.6 (#6964) * feat(java): add support for sbt projects using sbt-dependency-lock (#6882) * feat(java): add support for `maven-metadata.xml` files for remote snapshot repositories. (#6950) * fix(purl): add missed os types (#6955) * fix(cyclonedx): trim non-URL info for `advisory.url` (#6952) * fix(c): don't skip conan files from `file-patterns` and scan `.conan2` cache dir (#6949) * fix(image): parse `image.inspect.Created` field only for non-empty values (#6948) * fix(misconf): handle source prefix to ignore (#6945) * fix(misconf): fix parsing of engine links and frameworks (#6937) * feat(misconf): support of selectors for all providers for Rego (#6905) * fix(license): return license separation using separators `,`, `or`, etc. (#6916) * feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) * BREAKING(misconf): flatten recursive types (#6862) * test: bump docker API to 1.45 (#6914) * feat(sbom): migrate to `CycloneDX v1.6` (#6903) * feat(image): Set User-Agent header for Trivy container registry requests (#6868) * fix(debian): take installed files from the origin layer (#6849) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken (#6858) * feat(misconf): API Gateway V1 support for CloudFormation (#6874) * feat(plugin): add support for nested archives (#6845) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files (#6866) * fix(secret): `Asymmetric Private Key` shouldn't start with space (#6867) * chore: auto label discussions (#5259) * docs: explain how VEX is applied (#6864) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase (#6852) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) * feat(dart): use first version of constraint for dependencies using SDK version (#6239) * fix(misconf): parsing numbers without fraction as int (#6834) * fix(misconf): fix caching of modules in subdirectories (#6814) * feat(misconf): add metadata to Cloud schema (#6831) * test: replace embedded Git repository with dynamically created repository (#6824) Update to version 0.52.2: * test: bump docker API to 1.45 [backport: release/v0.52] (#6922) * fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892) Update to version 0.52.1: * release: v0.52.1 [release/v0.52] (#6877) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken [backport: release/v0.52] (#6888) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files [backport: release/v0.52] (#6881) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase [backport: release/v0.52] (#6878) * docs: explain how VEX is applied (#6864) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) Update to version 0.52.0 (bsc#1224781, CVE-2024-35192): * release: v0.52.0 [main] (#6809) * fix(plugin): initialize logger (#6836) * fix(cli): always output fatal errors to stderr (#6827) * fix: close testfile (#6830) * docs(julia): add scanner table (#6826) * feat(python): add license support for `requirement.txt` files (#6782) * docs: add more workarounds for out-of-disk (#6821) * chore: improve error message for image not found (#6822) * fix(sbom): fix panic for `convert` mode when scanning json file derived from sbom file (#6808) * fix: clean up golangci lint configuration (#6797) * fix(python): add package name and version validation for `requirements.txt` files. (#6804) * feat(vex): improve relationship support in CSAF VEX (#6735) * chore(alpine): add eol date for Alpine 3.20 (#6800) * docs(plugin): add missed `plugin` section (#6799) * fix: include packages unless it is not needed (#6765) * feat(misconf): support for VPC resources for inbound/outbound rules (#6779) * chore: replace interface{} with any (#6751) * fix: close settings.xml (#6768) * refactor(go): add priority for gobinary module versions from `ldflags` (#6745) * build: use main package instead of main.go (#6766) * feat(misconf): resolve tf module from OpenTofu compatible registry (#6743) * docs: add info on adding compliance checks (#6275) * docs: Add documentation for contributing additional checks to the trivy policies repo (#6234) * feat(nodejs): add v9 pnpm lock file support (#6617) * feat(vex): support non-root components for products in OpenVEX (#6728) * feat(python): add line number support for `requirement.txt` files (#6729) * chore: respect timeout value in .golangci.yaml (#6724) * fix: node-collector high and critical cves (#6707) * Merge pull request from GHSA-xcq4-m2r3-cmrj * chore: auto-bump golang patch versions (#6711) * fix(misconf): don't shift ignore rule related to code (#6708) * feat(plugin): specify plugin version (#6683) * chore: enforce golangci-lint version (#6700) * fix(go): include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` (#6705) * fix(go): add only non-empty root modules for `gobinaries` (#6710) * refactor: unify package addition and vulnerability scanning (#6579) * fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696) * feat(misconf): Add support for deprecating a check (#6664) * feat: Add Julia language analyzer support (#5635) * feat(misconf): register builtin Rego funcs from trivy-checks (#6616) * fix(report): hide empty tables if all vulns has been filtered (#6352) * feat(report): Include licenses and secrets filtered by rego to ModifiedFindings (#6483) * feat: add support for plugin index (#6674) * docs: add support table for client server mode (#6498) * fix: close APKINDEX archive file (#6672) * fix(misconf): skip Rego errors with a nil location (#6666) * refactor: move artifact types under artifact package to avoid import cycles (#6652) * refactor(misconf): remove extrafs (#6656) * refactor: re-define module structs for serialization (#6655) * chore(misconf): Clean up iac logger (#6642) * feat(misconf): support symlinks inside of Helm archives (#6621) * feat(misconf): add Terraform 'removed' block to schema (#6640) * refactor: unify Library and Package structs (#6633) * fix: use of specified context to obtain cluster name (#6645) * perf(misconf): parse rego input once (#6615) * fix(misconf): skip Rego errors with a nil location (#6638) * docs: link warning to both timeout config options (#6620) * docs: fix usage of image-config-scanners (#6635) Update to version 0.51.1: * fix(fs): handle default skip dirs properly (#6628) * fix(misconf): load cached tf modules (#6607) * fix(misconf): do not use semver for parsing tf module versions (#6614) * refactor: move setting scanners when using compliance reports to flag parsing (#6619) * feat: introduce package UIDs for improved vulnerability mapping (#6583) * perf(misconf): Improve cause performance (#6586) * docs: trivy-k8s new experiance remove un-used section (#6608) * docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609) * feat(misconf): Use updated terminology for misconfiguration checks (#6476) * docs: use `generic` link from `trivy-repo` (#6606) * docs: update trivy k8s with new experience (#6465) * feat: support `--skip-images` scanning flag (#6334) * BREAKING: add support for k8s `disable-node-collector` flag (#6311) * feat: add ubuntu 23.10 and 24.04 support (#6573) * docs(go): add stdlib (#6580) * feat(go): parse main mod version from build info settings (#6564) * feat: respect custom exit code from plugin (#6584) * docs: add asdf and mise installation method (#6063) * feat(vuln): Handle scanning conan v2.x lockfiles (#6357) * feat: add support `environment.yaml` files (#6569) * fix: close plugin.yaml (#6577) * fix: trivy k8s avoid deleting non-default node collector namespace (#6559) * BREAKING: support exclude `kinds/namespaces` and include `kinds/namespaces` (#6323) * feat(go): add main module (#6574) * feat: add relationships (#6563) * docs: mention `--show-suppressed` is available in table (#6571) * chore: fix sqlite to support loong64 (#6511) * fix(debian): sort dpkg info before parsing due to exclude directories (#6551) * docs: update info about config file (#6547) * docs: remove RELEASE_VERSION from trivy.repo (#6546) * fix(sbom): change error to warning for multiple OSes (#6541) * fix(vuln): skip empty versions (#6542) * feat(c): add license support for conan lock files (#6329) * fix(terraform): Attribute and fileset fixes (#6544) * refactor: change warning if no vulnerability details are found (#6230) * refactor(misconf): improve error handling in the Rego scanner (#6527) * feat(go): parse main module of go binary files (#6530) * refactor(misconf): simplify the retrieval of module annotations (#6528) * docs(nodejs): add info about supported versions of pnpm lock files (#6510) * feat(misconf): loading embedded checks as a fallback (#6502) * fix(misconf): Parse JSON k8s manifests properly (#6490) * refactor: remove parallel walk (#5180) * fix: close pom.xml (#6507) * fix(secret): convert severity for custom rules (#6500) * fix(java): update logic to detect `pom.xml` file snapshot artifacts from remote repositories (#6412) * fix: typo (#6283) * docs(k8s,image): fix command-line syntax issues (#6403) * fix(misconf): avoid panic if the scheme is not valid (#6496) * feat(image): goversion as stdlib (#6277) * fix: add color for error inside of log message (#6493) * docs: fix links to OPA docs (#6480) * refactor: replace zap with slog (#6466) * docs: update links to IaC schemas (#6477) * chore: bump Go to 1.22 (#6075) * refactor(terraform): sync funcs with Terraform (#6415) * feat(misconf): add helm-api-version and helm-kube-version flag (#6332) * fix(terraform): eval submodules (#6411) * refactor(terraform): remove unused options (#6446) * refactor(terraform): remove unused file (#6445) * fix(misconf): Escape template value correctly (#6292) * feat(misconf): add support for wildcard ignores (#6414) * fix(cloudformation): resolve `DedicatedMasterEnabled` parsing issue (#6439) * refactor(terraform): remove metrics collection (#6444) * feat(cloudformation): add support for logging and endpoint access for EKS (#6440) * fix(db): check schema version for image name only (#6410) * feat(misconf): Support private registries for misconf check bundle (#6327) * feat(cloudformation): inline ignore support for YAML templates (#6358) * feat(terraform): ignore resources by nested attributes (#6302) * perf(helm): load in-memory files (#6383) * feat(aws): apply filter options to result (#6367) * feat(aws): quiet flag support (#6331) * fix(misconf): clear location URI for SARIF (#6405) * test(cloudformation): add CF tests (#6315) * fix(cloudformation): infer type after resolving a function (#6406) * fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399) * docs: add info about support for package license detection in `fs`/`repo` modes (#6381) * fix(nodejs): add support for parsing `workspaces` from `package.json` as an object (#6231) * fix: use `0600` perms for tmp files for post analyzers (#6386) * fix(helm): scan the subcharts once (#6382) * docs(terraform): add file patterns for Terraform Plan (#6393) * fix(terraform): сhecking SSE encryption algorithm validity (#6341) * fix(java): parse modules from `pom.xml` files once (#6312) * fix(server): add Locations for `Packages` in client/server mode (#6366) * fix(sbom): add check for `CreationInfo` to nil when detecting SPDX created using Trivy (#6346) * fix(report): don't include empty strings in `.vulnerabilities[].identifiers[].url` when `gitlab.tpl` is used (#6348) * chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371) * feat(java): add support licenses and graph for gradle lock files (#6140) * feat(vex): consider root component for relationships (#6313) * fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298) * chore: updates wazero to v1.7.0 (#6301) * feat(sbom): Support license detection for SBOM scan (#6072) * refactor(sbom): use intermediate representation for SPDX (#6310) * docs(terraform): improve documentation for filtering by inline comments (#6284) * fix(terraform): fix policy document retrieval (#6276) * refactor(terraform): remove unused custom error (#6303) * refactor(sbom): add intermediate representation for BOM (#6240) * fix(amazon): check only major version of AL to find advisories (#6295) * fix(db): use schema version as tag only for `trivy-db` and `trivy-java-db` registries by default (#6219) * fix(nodejs): add name validation for package name from `package.json` (#6268) * docs: Added install instructions for FreeBSD (#6293) * feat(image): customer podman host or socket option (#6256) * feat(java): mark dependencies from `maven-invoker-plugin` integration tests pom.xml files as `Dev` (#6213) * fix(license): reorder logic of how python package licenses are acquired (#6220) * test(terraform): skip cached modules (#6281) * feat(secret): Support for detecting Hugging Face Access Tokens (#6236) * fix(cloudformation): support of all SSE algorithms for s3 (#6270) * feat(terraform): Terraform Plan snapshot scanning support (#6176) * fix: typo function name and comment optimization (#6200) * fix(java): don't ignore runtime scope for pom.xml files (#6223) * fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215) * test(k8s): use test-db for k8s integration tests (#6222) * fix(terraform): fix root module search (#6160) * test(parser): squash test data for yarn (#6203) * fix(terraform): do not re-expand dynamic blocks (#6151) * docs: update ecosystem page reporting with db app (#6201) * fix: k8s summary separate infra and user finding results (#6120) * fix: add context to target finding on k8s table view (#6099) * fix: Printf format err (#6198) * refactor: better integration of the parser into Trivy (#6183) * feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108) * fix(vex): CSAF filtering should consider relationships (#5923) * refactor(report): Replacing `source_location` in `github` report when scanning an image (#5999) * feat(vuln): ignore vulnerabilities by PURL (#6178) * feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171) * feat(k8s): rancher rke2 version support (#5988) * docs: update kbom distribution for scanning (#6019) * chore: update CODEOWNERS (#6173) * fix(swift): try to use branch to resolve version (#6168) * fix(terraform): ensure consistent path handling across OS (#6161) * fix(java): add only valid libs from `pom.properties` files from `jars` (#6164) * fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163) * docs(report): add remark about `path` to filter licenses using `.trivyignore.yaml` file (#6145) * docs: update template path for gitlab-ci tutorial (#6144) * feat(report): support for filtering licenses and secrets via rego policy files (#6004) * fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113) * docs: add SecObserve in CI/CD and reporting (#6139) * fix(alpine): exclude empty licenses for apk packages (#6130) * docs: add docs tutorial on custom policies with rego (#6104) * fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102) * feat(vuln): show suppressed vulnerabilities in table (#6084) * docs: rename governance to principles (#6107) * docs: add governance (#6090) * feat(java): add dependency location support for `gradle` files (#6083) * fix(misconf): get `user` from `Config.User` (#6070) Update to version 0.49.1: * fix: check unescaped `BomRef` when matching `PkgIdentifier` (#6025) * docs: Fix broken link to "pronunciation" (#6057) * fix: fix cursor usage in Redis Clear function (#6056) * fix(nodejs): add local packages support for `pnpm-lock.yaml` files (#6034) * test: fix flaky `TestDockerEngine` (#6054) * fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982) * fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843) * feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285) * docs: add note about Bun (#6001) * fix(report): use `AWS_REGION` env for secrets in `asff` template (#6011) * fix: check returned error before deferring f.Close() (#6007) * feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990) * feat(vuln): enable `--vex` for all targets (#5992) * docs: update link to data sources (#6000) * feat(java): add support for line numbers for pom.xml files (#5991) * refactor(sbom): use new `metadata.tools` struct for CycloneDX (#5981) * docs: Update troubleshooting guide with image not found error (#5983) * style: update band logos (#5968) * docs: update cosign tutorial and commands, update kyverno policy (#5929) * docs: update command to scan go binary (#5969) * fix: handle non-parsable images names (#5965) * fix(amazon): save system files for pkgs containing `amzn` in src (#5951) * fix(alpine): Add EOL support for alpine 3.19. (#5938) * feat: allow end-users to adjust K8S client QPS and burst (#5910) * fix(nodejs): find licenses for packages with slash (#5836) * fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports (#5922) * fix: ignore no init containers (#5939) * docs: Fix documentation of ecosystem (#5940) * docs(misconf): multiple ignores in comment (#5926) * fix(secret): find aws secrets ending with a comma or dot (#5921) * docs: ✨ Updated ecosystem docs with reference to new community app (#5918) * fix(java): check if a version exists when determining GAV by file name for `jar` files (#5630) * feat(vex): add PURL matching for CSAF VEX (#5890) * fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. (#5901) * revert(report): don't escape new line characters for sarif format (#5897) * docs: improve filter by rego (#5402) * docs: add_scan2html_to_trivy_ecosystem (#5875) * fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888) * feat(vex): Add support for CSAF format (#5535) * feat(python): parse licenses from dist-info folder (#4724) * feat(nodejs): add yarn alias support (#5818) * refactor: propagate time through context values (#5858) * refactor: move PkgRef under PkgIdentifier (#5831) * fix(cyclonedx): fix unmarshal for licenses (#5828) * feat(vuln): include pkg identifier on detected vulnerabilities (#5439) Update to version 0.48.1: * fix(bitnami): use a different comparer for detecting vulnerabilities (#5633) * refactor(sbom): disable html escaping for CycloneDX (#5764) * refactor(purl): use `pub` from `package-url` (#5784) * docs(python): add note to using `pip freeze` for `compatible releases` (#5760) * fix(report): use OS information for OS packages purl in `github` template (#5783) * fix(report): fix error if miconfigs are empty (#5782) * refactor(vuln): don't remove VendorSeverity in JSON report (#5761) * fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767) * docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746) * fix(report): update Gitlab template (#5721) * feat(secret): add support of GitHub fine-grained tokens (#5740) * fix(misconf): add an image misconf to result (#5731) * feat(secret): added support of Docker registry credentials (#5720) Update to version 0.48.0: * feat: filter k8s core components vuln results (#5713) * feat(vuln): remove duplicates in Fixed Version (#5596) * feat(report): output plugin (#4863) * docs: typo in modules.md (#5712) * feat: Add flag to configure node-collector image ref (#5710) * feat(misconf): Add `--misconfig-scanners` option (#5670) * chore: bump Go to 1.21 (#5662) * feat: Packagesprops support (#5605) * docs: update adopters discussion template (#5632) * docs: terraform tutorial links updated to point to correct loc (#5661) * fix(secret): add `sec` and space to secret prefix for `aws-secret-access-key` (#5647) * fix(nodejs): support protocols for dependency section in yarn.lock files (#5612) * fix(secret): exclude upper case before secret for `alibaba-access-key-id` (#5618) * docs: Update Arch Linux package URL in installation.md (#5619) * chore: add prefix to image errors (#5601) * docs(vuln): fix link anchor (#5606) * docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608) * fix: k8s friendly error messages kbom non cluster scans (#5594) * feat: set InstalledFiles for DEB and RPM packages (#5488) * fix(report): use time.Time for CreatedAt (#5598) * test: retry containerd initialization (#5597) * feat(misconf): Expose misconf engine debug logs with `--debug` option (#5550) * test: mock VM walker (#5589) * chore: bump node-collector v0.0.9 (#5591) * feat(misconf): Add support for `--cf-params` for CFT (#5507) * feat(flag): replace '--slow' with '--parallel' (#5572) * fix(report): add escaping for Sarif format (#5568) * chore: show a deprecation notice for `--scanners config` (#5587) * feat(report): Add CreatedAt to the JSON report. (#5542) (#5549) * test: mock RPM DB (#5567) * feat: add aliases to '--scanners' (#5558) * refactor: reintroduce output writer (#5564) * chore: not load plugins for auto-generating docs (#5569) * chore: sort supported AWS services (#5570) * fix: no schedule toleration (#5562) * fix(cli): set correct `scanners` for `k8s` target (#5561) * fix(sbom): add `FilesAnalyzed` and `PackageVerificationCode` fields for SPDX (#5533) * refactor(misconf): Update refactored dependencies (#5245) * feat(secret): add built-in rule for JWT tokens (#5480) * fix: trivy k8s parse ecr image with arn (#5537) * fix: fail k8s resource scanning (#5529) * refactor(misconf): don't remove Highlighted in json format (#5531) * docs(k8s): fix link in kubernetes.md (#5524) * docs(k8s): fix whitespace in list syntax (#5525) Update to version 0.47.0: * docs: add info that license scanning supports file-patterns flag (#5484) * docs: add Zora integration into Ecosystem session (#5490) * fix(sbom): Use UUID as BomRef for packages with empty purl (#5448) * fix: correct error mismatch causing race in fast walks (#5516) * docs: k8s vulnerability scanning (#5515) * docs: remove glad for java datasources (#5508) * chore: remove unused logger attribute in amazon detector (#5476) * fix: correct error mismatch causing race in fast walks (#5482) * fix(server): add licenses to `BlobInfo` message (#5382) * feat: scan vulns on k8s core component apps (#5418) * fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470) * fix(sbom): save digests for package/application when scanning SBOM files (#5432) * docs: fix the broken link (#5454) * docs: fix error when installing `PyYAML` for gh pages (#5462) * fix(java): download java-db once (#5442) * docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419) * feat(misconf): Support `--ignore-policy` in config scans (#5359) * docs(misconf): fix broken table for `Use container image` section (#5425) * feat(dart): add graph support (#5374) * refactor: define a new struct for scan targets (#5397) * fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399) * fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393) * docs: remove --scanners none (#5384) * docs: Update container_image.md #5182 (#5193) * feat(report): Add `InstalledFiles` field to Package (#4706) * feat(k8s): add support for vulnerability detection (#5268) * fix(python): override BOM in `requirements.txt` files (#5375) * docs: add kbom documentation (#5363) * test: use maximize build space for VM tests (#5362) * fix(report): add escaping quotes in misconfig Title for asff template (#5351) * fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342) * fix: add config files to FS for post-analyzers (#5333) * fix: fix MIME warnings after updating to Go 1.20 (#5336) * build: fix a compile error with Go 1.21 (#5339) * feat: added `Metadata` into the k8s resource's scan report (#5322) * chore: update adopters template (#5330) * fix(sbom): use PURL or Group and Name in case of Java (#5154) * docs: add buildkite repository to ecosystem page (#5316) * chore: enable go-critic (#5302) * close java-db client (#5273) * fix(report): removes git::http from uri in sarif (#5244) * Improve the meaning of sentence (#5301) * add app nil check (#5274) * typo: in secret.md (#5281) * docs: add info about `github` format (#5265) * feat(dotnet): add license support for NuGet (#5217) * docs: correctly export variables (#5260) * chore: Add line numbers for lint output (#5247) * chore(cli): disable java-db flags in server mode (#5263) * feat(db): allow passing registry options (#5226) * refactor(purl): use TypeApk from purl (#5232) * chore: enable more linters (#5228) * Fix typo on ide.md (#5239) * refactor: use defined types (#5225) * fix(purl): skip local Go packages (#5190) * docs: update info about license scanning in Yarn projects (#5207) * fix link (#5203) * fix(purl): handle rust types (#5186) * chore: auto-close issues (#5177) * fix(k8s): kbom support addons labels (#5178) * test: validate SPDX with the JSON schema (#5124) * chore: bump trivy-kubernetes-latest (#5161) * docs: add 'Signature Verification' guide (#4731) * docs: add image-scanner-with-trivy for ecosystem (#5159) * fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158) * Update filtering.md (#5131) * chaging adopters discussion tempalte (#5091) * docs: add Bitnami (#5078) * feat(docker): add support for scanning Bitnami components (#5062) * feat: add support for .trivyignore.yaml (#5070) * fix(terraform): improve detection of terraform files (#4984) * feat: filter artifacts on --exclude-owned flag (#5059) * fix(sbom): cyclonedx advisory should omit `null` value (#5041) * build: maximize build space for build tests (#5072) * feat: improve kbom component name (#5058) * fix(pom): add licenses for pom artifacts (#5071) * chore: bump Go to `1.20` (#5067) * feat: PURL matching with qualifiers in OpenVEX (#5061) * feat(java): add graph support for pom.xml (#4902) * feat(swift): add vulns for cocoapods (#5037) * fix: support image pull secret for additional workloads (#5052) * fix: #5033 Superfluous double quote in html.tpl (#5036) * docs(repo): update trivy repo usage and example (#5049) * perf: Optimize Dockerfile for reduced layers and size (#5038) * feat: scan K8s Resources Kind with --all-namespaces (#5043) * fix: vulnerability typo (#5044) * docs: adding a terraform tutorial to the docs (#3708) * feat(report): add licenses to sarif format (#4866) * feat(misconf): show the resource name in the report (#4806) * chore: update alpine base images (#5015) * feat: add Package.resolved swift files support (#4932) * feat(nodejs): parse licenses in yarn projects (#4652) * fix: k8s private registries support (#5021) * bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018) * feat(vuln): support last_affected field from osv (#4944) * feat(server): add version endpoint (#4869) * feat: k8s private registries support (#4987) * fix(server): add indirect prop to package (#4974) * docs: add coverage (#4954) * feat(c): add location for lock file dependencies. (#4994) * docs: adding blog post on ec2 (#4813) * revert 32bit bins (#4977) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-269=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): trivy-0.54.1-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-42363.html https://www.suse.com/security/cve/CVE-2024-35192.html https://www.suse.com/security/cve/CVE-2024-6257.html https://bugzilla.suse.com/1224781 https://bugzilla.suse.com/1227022

1 0

openSUSE-SU-2024:0268-1: moderate: Security update for trivy
by opensuse-security＠opensuse.org 30 Aug '24

30 Aug '24

openSUSE Security Update: Security update for trivy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0268-1 Rating: moderate References: #1224781 #1227022 Cross-References: CVE-2023-42363 CVE-2024-35192 CVE-2024-6257 CVSS scores: CVE-2023-42363 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-42363 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: trivy was updated to fix the following issues: Update to version 0.54.1: * fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285) * fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) * fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279) * docs: update ecosystem page reporting with plopsec.com app (#7262) * feat(vex): retrieve VEX attestations from OCI registries (#7249) * feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257) * refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259) * fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110) * chore: show VEX notice for OSS maintainers in CI environments (#7246) * feat(vuln): add `--pkg-relationships` (#7237) * docs: show VEX cli pages + update config file page for VEX flags (#7244) * fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194) * feat(vex): VEX Repository support (#7206) * fix(secret): skip regular strings contain secret patterns (#7182) * feat: share build-in rules (#7207) * fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171) * fix(cli): error on missing config file (#7154) * fix(secret): update length of `hugging-face-access-token` (#7216) * feat(sbom): add vulnerability support for SPDX formats (#7213) * fix(secret): trim excessively long lines (#7192) * chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201) * fix(server): pass license categories to options (#7203) * feat(mariner): Add support for Azure Linux (#7186) * docs: updates config file (#7188) * refactor(fs): remove unused field for CompositeFS (#7195) * fix: add missing platform and type to spec (#7149) * feat(misconf): enabled China configuration for ACRs (#7156) * fix: close file when failed to open gzip (#7164) * docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141) * docs(misconf): add info about limitations for terraform plan json (#7143) * chore: add VEX for Trivy images (#7140) * chore: add VEX document and generator for Trivy (#7128) * fix(misconf): do not evaluate TF when a load error occurs (#7109) * feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104) * refactor(secret): move warning about file size after `IsBinary` check (#7123) * feat: add openSUSE tumbleweed detection and scanning (#6965) * test: add missing advisory details for integration tests database (#7122) * fix: Add dependencyManagement exclusions to the child exclusions (#6969) * fix: ignore nodes when listing permission is not allowed (#7107) * fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088) * refactor(secret): add warning about large files (#7085) * feat(nodejs): add license parser to pnpm analyser (#7036) * refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074) * feat: add `log.FilePath()` function for logger (#7080) * chore: bump golangci-lint from v1.58 to v1.59 (#7077) * perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065) * refactor: pass DB dir to trivy-db (#7057) * docs: navigate to the release highlights and summary (#7072) Update to version 0.53.0 (bsc#1227022, CVE-2024-6257): * feat(conda): add licenses support for `environment.yml` files (#6953) * fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051) * feat: add memory cache backend (#7048) * fix(sbom): use package UIDs for uniqueness (#7042) * feat(php): add installed.json file support (#4865) * docs: ✨ Updated ecosystem docs with reference to new community app (#7041) * fix: use embedded when command path not found (#7037) * refactor: use google/wire for cache (#7024) * fix(cli): show info message only when --scanners is available (#7032) * chore: enable float-compare rule from testifylint (#6967) * docs: Add sudo on commands, chmod before mv on install docs (#7009) * fix(plugin): respect `--insecure` (#7022) * feat(k8s)!: node-collector dynamic commands support (#6861) * fix(sbom): take pkg name from `purl` for maven pkgs (#7008) * feat!: add clean subcommand (#6993) * chore: use `!` for breaking changes (#6994) * feat(aws)!: Remove aws subcommand (#6995) * refactor: replace global cache directory with parameter passing (#6986) * fix(sbom): use `purl` for `bitnami` pkg names (#6982) * chore: bump Go toolchain version (#6984) * refactor: unify cache implementations (#6977) * docs: non-packaged and sbom clarifications (#6975) * BREAKING(aws): Deprecate `trivy aws` as subcmd in favour of a plugin (#6819) * docs: delete unknown URL (#6972) * refactor: use version-specific URLs for documentation references (#6966) * refactor: delete db mock (#6940) * refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726) * feat: Add local ImageID to SARIF metadata (#6522) * fix(suse): Add SLES 15.6 and Leap 15.6 (#6964) * feat(java): add support for sbt projects using sbt-dependency-lock (#6882) * feat(java): add support for `maven-metadata.xml` files for remote snapshot repositories. (#6950) * fix(purl): add missed os types (#6955) * fix(cyclonedx): trim non-URL info for `advisory.url` (#6952) * fix(c): don't skip conan files from `file-patterns` and scan `.conan2` cache dir (#6949) * fix(image): parse `image.inspect.Created` field only for non-empty values (#6948) * fix(misconf): handle source prefix to ignore (#6945) * fix(misconf): fix parsing of engine links and frameworks (#6937) * feat(misconf): support of selectors for all providers for Rego (#6905) * fix(license): return license separation using separators `,`, `or`, etc. (#6916) * feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) * BREAKING(misconf): flatten recursive types (#6862) * test: bump docker API to 1.45 (#6914) * feat(sbom): migrate to `CycloneDX v1.6` (#6903) * feat(image): Set User-Agent header for Trivy container registry requests (#6868) * fix(debian): take installed files from the origin layer (#6849) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken (#6858) * feat(misconf): API Gateway V1 support for CloudFormation (#6874) * feat(plugin): add support for nested archives (#6845) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files (#6866) * fix(secret): `Asymmetric Private Key` shouldn't start with space (#6867) * chore: auto label discussions (#5259) * docs: explain how VEX is applied (#6864) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase (#6852) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) * feat(dart): use first version of constraint for dependencies using SDK version (#6239) * fix(misconf): parsing numbers without fraction as int (#6834) * fix(misconf): fix caching of modules in subdirectories (#6814) * feat(misconf): add metadata to Cloud schema (#6831) * test: replace embedded Git repository with dynamically created repository (#6824) Update to version 0.52.2: * test: bump docker API to 1.45 [backport: release/v0.52] (#6922) * fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892) Update to version 0.52.1: * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken [backport: release/v0.52] (#6888) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files [backport: release/v0.52] (#6881) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase [backport: release/v0.52] (#6878) * docs: explain how VEX is applied (#6864) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) Update to version 0.52.0 (bsc#1224781, CVE-2024-35192): * fix(plugin): initialize logger (#6836) * fix(cli): always output fatal errors to stderr (#6827) * fix: close testfile (#6830) * docs(julia): add scanner table (#6826) * feat(python): add license support for `requirement.txt` files (#6782) * docs: add more workarounds for out-of-disk (#6821) * chore: improve error message for image not found (#6822) * fix(sbom): fix panic for `convert` mode when scanning json file derived from sbom file (#6808) * fix: clean up golangci lint configuration (#6797) * fix(python): add package name and version validation for `requirements.txt` files. (#6804) * feat(vex): improve relationship support in CSAF VEX (#6735) * chore(alpine): add eol date for Alpine 3.20 (#6800) * docs(plugin): add missed `plugin` section (#6799) * fix: include packages unless it is not needed (#6765) * feat(misconf): support for VPC resources for inbound/outbound rules (#6779) * chore: replace interface{} with any (#6751) * fix: close settings.xml (#6768) * refactor(go): add priority for gobinary module versions from `ldflags` (#6745) * build: use main package instead of main.go (#6766) * feat(misconf): resolve tf module from OpenTofu compatible registry (#6743) * docs: add info on adding compliance checks (#6275) * docs: Add documentation for contributing additional checks to the trivy policies repo (#6234) * feat(nodejs): add v9 pnpm lock file support (#6617) * feat(vex): support non-root components for products in OpenVEX (#6728) * feat(python): add line number support for `requirement.txt` files (#6729) * chore: respect timeout value in .golangci.yaml (#6724) * fix: node-collector high and critical cves (#6707) * Merge pull request from GHSA-xcq4-m2r3-cmrj * chore: auto-bump golang patch versions (#6711) * fix(misconf): don't shift ignore rule related to code (#6708) * feat(plugin): specify plugin version (#6683) * chore: enforce golangci-lint version (#6700) * fix(go): include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` (#6705) * fix(go): add only non-empty root modules for `gobinaries` (#6710) * refactor: unify package addition and vulnerability scanning (#6579) * fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696) * feat(misconf): Add support for deprecating a check (#6664) * feat: Add Julia language analyzer support (#5635) * feat(misconf): register builtin Rego funcs from trivy-checks (#6616) * fix(report): hide empty tables if all vulns has been filtered (#6352) * feat(report): Include licenses and secrets filtered by rego to ModifiedFindings (#6483) * feat: add support for plugin index (#6674) * docs: add support table for client server mode (#6498) * fix: close APKINDEX archive file (#6672) * fix(misconf): skip Rego errors with a nil location (#6666) * refactor: move artifact types under artifact package to avoid import cycles (#6652) * refactor(misconf): remove extrafs (#6656) * refactor: re-define module structs for serialization (#6655) * chore(misconf): Clean up iac logger (#6642) * feat(misconf): support symlinks inside of Helm archives (#6621) * feat(misconf): add Terraform 'removed' block to schema (#6640) * refactor: unify Library and Package structs (#6633) * fix: use of specified context to obtain cluster name (#6645) * perf(misconf): parse rego input once (#6615) * fix(misconf): skip Rego errors with a nil location (#6638) * docs: link warning to both timeout config options (#6620) * docs: fix usage of image-config-scanners (#6635) Update to version 0.51.1: * fix(fs): handle default skip dirs properly (#6628) * fix(misconf): load cached tf modules (#6607) * fix(misconf): do not use semver for parsing tf module versions (#6614) * refactor: move setting scanners when using compliance reports to flag parsing (#6619) * feat: introduce package UIDs for improved vulnerability mapping (#6583) * perf(misconf): Improve cause performance (#6586) * docs: trivy-k8s new experiance remove un-used section (#6608) * docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609) * feat(misconf): Use updated terminology for misconfiguration checks (#6476) * docs: use `generic` link from `trivy-repo` (#6606) * docs: update trivy k8s with new experience (#6465) * feat: support `--skip-images` scanning flag (#6334) * BREAKING: add support for k8s `disable-node-collector` flag (#6311) * feat: add ubuntu 23.10 and 24.04 support (#6573) * docs(go): add stdlib (#6580) * feat(go): parse main mod version from build info settings (#6564) * feat: respect custom exit code from plugin (#6584) * docs: add asdf and mise installation method (#6063) * feat(vuln): Handle scanning conan v2.x lockfiles (#6357) * feat: add support `environment.yaml` files (#6569) * fix: close plugin.yaml (#6577) * fix: trivy k8s avoid deleting non-default node collector namespace (#6559) * BREAKING: support exclude `kinds/namespaces` and include `kinds/namespaces` (#6323) * feat(go): add main module (#6574) * feat: add relationships (#6563) * docs: mention `--show-suppressed` is available in table (#6571) * chore: fix sqlite to support loong64 (#6511) * fix(debian): sort dpkg info before parsing due to exclude directories (#6551) * docs: update info about config file (#6547) * docs: remove RELEASE_VERSION from trivy.repo (#6546) * fix(sbom): change error to warning for multiple OSes (#6541) * fix(vuln): skip empty versions (#6542) * feat(c): add license support for conan lock files (#6329) * fix(terraform): Attribute and fileset fixes (#6544) * refactor: change warning if no vulnerability details are found (#6230) * refactor(misconf): improve error handling in the Rego scanner (#6527) * feat(go): parse main module of go binary files (#6530) * refactor(misconf): simplify the retrieval of module annotations (#6528) * docs(nodejs): add info about supported versions of pnpm lock files (#6510) * feat(misconf): loading embedded checks as a fallback (#6502) * fix(misconf): Parse JSON k8s manifests properly (#6490) * refactor: remove parallel walk (#5180) * fix: close pom.xml (#6507) * fix(secret): convert severity for custom rules (#6500) * fix(java): update logic to detect `pom.xml` file snapshot artifacts from remote repositories (#6412) * fix: typo (#6283) * docs(k8s,image): fix command-line syntax issues (#6403) * fix(misconf): avoid panic if the scheme is not valid (#6496) * feat(image): goversion as stdlib (#6277) * fix: add color for error inside of log message (#6493) * docs: fix links to OPA docs (#6480) * refactor: replace zap with slog (#6466) * docs: update links to IaC schemas (#6477) * chore: bump Go to 1.22 (#6075) * refactor(terraform): sync funcs with Terraform (#6415) * feat(misconf): add helm-api-version and helm-kube-version flag (#6332) * fix(terraform): eval submodules (#6411) * refactor(terraform): remove unused options (#6446) * refactor(terraform): remove unused file (#6445) * fix(misconf): Escape template value correctly (#6292) * feat(misconf): add support for wildcard ignores (#6414) * fix(cloudformation): resolve `DedicatedMasterEnabled` parsing issue (#6439) * refactor(terraform): remove metrics collection (#6444) * feat(cloudformation): add support for logging and endpoint access for EKS (#6440) * fix(db): check schema version for image name only (#6410) * feat(misconf): Support private registries for misconf check bundle (#6327) * feat(cloudformation): inline ignore support for YAML templates (#6358) * feat(terraform): ignore resources by nested attributes (#6302) * perf(helm): load in-memory files (#6383) * feat(aws): apply filter options to result (#6367) * feat(aws): quiet flag support (#6331) * fix(misconf): clear location URI for SARIF (#6405) * test(cloudformation): add CF tests (#6315) * fix(cloudformation): infer type after resolving a function (#6406) * fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399) * docs: add info about support for package license detection in `fs`/`repo` modes (#6381) * fix(nodejs): add support for parsing `workspaces` from `package.json` as an object (#6231) * fix: use `0600` perms for tmp files for post analyzers (#6386) * fix(helm): scan the subcharts once (#6382) * docs(terraform): add file patterns for Terraform Plan (#6393) * fix(terraform): сhecking SSE encryption algorithm validity (#6341) * fix(java): parse modules from `pom.xml` files once (#6312) * fix(server): add Locations for `Packages` in client/server mode (#6366) * fix(sbom): add check for `CreationInfo` to nil when detecting SPDX created using Trivy (#6346) * fix(report): don't include empty strings in `.vulnerabilities[].identifiers[].url` when `gitlab.tpl` is used (#6348) * chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371) * feat(java): add support licenses and graph for gradle lock files (#6140) * feat(vex): consider root component for relationships (#6313) * fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298) * chore: updates wazero to v1.7.0 (#6301) * feat(sbom): Support license detection for SBOM scan (#6072) * refactor(sbom): use intermediate representation for SPDX (#6310) * docs(terraform): improve documentation for filtering by inline comments (#6284) * fix(terraform): fix policy document retrieval (#6276) * refactor(terraform): remove unused custom error (#6303) * refactor(sbom): add intermediate representation for BOM (#6240) * fix(amazon): check only major version of AL to find advisories (#6295) * fix(db): use schema version as tag only for `trivy-db` and `trivy-java-db` registries by default (#6219) * fix(nodejs): add name validation for package name from `package.json` (#6268) * docs: Added install instructions for FreeBSD (#6293) * feat(image): customer podman host or socket option (#6256) * feat(java): mark dependencies from `maven-invoker-plugin` integration tests pom.xml files as `Dev` (#6213) * fix(license): reorder logic of how python package licenses are acquired (#6220) * test(terraform): skip cached modules (#6281) * feat(secret): Support for detecting Hugging Face Access Tokens (#6236) * fix(cloudformation): support of all SSE algorithms for s3 (#6270) * feat(terraform): Terraform Plan snapshot scanning support (#6176) * fix: typo function name and comment optimization (#6200) * fix(java): don't ignore runtime scope for pom.xml files (#6223) * fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215) * test(k8s): use test-db for k8s integration tests (#6222) * fix(terraform): fix root module search (#6160) * test(parser): squash test data for yarn (#6203) * fix(terraform): do not re-expand dynamic blocks (#6151) * docs: update ecosystem page reporting with db app (#6201) * fix: k8s summary separate infra and user finding results (#6120) * fix: add context to target finding on k8s table view (#6099) * fix: Printf format err (#6198) * refactor: better integration of the parser into Trivy (#6183) * feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108) * fix(vex): CSAF filtering should consider relationships (#5923) * refactor(report): Replacing `source_location` in `github` report when scanning an image (#5999) * feat(vuln): ignore vulnerabilities by PURL (#6178) * feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171) * feat(k8s): rancher rke2 version support (#5988) * docs: update kbom distribution for scanning (#6019) * chore: update CODEOWNERS (#6173) * fix(swift): try to use branch to resolve version (#6168) * fix(terraform): ensure consistent path handling across OS (#6161) * fix(java): add only valid libs from `pom.properties` files from `jars` (#6164) * fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163) * docs(report): add remark about `path` to filter licenses using `.trivyignore.yaml` file (#6145) * docs: update template path for gitlab-ci tutorial (#6144) * feat(report): support for filtering licenses and secrets via rego policy files (#6004) * fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113) * docs: add SecObserve in CI/CD and reporting (#6139) * fix(alpine): exclude empty licenses for apk packages (#6130) * docs: add docs tutorial on custom policies with rego (#6104) * fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102) * feat(vuln): show suppressed vulnerabilities in table (#6084) * docs: rename governance to principles (#6107) * docs: add governance (#6090) * feat(java): add dependency location support for `gradle` files (#6083) * fix(misconf): get `user` from `Config.User` (#6070) Update to version 0.49.1: * fix: check unescaped `BomRef` when matching `PkgIdentifier` (#6025) * docs: Fix broken link to "pronunciation" (#6057) * fix: fix cursor usage in Redis Clear function (#6056) * fix(nodejs): add local packages support for `pnpm-lock.yaml` files (#6034) * test: fix flaky `TestDockerEngine` (#6054) * fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982) * fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843) * feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285) * docs: add note about Bun (#6001) * fix(report): use `AWS_REGION` env for secrets in `asff` template (#6011) * fix: check returned error before deferring f.Close() (#6007) * feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990) * feat(vuln): enable `--vex` for all targets (#5992) * docs: update link to data sources (#6000) * feat(java): add support for line numbers for pom.xml files (#5991) * refactor(sbom): use new `metadata.tools` struct for CycloneDX (#5981) * docs: Update troubleshooting guide with image not found error (#5983) * style: update band logos (#5968) * docs: update cosign tutorial and commands, update kyverno policy (#5929) * docs: update command to scan go binary (#5969) * fix: handle non-parsable images names (#5965) * fix(amazon): save system files for pkgs containing `amzn` in src (#5951) * fix(alpine): Add EOL support for alpine 3.19. (#5938) * feat: allow end-users to adjust K8S client QPS and burst (#5910) * fix(nodejs): find licenses for packages with slash (#5836) * fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports (#5922) * fix: ignore no init containers (#5939) * docs: Fix documentation of ecosystem (#5940) * docs(misconf): multiple ignores in comment (#5926) * fix(secret): find aws secrets ending with a comma or dot (#5921) * docs: ✨ Updated ecosystem docs with reference to new community app (#5918) * fix(java): check if a version exists when determining GAV by file name for `jar` files (#5630) * feat(vex): add PURL matching for CSAF VEX (#5890) * fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. (#5901) * revert(report): don't escape new line characters for sarif format (#5897) * docs: improve filter by rego (#5402) * docs: add_scan2html_to_trivy_ecosystem (#5875) * fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888) * feat(vex): Add support for CSAF format (#5535) * feat(python): parse licenses from dist-info folder (#4724) * feat(nodejs): add yarn alias support (#5818) * refactor: propagate time through context values (#5858) * refactor: move PkgRef under PkgIdentifier (#5831) * fix(cyclonedx): fix unmarshal for licenses (#5828) * feat(vuln): include pkg identifier on detected vulnerabilities (#5439) Update to version 0.48.1: * fix(bitnami): use a different comparer for detecting vulnerabilities (#5633) * refactor(sbom): disable html escaping for CycloneDX (#5764) * refactor(purl): use `pub` from `package-url` (#5784) * docs(python): add note to using `pip freeze` for `compatible releases` (#5760) * fix(report): use OS information for OS packages purl in `github` template (#5783) * fix(report): fix error if miconfigs are empty (#5782) * refactor(vuln): don't remove VendorSeverity in JSON report (#5761) * fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767) * docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746) * fix(report): update Gitlab template (#5721) * feat(secret): add support of GitHub fine-grained tokens (#5740) * fix(misconf): add an image misconf to result (#5731) * feat(secret): added support of Docker registry credentials (#5720) Update to version 0.48.0: * feat: filter k8s core components vuln results (#5713) * feat(vuln): remove duplicates in Fixed Version (#5596) * feat(report): output plugin (#4863) * docs: typo in modules.md (#5712) * feat: Add flag to configure node-collector image ref (#5710) * feat(misconf): Add `--misconfig-scanners` option (#5670) * chore: bump Go to 1.21 (#5662) * feat: Packagesprops support (#5605) * docs: update adopters discussion template (#5632) * docs: terraform tutorial links updated to point to correct loc (#5661) * fix(secret): add `sec` and space to secret prefix for `aws-secret-access-key` (#5647) * fix(nodejs): support protocols for dependency section in yarn.lock files (#5612) * fix(secret): exclude upper case before secret for `alibaba-access-key-id` (#5618) * docs: Update Arch Linux package URL in installation.md (#5619) * chore: add prefix to image errors (#5601) * docs(vuln): fix link anchor (#5606) * docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608) * fix: k8s friendly error messages kbom non cluster scans (#5594) * feat: set InstalledFiles for DEB and RPM packages (#5488) * fix(report): use time.Time for CreatedAt (#5598) * test: retry containerd initialization (#5597) * feat(misconf): Expose misconf engine debug logs with `--debug` option (#5550) * test: mock VM walker (#5589) * chore: bump node-collector v0.0.9 (#5591) * feat(misconf): Add support for `--cf-params` for CFT (#5507) * feat(flag): replace '--slow' with '--parallel' (#5572) * fix(report): add escaping for Sarif format (#5568) * chore: show a deprecation notice for `--scanners config` (#5587) * feat(report): Add CreatedAt to the JSON report. (#5542) (#5549) * test: mock RPM DB (#5567) * feat: add aliases to '--scanners' (#5558) * refactor: reintroduce output writer (#5564) * chore: not load plugins for auto-generating docs (#5569) * chore: sort supported AWS services (#5570) * fix: no schedule toleration (#5562) * fix(cli): set correct `scanners` for `k8s` target (#5561) * fix(sbom): add `FilesAnalyzed` and `PackageVerificationCode` fields for SPDX (#5533) * refactor(misconf): Update refactored dependencies (#5245) * feat(secret): add built-in rule for JWT tokens (#5480) * fix: trivy k8s parse ecr image with arn (#5537) * fix: fail k8s resource scanning (#5529) * refactor(misconf): don't remove Highlighted in json format (#5531) * docs(k8s): fix link in kubernetes.md (#5524) * docs(k8s): fix whitespace in list syntax (#5525) Update to version 0.47.0: * docs: add info that license scanning supports file-patterns flag (#5484) * docs: add Zora integration into Ecosystem session (#5490) * fix(sbom): Use UUID as BomRef for packages with empty purl (#5448) * fix: correct error mismatch causing race in fast walks (#5516) * docs: k8s vulnerability scanning (#5515) * docs: remove glad for java datasources (#5508) * chore: remove unused logger attribute in amazon detector (#5476) * fix: correct error mismatch causing race in fast walks (#5482) * fix(server): add licenses to `BlobInfo` message (#5382) * feat: scan vulns on k8s core component apps (#5418) * fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470) * fix(sbom): save digests for package/application when scanning SBOM files (#5432) * docs: fix the broken link (#5454) * docs: fix error when installing `PyYAML` for gh pages (#5462) * fix(java): download java-db once (#5442) * docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419) * feat(misconf): Support `--ignore-policy` in config scans (#5359) * docs(misconf): fix broken table for `Use container image` section (#5425) * feat(dart): add graph support (#5374) * refactor: define a new struct for scan targets (#5397) * fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399) * fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393) * docs: remove --scanners none (#5384) * docs: Update container_image.md #5182 (#5193) * feat(report): Add `InstalledFiles` field to Package (#4706) * feat(k8s): add support for vulnerability detection (#5268) * fix(python): override BOM in `requirements.txt` files (#5375) * docs: add kbom documentation (#5363) * test: use maximize build space for VM tests (#5362) * fix(report): add escaping quotes in misconfig Title for asff template (#5351) * fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342) * fix: add config files to FS for post-analyzers (#5333) * fix: fix MIME warnings after updating to Go 1.20 (#5336) * build: fix a compile error with Go 1.21 (#5339) * feat: added `Metadata` into the k8s resource's scan report (#5322) * chore: update adopters template (#5330) * fix(sbom): use PURL or Group and Name in case of Java (#5154) * docs: add buildkite repository to ecosystem page (#5316) * chore: enable go-critic (#5302) * close java-db client (#5273) * fix(report): removes git::http from uri in sarif (#5244) * Improve the meaning of sentence (#5301) * add app nil check (#5274) * typo: in secret.md (#5281) * docs: add info about `github` format (#5265) * feat(dotnet): add license support for NuGet (#5217) * docs: correctly export variables (#5260) * chore: Add line numbers for lint output (#5247) * chore(cli): disable java-db flags in server mode (#5263) * feat(db): allow passing registry options (#5226) * refactor(purl): use TypeApk from purl (#5232) * chore: enable more linters (#5228) * Fix typo on ide.md (#5239) * refactor: use defined types (#5225) * fix(purl): skip local Go packages (#5190) * docs: update info about license scanning in Yarn projects (#5207) * fix link (#5203) * fix(purl): handle rust types (#5186) * chore: auto-close issues (#5177) * fix(k8s): kbom support addons labels (#5178) * test: validate SPDX with the JSON schema (#5124) * chore: bump trivy-kubernetes-latest (#5161) * docs: add 'Signature Verification' guide (#4731) * docs: add image-scanner-with-trivy for ecosystem (#5159) * fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158) * Update filtering.md (#5131) * chaging adopters discussion tempalte (#5091) * docs: add Bitnami (#5078) * feat(docker): add support for scanning Bitnami components (#5062) * feat: add support for .trivyignore.yaml (#5070) * fix(terraform): improve detection of terraform files (#4984) * feat: filter artifacts on --exclude-owned flag (#5059) * fix(sbom): cyclonedx advisory should omit `null` value (#5041) * build: maximize build space for build tests (#5072) * feat: improve kbom component name (#5058) * fix(pom): add licenses for pom artifacts (#5071) * chore: bump Go to `1.20` (#5067) * feat: PURL matching with qualifiers in OpenVEX (#5061) * feat(java): add graph support for pom.xml (#4902) * feat(swift): add vulns for cocoapods (#5037) * fix: support image pull secret for additional workloads (#5052) * fix: #5033 Superfluous double quote in html.tpl (#5036) * docs(repo): update trivy repo usage and example (#5049) * perf: Optimize Dockerfile for reduced layers and size (#5038) * feat: scan K8s Resources Kind with --all-namespaces (#5043) * fix: vulnerability typo (#5044) * docs: adding a terraform tutorial to the docs (#3708) * feat(report): add licenses to sarif format (#4866) * feat(misconf): show the resource name in the report (#4806) * chore: update alpine base images (#5015) * feat: add Package.resolved swift files support (#4932) * feat(nodejs): parse licenses in yarn projects (#4652) * fix: k8s private registries support (#5021) * bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018) * feat(vuln): support last_affected field from osv (#4944) * feat(server): add version endpoint (#4869) * feat: k8s private registries support (#4987) * fix(server): add indirect prop to package (#4974) * docs: add coverage (#4954) * feat(c): add location for lock file dependencies. (#4994) * docs: adding blog post on ec2 (#4813) * revert 32bit bins (#4977) Update to version 0.44.1: * fix(report): return severity colors in table format (#4969) * build: maximize available disk space for release (#4937) * test(cli): Fix assertion helptext (#4966) * test: validate CycloneDX with the JSON schema (#4956) * fix(server): add licenses to the Result message (#4955) * fix(aws): resolve endpoint if endpoint is passed (#4925) * fix(sbom): move licenses to `name` field in Cyclonedx format (#4941) * use testify instead of gotest.tools (#4946) * fix(nodejs): do not detect lock file in node_modules as an app (#4949) * bump go-dep-parser (#4936) * test(aws): move part of unit tests to integration (#4884) * docs(cli): update help string for file and dir skipping (#4872) * docs: update the discussion template (#4928) Update to version 0.44.0: * feat(repo): support local repositories (#4890) * bump go-dep-parser (#4893) * fix(misconf): add missing fields to proto (#4861) * fix: remove trivy-db package replacement (#4877) * chore(test): bump the integration test timeout to 15m (#4880) * chore: update CODEOWNERS (#4871) * feat(vuln): support vulnerability status (#4867) * feat(misconf): Support custom URLs for policy bundle (#4834) * refactor: replace with sortable packages (#4858) * docs: correct license scanning sample command (#4855) * fix(report): close the file (#4842) * feat(misconf): Add support for independently enabling libraries (#4070) * feat(secret): add secret config file for cache calculation (#4837) * Fix a link in gitlab-ci.md (#4850) * fix(flag): use globalstar to skip directories (#4854) * fix(license): using common way for splitting licenses (#4434) * fix(containerd): Use img platform in exporter instead of strict host platform (#4477) * remove govulndb (#4783) * fix(java): inherit licenses from parents (#4817) * refactor: add allowed values for CLI flags (#4800) * add example regex to allow rules (#4827) * feat(misconf): Support custom data for rego policies for cloud (#4745) * docs: correcting the trivy k8s tutorial (#4815) * feat(cli): add --tf-exclude-downloaded-modules flag (#4810) * fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794) * feat(misconf): enable --policy flag to accept directory and files both (#4777) * feat(python): add license fields (#4722) * fix: support trivy k8s-version on k8s sub-command (#4786) Update to version 0.43.1: * docs(image): fix the comment on the soft/hard link (#4740) * check Type when filling pkgs in vulns (#4776) * feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script (#4770) * fix(rocky): add architectures support for advisories (#4691) * fix: documentation about reseting trivy image (#4733) * fix(suse): Add openSUSE Leap 15.5 eol date as well (#4744) * fix: update Amazon Linux 1 EOL (#4761) Update to version 0.43.0: * feat(nodejs): support yarn workspaces (#4664) * fix(image): pass the secret scanner option to scan the img config (#4735) * fix: scan job pod it not found on k8s-1.27.x (#4729) * feat(docker): add support for mTLS authentication when connecting to registry (#4649) * fix: skip scanning the gpg-pubkey package (#4720) * Fix http registry oci pull (#4701) * feat(misconf): Support skipping services (#4686) * docs: fix supported modes for pubspec.lock files (#4713) * fix(misconf): disable the terraform plan analyzer for other scanners (#4714) * clarifying a dir path is required for custom policies (#4716) * chore: update alpine base images (#4715) * fix last-history-created (#4697) * feat: kbom and cyclonedx v1.5 spec support (#4708) * docs: add information about Aqua (#4590) * fix: k8s escape resource filename on windows os (#4693) * feat: cyclondx sbom custom property support (#4688) * add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date (#4690) * use group field for jar in cyclonedx (#4674) * feat(java): capture licenses from pom.xml (#4681) * feat(helm): make sessionAffinity configurable (#4623) * fix: Show the correct URL of the secret scanning (#4682) * document expected file pattern definition format (#4654) * fix: format arg error (#4642) * feat(k8s): cyclonedx kbom support (#4557) * fix(nodejs): remove unused fields for the pnpm lockfile (#4630) * fix(vm): update ext4-filesystem parser for parse multi block extents (#4616) * fix(debian): update EOL for Debian 12 (#4647) * chore: unnecessary use of fmt.Sprintf (S1039) (#4637) * fix(db): change argument order in Exists query for JavaDB (#4595) * feat(aws): Add support to see successes in results (#4427) * feat: trivy k8s private registry support (#4567) * docs: add general coverage page (#3859) * chore: create SECURITY.md (#4601) Update to version 0.42.1: * fix(misconf): deduplicate misconf results (#4588) * fix(vm): support sector size of 4096 (#4564) * fix(misconf): terraform relative paths (#4571) * fix(purl): skip unsupported library type (#4577) * fix(terraform): recursively detect all Root Modules (#4457) * fix(vm): support post analyzer for vm command (#4544) * fix(nodejs): change the type of the devDependencies field (#4560) * fix(sbom): export empty dependencies in CycloneDX (#4568) * refactor: add composite fs for post-analyzers (#4556) * feat: add SBOM analyzer (#4210) * fix(sbom): update logic for work with files in spdx format (#4513) * feat: azure workload identity support (#4489) * feat(ubuntu): add eol date for 18.04 ESM (#4524) * fix(misconf): Update required extensions for terraformplan (#4523) * refactor(cyclonedx): add intermediate representation (#4490) * fix(misconf): Remove debug print while scanning (#4521) * fix(java): remove duplicates of jar libs (#4515) * fix(java): fix overwriting project props in pom.xml (#4498) * docs: Update compilation instructions (#4512) * fix(nodejs): update logic for parsing pnpm lock files (#4502) * fix(secret): remove aws-account-id rule (#4494) * feat(oci): add support for referencing an input image by digest (#4470) * docs: fixed the format (#4503) * fix(java): add support of * for exclusions for pom.xml files (#4501) * feat: adding issue template for documentation (#4453) * docs: switch glad to ghsa for Go (#4493) * feat(misconf): Add terraformplan support (#4342) * feat(debian): add digests for dpkg (#4445) * feat(k8s): exclude node scanning by node labels (#4459) * docs: add info about multi-line mode for regexp from custom secret rules (#4159) * feat(cli): convert JSON reports into a different format (#4452) * feat(image): add logic to guess base layer for docker-cis scan (#4344) * fix(cyclonedx): set original names for packages (#4306) * feat: group subcommands (#4449) * feat(cli): add retry to cache operations (#4189) * fix(vuln): report architecture for `apk` packages (#4247) * refactor: enable cases where return values are not needed in pipeline (#4443) * fix(image): resolve scan deadlock when error occurs in slow mode (#4336) * docs(misconf): Update docs for kubernetes file patterns (#4435) * test: k8s integration tests (#4423) * feat(redhat): add package digest for rpm (#4410) * feat(misconf): Add `--reset-policy-bundle` for policy bundle (#4167) * fix: typo (#4431) * add user instruction to imgconf (#4429) * fix(k8s): add image sources (#4411) * docs(scanning): Add versioning banner (#4415) * feat(cli): add mage command to update golden integration test files (#4380) * feat: node-collector custom namespace support (#4407) * refactor(sbom): use multiline json for spdx-json format (#4404) * fix(ubuntu): add EOL date for Ubuntu 23.04 (#4347) * refactor: code-optimization (#4214) * feat(image): Add image-src flag to specify which runtime(s) to use (#4047) * test: skip wrong update of test golden files (#4379) * refactor: don't return error for package.json without version/name (#4377) * docs: cmd error (#4376) * test(cli): add test for config file and env combination (#2666) * fix(report): set a correct file location for license scan output (#4326) * chore(alpine): Update Alpine to 3.18 (#4351) * fix(alpine): add EOL date for Alpine 3.18 (#4308) * feat: allow root break for mapfs (#4094) * docs(misconf): Remove examples.md (#4256) * fix(ubuntu): update eol dates for Ubuntu (#4258) * feat(alpine): add digests for apk packages (#4168) * chore: add discussion templates (#4190) * fix(terraform): Support tfvars (#4123) * chore: separate docs:generate (#4242) * refactor: define vulnerability scanner interfaces (#4117) * feat: unified k8s scan resources (#4188) * chore: trivy bin ignore (#4212) * feat(image): enforce image platform (#4083) * fix(ubuntu): fix version selection logic for ubuntu esm (#4171) * chore: install.sh support for windows (#4155) * docs: moving skipping files out of others (#4154) Update to version 0.41.0: * fix(spdx): add workaround for no src packages (#4118) * test(golang): rename broken go.mod (#4129) * feat(sbom): add supplier field (#4122) * test(misconf): skip downloading of policies for tests #4126 * refactor: use debug message for post-analyze errors (#4037) * feat(sbom): add VEX support (#4053) * feat(sbom): add primary package purpose field for SPDX (#4119) * fix(k8s): fix quiet flag (#4120) * fix(python): parse of pip extras (#4103) * feat(java): use full path for nested jars (#3992) * feat(license): add new flag for classifier confidence level (#4073) * feat: config and fs compliance support (#4097) * feat(spdx): add support for SPDX 2.3 (#4058) * fix: k8s all-namespaces support (#4096) * perf(misconf): replace with post-analyzers (#4090) * fix(helm): update networking API version detection (#4106) * feat(image): custom docker host option (#3599) * style: debug flag is incorrect and needs extra - (#4087) * docs(vuln): Document inline vulnerability filtering comments (#4024) * feat(fs): customize error callback during fs walk (#4038) * fix(ubuntu): skip copyright files from subfolders (#4076) * docs: restructure scanners (#3977) * fix: fix `file does not exist` error for post-analyzers (#4061) Update to version 0.40.0: * feat(flag): Support globstar for `--skip-files` and `--skip-directories` (#4026) * fix: return insecure option to download javadb (#4064) * fix(nodejs): don't stop parsing when unsupported yarn.lock protocols are found (#4052) * fix(k8s): current context title (#4055) * fix(k8s): quit support on k8s progress bar (#4021) * chore: add a note about Dockerfile.canary (#4050) * fix(vuln): report architecture for debian packages (#4032) * feat: add support for Chainguard's commercial distro (#3641) * fix(vuln): fix error message for remote scanners (#4031) * feat(report): add image metadata to SARIF (#4020) * docs: fix broken cache link on Installation page (#3999) * fix: lock downloading policies and database (#4017) * fix: avoid concurrent access to the global map (#4014) * feat(rust): add Cargo.lock v3 support (#4012) * feat: auth support oci download server subcommand (#4008) * chore: install.sh support for armv7 (#3985) Update to version 0.39.1: * fix(rust): fix panic when 'dependencies' field is not used in cargo.toml (#3997) * fix(sbom): fix infinite loop for cyclonedx (#3998) * fix: use warning for errors from enrichment files for post-analyzers (#3972) * fix(helm): added annotation to psp configurable from values (#3893) * fix(secret): update built-in rule `tests` (#3855) * test: rewrite scripts in Go (#3968) * docs(cli): Improve glob documentation (#3945) Update to version 0.39.0: * docs(cli): added makefile and go file to create docs (#3930) * feat(cyclonedx): support dependency graph (#3177) * feat(server): redis with public TLS certs support (#3783) * feat(flag): Add glob support to `--skip-dirs` and `--skip-files` (#3866) * chore: replace make with mage (#3932) * fix(sbom): add checksum to files (#3888) * chore: remove unused mount volumes (#3927) * feat: add auth support for downloading OCI artifacts (#3915) * refactor(purl): use epoch in qualifier (#3913) * feat(image): add registry options (#3906) * feat(rust): dependency tree and line numbers support for cargo lock file (#3746) * feat(php): add support for location, licenses and graph for composer.lock files (#3873) * feat(image): discover SBOM in OCI referrers (#3768) * docs: change cache-dir key in config file (#3897) * fix(sbom): use release and epoch for SPDX package version (#3896) * docs: Update incorrect comment for skip-update flag (#3878) * refactor(misconf): simplify policy filesystem (#3875) * feat(nodejs): parse package.json alongside yarn.lock (#3757) * fix(spdx): add PkgDownloadLocation field (#3879) * chore(amazon): update EOL (#3876) * fix(nodejs): improvement logic for package-lock.json v2-v3 (#3877) * feat(amazon): add al2023 support (#3854) * docs(misconf): Add information about selectors (#3703) * docs(cli): update CLI docs with cobra (#3815) * feat: k8s parallel processing (#3693) * docs: add DefectDojo in the Security Management section (#3871) * refactor: add pipeline (#3868) * feat(cli): add javadb metadata to version info (#3835) * feat(sbom): add support for CycloneDX JSON Attestation of the correct specification (#3849) * feat: add node toleration option (#3823) * fix: allow mapfs to open dirs (#3867) * fix(report): update uri only for os class targets (#3846) * feat(nodejs): Add v3 npm lock file support (#3826) * feat(nodejs): parse package.json files alongside package-lock.json (#2916) * docs(misconf): Fix links to built in policies (#3841) Update to version 0.38.3: from 1.86.1 to 1.89.1 * fix(java): skip empty files for jar post analyzer * fix(docker): build healthcheck command for line without /bin/sh prefix * refactor(license): use goyacc for license parser (#3824) 23.0.0-rc.1+incompatible to 23.0.1+incompatible * fix: populate timeout context to node-collector * fix: exclude node collector scanning (#3771) * fix: display correct flag in error message when skipping java db update #3808 * fix: disable jar analyzer for scanners other than vuln (#3810) * fix(sbom): fix incompliant license format for spdx (#3335) * fix(java): the project props take precedence over the parent's props (#3320) * docs: add canary build info to README.md (#3799) * docs: adding link to gh token generation (#3784) * docs: changing docs in accordance with #3460 (#3787) Update to version 0.38.2: * fix(license): disable jar analyzer for licence scan only (#3780) * bump trivy-issue-action to v0.0.0; skip `pkg` dir (#3781) * fix: skip checking dirs for required post-analyzers (#3773) * docs: add information about plugin format (#3749) * fix(sbom): add trivy version to spdx creators tool field (#3756) Update to version 0.38.1: * feat(misconf): Add support to show policy bundle version (#3743) * fix(python): fix error with optional dependencies in pyproject.toml (#3741) * add id for package.json files (#3750) Update to version 0.38.0: * fix(cli): pass integer to exit-on-eol (#3716) * feat: add kubernetes pss compliance (#3498) * feat: Adding --module-dir and --enable-modules (#3677) * feat: add special IDs for filtering secrets (#3702) * docs(misconf): Add guide on input schema (#3692) * feat(go): support dependency graph and show only direct dependencies in the tree (#3691) * feat: docker multi credential support (#3631) * feat: summarize vulnerabilities in compliance reports (#3651) * feat(python): parse pyproject.toml alongside poetry.lock (#3695) * feat(python): add dependency tree for poetry lock file (#3665) * fix(cyclonedx): incompliant affect ref (#3679) * chore(helm): update skip-db-update environment variable (#3657) * fix(spdx): change CreationInfo timestamp format RFC3336Nano to RFC3336 (#3675) * fix(sbom): export empty dependencies in CycloneDX (#3664) * docs: java-db air-gap doc tweaks (#3561) * feat(go): license support (#3683) * feat(ruby): add dependency tree/location support for Gemfile.lock (#3669) * fix(k8s): k8s label size (#3678) * fix(cyclondx): fix array empty value, null to [] (#3676) * refactor: rewrite gomod analyzer as post-analyzer (#3674) * feat: config outdated-api result filtered by k8s version (#3578) * fix: Update to Alpine 3.17.2 (#3655) * feat: add support for virtual files (#3654) * feat: add post-analyzers (#3640) * feat(python): add dependency locations for Pipfile.lock (#3614) * fix(java): fix groupID selection by ArtifactID for jar files. (#3644) * fix(aws): Adding a fix for update-cache flag that is not applied on AWS scans. (#3619) * feat(cli): add command completion (#3061) * docs(misconf): update dockerfile link (#3627) * feat(flag): add exit-on-eosl option (#3423) * fix(cli): make java db repository configurable (#3595) * chore: bump trivy-kubernetes (#3613) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-268=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): trivy-0.54.1-bp155.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-42363.html https://www.suse.com/security/cve/CVE-2024-35192.html https://www.suse.com/security/cve/CVE-2024-6257.html https://bugzilla.suse.com/1224781 https://bugzilla.suse.com/1227022

1 0

SUSE-SU-2024:3062-1: moderate: Security update for podman
by OPENSUSE-SECURITY-UPDATES 30 Aug '24

30 Aug '24

# Security update for podman Announcement ID: SUSE-SU-2024:3062-1 Rating: moderate References: * bsc#1227052 Cross-References: * CVE-2024-6104 CVSS scores: * CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for podman fixes the following issues: * CVE-2024-6104: Fixed sensitive information disclosure in log files in go- retryablehttp (bsc#1227052) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3062=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3062=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3062=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3062=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3062=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * podman-remote-4.9.5-150300.9.34.1 * podman-remote-debuginfo-4.9.5-150300.9.34.1 * podman-4.9.5-150300.9.34.1 * podmansh-4.9.5-150300.9.34.1 * podman-debuginfo-4.9.5-150300.9.34.1 * openSUSE Leap 15.3 (noarch) * podman-docker-4.9.5-150300.9.34.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * podman-4.9.5-150300.9.34.1 * podman-debuginfo-4.9.5-150300.9.34.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * podman-remote-4.9.5-150300.9.34.1 * podman-4.9.5-150300.9.34.1 * podman-remote-debuginfo-4.9.5-150300.9.34.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * podman-remote-4.9.5-150300.9.34.1 * podman-4.9.5-150300.9.34.1 * podman-debuginfo-4.9.5-150300.9.34.1 * podman-remote-debuginfo-4.9.5-150300.9.34.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * podman-remote-4.9.5-150300.9.34.1 * podman-4.9.5-150300.9.34.1 * podman-debuginfo-4.9.5-150300.9.34.1 * podman-remote-debuginfo-4.9.5-150300.9.34.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6104.html * https://bugzilla.suse.com/show_bug.cgi?id=1227052

1 0

openSUSE-SU-2024:0267-1: important: Security update for chromium
by opensuse-security＠opensuse.org 30 Aug '24

30 Aug '24

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0267-1 Rating: important References: #1229897 Cross-References: CVE-2024-7969 CVE-2024-8193 CVE-2024-8194 CVE-2024-8198 CVSS scores: CVE-2024-7969 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP5 openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 128.0.6613.113 (boo#1229897) * CVE-2024-7969: Type Confusion in V8 * CVE-2024-8193: Heap buffer overflow in Skia * CVE-2024-8194: Type Confusion in V8 * CVE-2024-8198: Heap buffer overflow in Skia Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-267=1 - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-267=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-128.0.6613.113-bp156.2.20.1 chromedriver-debuginfo-128.0.6613.113-bp156.2.20.1 chromium-128.0.6613.113-bp156.2.20.1 chromium-debuginfo-128.0.6613.113-bp156.2.20.1 - openSUSE Backports SLE-15-SP5 (aarch64 x86_64): chromedriver-128.0.6613.113-bp155.2.108.1 chromium-128.0.6613.113-bp155.2.108.1 References: https://www.suse.com/security/cve/CVE-2024-7969.html https://www.suse.com/security/cve/CVE-2024-8193.html https://www.suse.com/security/cve/CVE-2024-8194.html https://www.suse.com/security/cve/CVE-2024-8198.html https://bugzilla.suse.com/1229897

1 0

SUSE-SU-2024:3054-1: important: Security update for python3-setuptools
by OPENSUSE-SECURITY-UPDATES 28 Aug '24

28 Aug '24

# Security update for python3-setuptools Announcement ID: SUSE-SU-2024:3054-1 Rating: important References: * bsc#1228105 Cross-References: * CVE-2024-6345 CVSS scores: * CVE-2024-6345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Basesystem Module 15-SP6 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * openSUSE Leap Micro 5.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python3-setuptools fixes the following issues: * CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-3054=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3054=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-3054=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3054=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3054=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3054=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3054=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3054=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3054=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-3054=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3054=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3054=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3054=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3054=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3054=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3054=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3054=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3054=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3054=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * Basesystem Module 15-SP5 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * Basesystem Module 15-SP6 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Manager Proxy 4.3 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Manager Server 4.3 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * openSUSE Leap 15.4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * openSUSE Leap Micro 5.5 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * openSUSE Leap 15.5 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * openSUSE Leap 15.6 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * python3-setuptools-test-44.1.1-150400.9.9.1 * python3-setuptools-wheel-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-setuptools-44.1.1-150400.9.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6345.html * https://bugzilla.suse.com/show_bug.cgi?id=1228105

1 0

SUSE-SU-2024:3055-1: important: Security update for python-setuptools
by OPENSUSE-SECURITY-UPDATES 28 Aug '24

28 Aug '24

# Security update for python-setuptools Announcement ID: SUSE-SU-2024:3055-1 Rating: important References: * bsc#1228105 Cross-References: * CVE-2024-6345 CVSS scores: * CVE-2024-6345 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-setuptools fixes the following issues: * CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3055=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3055=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3055=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-3055=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-3055=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-3055=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3055=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3055=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3055=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3055=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3055=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-setuptools-wheel-67.7.2-150400.3.16.1 * python311-setuptools-67.7.2-150400.3.16.1 * openSUSE Leap 15.5 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * openSUSE Leap 15.6 (noarch) * python311-setuptools-wheel-67.7.2-150400.3.16.1 * python311-setuptools-67.7.2-150400.3.16.1 * Public Cloud Module 15-SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * Python 3 Module 15-SP5 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * Python 3 Module 15-SP6 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * python311-setuptools-67.7.2-150400.3.16.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6345.html * https://bugzilla.suse.com/show_bug.cgi?id=1228105

1 0

SUSE-SU-2024:3031-1: moderate: Security update for keepalived
by OPENSUSE-SECURITY-UPDATES 27 Aug '24

27 Aug '24

# Security update for keepalived Announcement ID: SUSE-SU-2024:3031-1 Rating: moderate References: * bsc#1228123 Cross-References: * CVE-2024-41184 CVSS scores: * CVE-2024-41184 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for keepalived fixes the following issues: * CVE-2024-41184: Fixed integer overflow in vrrp_ipsets_handler (bsc#1228123) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3031=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3031=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-3031=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3031=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-3031=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2024-3031=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * keepalived-2.2.2-150400.3.10.1 * keepalived-debugsource-2.2.2-150400.3.10.1 * keepalived-debuginfo-2.2.2-150400.3.10.1 ## References: * https://www.suse.com/security/cve/CVE-2024-41184.html * https://bugzilla.suse.com/show_bug.cgi?id=1228123

1 0

SUSE-SU-2024:3019-1: moderate: Security update for openssl-3
by OPENSUSE-SECURITY-UPDATES 27 Aug '24

27 Aug '24

# Security update for openssl-3 Announcement ID: SUSE-SU-2024:3019-1 Rating: moderate References: * bsc#1226463 * bsc#1227138 Cross-References: * CVE-2024-5535 CVSS scores: * CVE-2024-5535 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: \- Build with no-afalgeng (bsc#1226463) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-3019=1 openSUSE-SLE-15.5-2024-3019=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3019=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-debuginfo-3.0.8-150500.5.39.1 * openssl-3-debugsource-3.0.8-150500.5.39.1 * openssl-3-3.0.8-150500.5.39.1 * libopenssl-3-devel-3.0.8-150500.5.39.1 * libopenssl3-3.0.8-150500.5.39.1 * openssl-3-debuginfo-3.0.8-150500.5.39.1 * openSUSE Leap 15.5 (x86_64) * libopenssl3-32bit-3.0.8-150500.5.39.1 * libopenssl-3-devel-32bit-3.0.8-150500.5.39.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.39.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.39.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-3.0.8-150500.5.39.1 * libopenssl3-64bit-debuginfo-3.0.8-150500.5.39.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.39.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.0.8-150500.5.39.1 * openssl-3-debugsource-3.0.8-150500.5.39.1 * openssl-3-3.0.8-150500.5.39.1 * libopenssl-3-devel-3.0.8-150500.5.39.1 * libopenssl3-3.0.8-150500.5.39.1 * openssl-3-debuginfo-3.0.8-150500.5.39.1 ## References: * https://www.suse.com/security/cve/CVE-2024-5535.html * https://bugzilla.suse.com/show_bug.cgi?id=1226463 * https://bugzilla.suse.com/show_bug.cgi?id=1227138

1 0

SUSE-SU-2024:3018-1: moderate: Security update for mariadb
by OPENSUSE-SECURITY-UPDATES 27 Aug '24

27 Aug '24

# Security update for mariadb Announcement ID: SUSE-SU-2024:3018-1 Rating: moderate References: * bsc#1225983 Cross-References: * CVE-2024-21096 CVSS scores: * CVE-2024-21096 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * Galera for Ericsson 15 SP3 * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: * Updated to 10.5.26 * Updated to 10.5.25: * CVE-2024-21096: Fixed a vulnerability that would allow unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. (bsc#1225983) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3018=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3018=1 * Galera for Ericsson 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2024-3018=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3018=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3018=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3018=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * mariadb-test-10.5.26-150300.3.46.1 * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-test-debuginfo-10.5.26-150300.3.46.1 * mariadb-rpm-macros-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * mariadb-bench-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * mariadb-bench-debuginfo-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * mariadb-galera-10.5.26-150300.3.46.1 * openSUSE Leap 15.3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * Galera for Ericsson 15 SP3 (x86_64) * mariadb-galera-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libmariadbd19-debuginfo-10.5.26-150300.3.46.1 * mariadb-debugsource-10.5.26-150300.3.46.1 * mariadb-tools-debuginfo-10.5.26-150300.3.46.1 * mariadb-debuginfo-10.5.26-150300.3.46.1 * mariadb-tools-10.5.26-150300.3.46.1 * mariadb-client-10.5.26-150300.3.46.1 * libmariadbd19-10.5.26-150300.3.46.1 * libmariadbd-devel-10.5.26-150300.3.46.1 * mariadb-10.5.26-150300.3.46.1 * mariadb-client-debuginfo-10.5.26-150300.3.46.1 * SUSE Enterprise Storage 7.1 (noarch) * mariadb-errormessages-10.5.26-150300.3.46.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21096.html * https://bugzilla.suse.com/show_bug.cgi?id=1225983

1 0

openSUSE-SU-2024:0194-2: moderate: Security update for keybase-client
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for keybase-client ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0194-2 Rating: moderate References: #1213928 Cross-References: CVE-2023-29408 CVSS scores: CVE-2023-29408 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-29408 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for keybase-client fixes the following issues: Update to version 6.2.8 * Update client CA * Fix incomplete locking in config file handling. - Update the Image dependency to address CVE-2023-29408 / boo#1213928. This is done via the new update-image-tiff.patch. - Limit parallel test execution as that seems to cause failing builds on OBS that don't occur locally. - Integrate KBFS packages previously build via own source package * Upstream integrated these into the same source. * Also includes adding kbfs-related patches ensure-mount-dir-exists.patch and ensure-service-stop-unmounts-filesystem.patch. - Upgrade Go version used for compilation to 1.19. - Use Systemd unit file from upstream source. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-194=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): kbfs-6.2.8-bp156.2.3.1 kbfs-debuginfo-6.2.8-bp156.2.3.1 kbfs-git-6.2.8-bp156.2.3.1 kbfs-git-debuginfo-6.2.8-bp156.2.3.1 kbfs-tool-6.2.8-bp156.2.3.1 kbfs-tool-debuginfo-6.2.8-bp156.2.3.1 keybase-client-6.2.8-bp156.2.3.1 keybase-client-debuginfo-6.2.8-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2023-29408.html https://bugzilla.suse.com/1213928

1 0

openSUSE-SU-2024:0258-2: important: Security update for chromium
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0258-2 Rating: important References: #1229426 #1229591 Cross-References: CVE-2024-7964 CVE-2024-7965 CVE-2024-7966 CVE-2024-7967 CVE-2024-7968 CVE-2024-7969 CVE-2024-7971 CVE-2024-7972 CVE-2024-7973 CVE-2024-7974 CVE-2024-7975 CVE-2024-7976 CVE-2024-7977 CVE-2024-7978 CVE-2024-7979 CVE-2024-7980 CVE-2024-7981 CVE-2024-8033 CVE-2024-8034 CVE-2024-8035 CVSS scores: CVE-2024-7964 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7966 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7968 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7969 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7974 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7975 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7976 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7978 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2024-7981 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8033 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8034 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8035 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 128.0.6613.84 (boo#1229591) * CVE-2024-7964: Use after free in Passwords * CVE-2024-7965: Inappropriate implementation in V8 * CVE-2024-7966: Out of bounds memory access in Skia * CVE-2024-7967: Heap buffer overflow in Fonts * CVE-2024-7968: Use after free in Autofill * CVE-2024-7969: Type Confusion in V8 * CVE-2024-7971: Type confusion in V8 * CVE-2024-7972: Inappropriate implementation in V8 * CVE-2024-7973: Heap buffer overflow in PDFium * CVE-2024-7974: Insufficient data validation in V8 API * CVE-2024-7975: Inappropriate implementation in Permissions * CVE-2024-7976: Inappropriate implementation in FedCM * CVE-2024-7977: Insufficient data validation in Installer * CVE-2024-7978: Insufficient policy enforcement in Data Transfer * CVE-2024-7979: Insufficient data validation in Installer * CVE-2024-7980: Insufficient data validation in Installer * CVE-2024-7981: Inappropriate implementation in Views * CVE-2024-8033: Inappropriate implementation in WebApp Installs * CVE-2024-8034: Inappropriate implementation in Custom Tabs * CVE-2024-8035: Inappropriate implementation in Extensions * Various fixes from internal audits, fuzzing and other initiatives Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-258=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-128.0.6613.84-bp156.2.17.1 chromedriver-debuginfo-128.0.6613.84-bp156.2.17.1 chromium-128.0.6613.84-bp156.2.17.1 chromium-debuginfo-128.0.6613.84-bp156.2.17.1 References: https://www.suse.com/security/cve/CVE-2024-7964.html https://www.suse.com/security/cve/CVE-2024-7965.html https://www.suse.com/security/cve/CVE-2024-7966.html https://www.suse.com/security/cve/CVE-2024-7967.html https://www.suse.com/security/cve/CVE-2024-7968.html https://www.suse.com/security/cve/CVE-2024-7969.html https://www.suse.com/security/cve/CVE-2024-7971.html https://www.suse.com/security/cve/CVE-2024-7972.html https://www.suse.com/security/cve/CVE-2024-7973.html https://www.suse.com/security/cve/CVE-2024-7974.html https://www.suse.com/security/cve/CVE-2024-7975.html https://www.suse.com/security/cve/CVE-2024-7976.html https://www.suse.com/security/cve/CVE-2024-7977.html https://www.suse.com/security/cve/CVE-2024-7978.html https://www.suse.com/security/cve/CVE-2024-7979.html https://www.suse.com/security/cve/CVE-2024-7980.html https://www.suse.com/security/cve/CVE-2024-7981.html https://www.suse.com/security/cve/CVE-2024-8033.html https://www.suse.com/security/cve/CVE-2024-8034.html https://www.suse.com/security/cve/CVE-2024-8035.html https://bugzilla.suse.com/1229426 https://bugzilla.suse.com/1229591

1 0

openSUSE-SU-2024:0231-1: moderate: Security update for python-notebook
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for python-notebook ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0231-1 Rating: moderate References: #1227583 Cross-References: CVE-2019-11358 CVE-2021-32798 CVSS scores: CVE-2019-11358 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-32798 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-notebook fixes the following issues: - Update to 5.7.11 * sanitizer fix CVE-2021-32798 (boo#1227583) - Update to 5.7.10 * no upstream changelog - Update to 5.7.9 * Update JQuery dependency to version 3.4.1 to fix security vulnerability (CVE-2019-11358) * Update from preact to React Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-231=1 Package List: - openSUSE Backports SLE-15-SP6 (noarch): jupyter-notebook-5.7.11-bp156.4.3.1 jupyter-notebook-doc-5.7.11-bp156.4.3.1 jupyter-notebook-lang-5.7.11-bp156.4.3.1 jupyter-notebook-latex-5.7.11-bp156.4.3.1 python3-notebook-5.7.11-bp156.4.3.1 python3-notebook-lang-5.7.11-bp156.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-11358.html https://www.suse.com/security/cve/CVE-2021-32798.html https://bugzilla.suse.com/1227583

1 0

openSUSE-SU-2024:0155-1: important: Security update for chromium
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0155-1 Rating: important References: #1225690 Cross-References: CVE-2024-5493 CVE-2024-5494 CVE-2024-5495 CVE-2024-5496 CVE-2024-5497 CVE-2024-5498 CVE-2024-5499 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 125.0.6422.141 (boo#1225690) * CVE-2024-5493: Heap buffer overflow in WebRTC * CVE-2024-5494: Use after free in Dawn * CVE-2024-5495: Use after free in Dawn * CVE-2024-5496: Use after free in Media Session * CVE-2024-5497: Out of bounds memory access in Keyboard Inputs * CVE-2024-5498: Use after free in Presentation API * CVE-2024-5499: Out of bounds write in Streams API Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-155=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-125.0.6422.141-bp156.2.3.1 chromium-125.0.6422.141-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2024-5493.html https://www.suse.com/security/cve/CVE-2024-5494.html https://www.suse.com/security/cve/CVE-2024-5495.html https://www.suse.com/security/cve/CVE-2024-5496.html https://www.suse.com/security/cve/CVE-2024-5497.html https://www.suse.com/security/cve/CVE-2024-5498.html https://www.suse.com/security/cve/CVE-2024-5499.html https://bugzilla.suse.com/1225690

1 0

openSUSE-SU-2024:0221-1: important: Security update for python-nltk
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for python-nltk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0221-1 Rating: important References: #1227174 Cross-References: CVE-2024-39705 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-nltk fixes the following issues: - CVE-2024-39705: Fixed remote code execution through unsafe pickle usage (boo#1227174). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-221=1 Package List: - openSUSE Backports SLE-15-SP6 (noarch): python3-nltk-3.7-bp156.4.3.1 References: https://www.suse.com/security/cve/CVE-2024-39705.html https://bugzilla.suse.com/1227174

1 0

openSUSE-SU-2024:0220-1: moderate: Security update for caddy
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for caddy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0220-1 Rating: moderate References: #1222468 Cross-References: CVE-2023-45142 CVE-2024-22189 CVSS scores: CVE-2023-45142 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2023-45142 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-22189 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for caddy fixes the following issues: - Update to version 2.8.4: * cmd: fix regression in auto-detect of Caddyfile (#6362) * Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped - Update to version 2.8.2: * cmd: fix auto-detetction of .caddyfile extension (#6356) * caddyhttp: properly sanitize requests for root path (#6360) * caddytls: Implement certmagic.RenewalInfoGetter * build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361) - Update to version 2.8.1: * caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350) * core: MkdirAll appDataDir in InstanceID with 0o700 (#6340) - Update to version 2.8.0: * acmeserver: Add `sign_with_root` for Caddyfile (#6345) * caddyfile: Reject global request matchers earlier (#6339) * core: Fix bug in AppIfConfigured (fix #6336) * fix a typo (#6333) * autohttps: Move log WARN to INFO, reduce confusion (#6185) * reverseproxy: Support HTTP/3 transport to backend (#6312) * context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292) * Fix lint error about deprecated method in smallstep/certificates/authority * go.mod: Upgrade dependencies * caddytls: fix permission requirement with AutomationPolicy (#6328) * caddytls: remove ClientHelloSNICtxKey (#6326) * caddyhttp: Trace individual middleware handlers (#6313) * templates: Add `pathEscape` template function and use it in file browser (#6278) * caddytls: set server name in context (#6324) * chore: downgrade minimum Go version in go.mod (#6318) * caddytest: normalize the JSON config (#6316) * caddyhttp: New experimental handler for intercepting responses (#6232) * httpcaddyfile: Set challenge ports when http_port or https_port are used * logging: Add support for additional logger filters other than hostname (#6082) * caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106) * Second half of 6dce493 * caddyhttp: Alter log message when request is unhandled (close #5182) * chore: Bump Go version in CI (#6310) * go.mod: go 1.22.3 * Fix typos (#6311) * reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307) * tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308) * go.mod: CertMagic v0.21.0 * reverseproxy: Implement health_follow_redirects (#6302) * caddypki: Allow use of root CA without a key. Fixes #6290 (#6298) * go.mod: Upgrade to quic-go v0.43.1 * reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301) * caddytls: Ability to drop connections (close #6294) * build(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289) * httpcaddyfile: Fix expression matcher shortcut in snippets (#6288) * caddytls: Evict internal certs from cache based on issuer (#6266) * chore: add warn logs when using deprecated fields (#6276) * caddyhttp: Fix linter warning about deprecation * go.mod: Upgrade to quic-go v0.43.0 * fileserver: Set "Vary: Accept-Encoding" header (see #5849) * events: Add debug log * reverseproxy: handle buffered data during hijack (#6274) * ci: remove `android` and `plan9` from cross-build workflow (#6268) * run `golangci-lint run --fix --fast` (#6270) * caddytls: Option to configure certificate lifetime (#6253) * replacer: Implement `file.*` global replacements (#5463) * caddyhttp: Address some Go 1.20 features (#6252) * Quell linter (false positive) * reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264) * doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263) * caddytls: Add Caddyfile support for on-demand permission module (close #6260) * reverseproxy: Remove long-deprecated buffering properties * reverseproxy: Reuse buffered request body even if partially drained * reverseproxy: Accept EOF when buffering * logging: Fix default access logger (#6251) * fileserver: Improve Vary handling (#5849) * cmd: Only validate config is proper JSON if config slice has data (#6250) * staticresp: Use the evaluated response body for sniffing JSON content-type (#6249) * encode: Slight fix for the previous commit * encode: Improve Etag handling (fix #5849) * httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148) * caddyfile: Populate regexp matcher names by default (#6145) * caddyhttp: record num. bytes read when response writer is hijacked (#6173) * caddyhttp: Support multiple logger names per host (#6088) * chore: fix some typos in comments (#6243) * encode: Configurable compression level for zstd (#6140) * caddytls: Remove shim code supporting deprecated lego-dns (#6231) * connection policy: add `local_ip` matcher (#6074) * reverseproxy: Wait for both ends of websocket to close (#6175) * caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) * caddytls: Still provision permission module if ask is specified * fileserver: read etags from precomputed files (#6222) * fileserver: Escape # and ? in img src (fix #6237) * reverseproxy: Implement modular CA provider for TLS transport (#6065) * caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226) * cmd: Fix panic related to config filename (fix #5919) * cmd: Assume Caddyfile based on filename prefix and suffix (#5919) * admin: Make `Etag` a header, not a trailer (#6208) * caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234) * caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227) * gitignore: Add rule for caddyfile.go (#6225) * chore: Fix broken links in README.md (#6223) * chore: Upgrade some dependencies (#6221) * caddyhttp: Add plaintext response to `file_server browse` (#6093) * admin: Use xxhash for etag (#6207) * modules: fix some typo in conments (#6206) * caddyhttp: Replace sensitive headers with REDACTED (close #5669) * caddyhttp: close quic connections when server closes (#6202) * reverseproxy: Use xxhash instead of fnv32 for LB (#6203) * caddyhttp: add http.request.local{,.host,.port} placeholder (#6182) * chore: upgrade deps (#6198) * chore: remove repetitive word (#6193) * Added a null check to avoid segfault on rewrite query ops (#6191) * rewrite: `uri query` replace operation (#6165) * logging: support `ms` duration format and add docs (#6187) * replacer: use RWMutex to protect static provider (#6184) * caddyhttp: Allow `header` replacement with empty string (#6163) * vars: Make nil values act as empty string instead of `"<nil>"` (#6174) * chore: Update quic-go to v0.42.0 (#6176) * caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183) * reverseproxy: configurable active health_passes and health_fails (#6154) * reverseproxy: Configurable forward proxy URL (#6114) * caddyhttp: upgrade to cel v0.20.0 (#6161) * chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169) * caddyhttp: suppress flushing if the response is being buffered (#6150) * chore: encode: use FlushError instead of Flush (#6168) * encode: write status immediately when status code is informational (#6164) * httpcaddyfile: Keep deprecated `skip_log` in directive order (#6153) * httpcaddyfile: Add `RegisterDirectiveOrder` function for plugin authors (#5865) * rewrite: Implement `uri query` operations (#6120) * fix struct names (#6151) * fileserver: Preserve query during canonicalization redirect (#6109) * logging: Implement `log_append` handler (#6066) * httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113) * logging: Implement `append` encoder, allow flatter filters config (#6069) * ci: fix the integration test `TestLeafCertLoaders` (#6149) * vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108) * caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) * cmd: Adjust config load logs/errors (#6032) * reverseproxy: SRV dynamic upstream failover (#5832) * ci: bump golangci/golangci-lint-action from 3 to 4 (#6141) * core: OnExit hooks (#6128) * cmd: fix the output of the `Usage` section (#6138) * caddytls: verifier: caddyfile: re-add Caddyfile support (#6127) * acmeserver: add policy field to define allow/deny rules (#5796) * reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115) * caddytest: Rename adapt tests to `*.caddyfiletest` extension (#6119) * tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103) * caddyfile: Assert having a space after heredoc marker to simply check (#6117) * chore: Update Chroma to get the new Caddyfile lexer (#6118) * reverseproxy: use context.WithoutCancel (#6116) * caddyfile: Reject directives in the place of site addresses (#6104) * caddyhttp: Register post-shutdown callbacks (#5948) * caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102) * caddyauth: Drop support for `scrypt` (#6091) * Revert "caddyfile: Reject long heredoc markers (#6098)" (#6100) * caddyauth: Rename `basicauth` to `basic_auth` (#6092) * logging: Inline Caddyfile syntax for `ip_mask` filter (#6094) * caddyfile: Reject long heredoc markers (#6098) * chore: Rename CI jobs, run on M1 mac (#6089) * update comment * improved list * fix: add back text/* * fix: add more media types to the compressed by default list * acmeserver: support specifying the allowed challenge types (#5794) * matchers: Drop `forwarded` option from `remote_ip` matcher (#6085) * caddyhttp: Test cases for `%2F` and `%252F` (#6084) * bump to golang 1.22 (#6083) * fileserver: Browse can show symlink target if enabled (#5973) * core: Support NO_COLOR env var to disable log coloring (#6078) * build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080) * Update comment in setcap helper script * caddytls: Make on-demand 'ask' permission modular (#6055) * core: Add `ctx.Slogger()` which returns an `slog` logger (#5945) * chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043) * chore: enabling a few more linters (#5961) * caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062) * caddyfile: Switch to slices.Equal for better performance (#6061) * tls: modularize trusted CA providers (#5784) * logging: Automatic `wrap` default for `filter` encoder (#5980) * caddyhttp: Fix panic when request missing ClientIPVarKey (#6040) * caddyfile: Normalize & flatten all unmarshalers (#6037) * cmd: reverseproxy: log: use caddy logger (#6042) * matchers: `query` now ANDs multiple keys (#6054) * caddyfile: Add heredoc support to `fmt` command (#6056) * refactor: move automaxprocs init in caddycmd.Main() * caddyfile: Allow heredoc blank lines (#6051) * httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965) * httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844) * fileserver: Implement caddyfile.Unmarshaler interface (#5850) * reverseproxy: Add `tls_curves` option to HTTP transport (#5851) * caddyhttp: Security enhancements for client IP parsing (#5805) * replacer: Fix escaped closing braces (#5995) * filesystem: Globally declared filesystems, `fs` directive (#5833) * ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031) * httpcaddyfile: Fix redir <to> html (#6001) * httpcaddyfile: Support client auth verifiers (#6022) * tls: add reuse_private_keys (#6025) * reverseproxy: Only change Content-Length when full request is buffered (#5830) * Switch Solaris-derivatives away from listen_unix (#6021) * build(deps): bump actions/upload-artifact from 3 to 4 (#6013) * build(deps): bump actions/setup-go from 4 to 5 (#6012) * chore: check against errors of `io/fs` instead of `os` (#6011) * caddyhttp: support unix sockets in `caddy respond` command (#6010) * fileserver: Add total file size to directory listing (#6003) * httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997) * build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994) * cmd: use automaxprocs for better perf in containers (#5711) * logging: Add `zap.Option` support (#5944) * httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990) * metrics: Record request metrics on HTTP errors (#5979) * go.mod: Updated quic-go to v0.40.1 (#5983) * fileserver: Enable compression for command by default (#5855) * fileserver: New --precompressed flag (#5880) * caddyhttp: Add `uuid` to access logs when used (#5859) * proxyprotocol: use github.com/pires/go-proxyproto (#5915) * cmd: Preserve LastModified date when exporting storage (#5968) * core: Always make AppDataDir for InstanceID (#5976) * chore: cross-build for AIX (#5971) * caddytls: Sync distributed storage cleaning (#5940) * caddytls: Context to DecisionFunc (#5923) * tls: accept placeholders in string values of certificate loaders (#5963) * templates: Offically make templates extensible (#5939) * http2 uses new round-robin scheduler (#5946) * panic when reading from backend failed to propagate stream error (#5952) * chore: Bump otel to v1.21.0. (#5949) * httpredirectlistener: Only set read limit for when request is HTTP (#5917) * fileserver: Add .m4v for browse template icon * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) * go.mod: update quic-go version to v0.40.0 (#5922) * update quic-go to v0.39.3 (#5918) * chore: Fix usage pool comment (#5916) * test: acmeserver: add smoke test for the ACME server directory (#5914) * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) * caddyhttp: Adjust `scheme` placeholder docs (#5910) * go.mod: Upgrade quic-go to v0.39.1 * go.mod: CVE-2023-45142 Update opentelemetry (#5908) * templates: Delete headers on `httpError` to reset to clean slate (#5905) * httpcaddyfile: Remove port from logger names (#5881) * core: Apply SO_REUSEPORT to UDP sockets (#5725) * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) * cmd: Add newline character to version string in CLI output (#5895) * core: quic listener will manage the underlying socket by itself (#5749) * templates: Clarify `include` args docs, add `.ClientIP` (#5898) * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) * cmd: upgrade: resolve symlink of the executable (#5891) * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) - CVEs: * CVE-2024-22189 (boo#1222468) * CVE-2023-45142 - Update to version 2.7.6: * caddytls: Sync distributed storage cleaning (#5940) * caddytls: Context to DecisionFunc (#5923) * tls: accept placeholders in string values of certificate loaders (#5963) * templates: Offically make templates extensible (#5939) * http2 uses new round-robin scheduler (#5946) * panic when reading from backend failed to propagate stream error (#5952) * chore: Bump otel to v1.21.0. (#5949) * httpredirectlistener: Only set read limit for when request is HTTP (#5917) * fileserver: Add .m4v for browse template icon * Revert "caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)" (#5924) * go.mod: update quic-go version to v0.40.0 (#5922) * update quic-go to v0.39.3 (#5918) * chore: Fix usage pool comment (#5916) * test: acmeserver: add smoke test for the ACME server directory (#5914) * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) * caddyhttp: Adjust `scheme` placeholder docs (#5910) * go.mod: Upgrade quic-go to v0.39.1 * go.mod: CVE-2023-45142 Update opentelemetry (#5908) * templates: Delete headers on `httpError` to reset to clean slate (#5905) * httpcaddyfile: Remove port from logger names (#5881) * core: Apply SO_REUSEPORT to UDP sockets (#5725) * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) * cmd: Add newline character to version string in CLI output (#5895) * core: quic listener will manage the underlying socket by itself (#5749) * templates: Clarify `include` args docs, add `.ClientIP` (#5898) * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) * cmd: upgrade: resolve symlink of the executable (#5891) * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) - Update to version 2.7.5: * admin: Respond with 4xx on non-existing config path (#5870) * ci: Force the Go version for govulncheck (#5879) * fileserver: Set canonical URL on browse template (#5867) * tls: Add X25519Kyber768Draft00 PQ "curve" behind build tag (#5852) * reverseproxy: Add more debug logs (#5793) * reverseproxy: Fix `least_conn` policy regression (#5862) * reverseproxy: Add logging for dynamic A upstreams (#5857) * reverseproxy: Replace health header placeholders (#5861) * httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860) * cmd: Fix exiting with custom status code, add `caddy -v` (#5874) * reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828) * reverseproxy: Fix retries on "upstreams unavailable" error (#5841) * httpcaddyfile: Enable TLS for catch-all site if `tls` directive is specified (#5808) * encode: Add `application/wasm*` to the default content types (#5869) * fileserver: Add command shortcuts `-l` and `-a` (#5854) * go.mod: Upgrade dependencies incl. x/net/http * templates: Add dummy `RemoteAddr` to `httpInclude` request, proxy compatibility (#5845) * reverseproxy: Allow fallthrough for response handlers without routes (#5780) * fix: caddytest.AssertResponseCode error message (#5853) * build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847) * build(deps): bump actions/checkout from 3 to 4 (#5846) * caddyhttp: Use LimitedReader for HTTPRedirectListener * fileserver: browse template SVG icons and UI tweaks (#5812) * reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811) * httpcaddyfile: fix placeholder shorthands in named routes (#5791) * cmd: Prevent overwriting existing env vars with `--envfile` (#5803) * ci: Run govulncheck (#5790) * logging: query filter for array of strings (#5779) * logging: Clone array on log filters, prevent side-effects (#5786) * fileserver: Export BrowseTemplate * ci: ensure short-sha is exported correctly on all platforms (#5781) * caddyfile: Fix case where heredoc marker is empty after newline (#5769) * go.mod: Update quic-go to v0.38.0 (#5772) * chore: Appease gosec linter (#5777) * replacer: change timezone to UTC for "time.now.http" placeholders (#5774) * caddyfile: Adjust error formatting (#5765) * update quic-go to v0.37.6 (#5767) * httpcaddyfile: Stricter errors for site and upstream address schemes (#5757) * caddyfile: Loosen heredoc parsing (#5761) * fileserver: docs: clarify the ability to produce JSON array with `browse` (#5751) * fix package typo (#5764) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-220=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): caddy-2.8.4-bp156.3.3.1 - openSUSE Backports SLE-15-SP6 (noarch): caddy-bash-completion-2.8.4-bp156.3.3.1 caddy-fish-completion-2.8.4-bp156.3.3.1 caddy-zsh-completion-2.8.4-bp156.3.3.1 References: https://www.suse.com/security/cve/CVE-2023-45142.html https://www.suse.com/security/cve/CVE-2024-22189.html https://bugzilla.suse.com/1222468

1 0

openSUSE-SU-2024:0206-1: moderate: Security update for cockpit
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for cockpit ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0206-1 Rating: moderate References: #1226040 #1227299 Cross-References: CVE-2024-6126 CVSS scores: CVE-2024-6126 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cockpit fixes the following issues: - new version 320: * pam-ssh-add: Fix insecure killing of session ssh-agent (boo#1226040, CVE-2024-6126) - changes in older versions: * Storage: Btrfs snapshots * Podman: Add image pull action * Files: Bookmark support * webserver: System user changes * Metrics: Grafana setup now prefers Valkey - Invalid json against the storaged manifest boo#1227299 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-206=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64): cockpit-320-bp156.2.6.3 cockpit-bridge-320-bp156.2.6.3 cockpit-devel-320-bp156.2.6.3 cockpit-pcp-320-bp156.2.6.3 cockpit-ws-320-bp156.2.6.3 - openSUSE Backports SLE-15-SP6 (noarch): cockpit-doc-320-bp156.2.6.3 cockpit-kdump-320-bp156.2.6.3 cockpit-networkmanager-320-bp156.2.6.3 cockpit-packagekit-320-bp156.2.6.3 cockpit-selinux-320-bp156.2.6.3 cockpit-storaged-320-bp156.2.6.3 cockpit-system-320-bp156.2.6.3 References: https://www.suse.com/security/cve/CVE-2024-6126.html https://bugzilla.suse.com/1226040 https://bugzilla.suse.com/1227299

1 0

openSUSE-SU-2024:0226-1: moderate: Security update for gh
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for gh ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0226-1 Rating: moderate References: #1227035 Cross-References: CVE-2024-6104 CVSS scores: CVE-2024-6104 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-6104 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gh fixes the following issues: Update to version 2.53.0: * CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file (boo#1227035) * Disable `TestGetTrustedRoot/successfully_verifies_TUF_root` test due to https://github.com/cli/cli/issues/8928 * Rename package directory and files * Rename package name to `update_branch` * Rename `gh pr update` to `gh pr update-branch` * Add test case for merge conflict error * Handle merge conflict error * Return error if PR is not mergeable * Replace literals with consts for `Mergeable` field values * Add separate type for `PullRequest.Mergeable` field * Remove unused flag * Print message on stdout instead of stderr * Raise error if editor is used in non-tty mode * Add tests for JSON field support on issue and pr view commands * docs: Update documentation for `gh repo create` to clarify owner * Ensure PR does not panic when stateReason is requested * Enable to use --web even though editor is enabled by config * Add editor hint message * Use prefer_editor_prompt config by `issue create` * Add prefer_editor_prompt config * Add `issue create --editor` * Update create.go * gh attestation trusted-root subcommand (#9206) * Fetch variable selected repo relationship when required * Add `createdAt` field to tests * Add `createdAt` field to `Variable` type * Add test for exporting as JSON * Add test for JSON output * Only populate selected repo information for JSON output * Add test to verify JSON exporter gets set * Add `--json` option support * Use `Variable` type defined in `shared` package * Add tests for JSON output * Move `Variable` type and `PopulateSelectedRepositoryInformation` func to shared * Fix query parameter name * Update tests to account for ref comparison step * Improve query variable names * Check if PR branch is already up-to-date * Add `ComparePullRequestBaseBranchWith` function * Run `go mod tidy` * Add test to verify `--repo` requires non-empty selector * Require non-empty selector when `--repo` override is used * Run `go mod tidy` * Register `update` command * Add tests for `pr update` command * Add `pr update` command * Add `UpdatePullRequestBranch` method * Upgrade `shurcooL/githubv4` Update to version 2.52.0: * Attestation Verification - Buffer Fix * Remove beta note from attestation top level command * Removed beta note from `gh at download`. * Removed beta note from `gh at verify`, clarified reusable workflows use case. * add `-a` flag to `gh run list` Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-226=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): gh-2.53.0-bp156.2.6.1 - openSUSE Backports SLE-15-SP6 (noarch): gh-bash-completion-2.53.0-bp156.2.6.1 gh-fish-completion-2.53.0-bp156.2.6.1 gh-zsh-completion-2.53.0-bp156.2.6.1 References: https://www.suse.com/security/cve/CVE-2024-6104.html https://bugzilla.suse.com/1227035

1 0

openSUSE-SU-2024:0157-2: important: Security update for nano
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for nano ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0157-2 Rating: important References: #1226099 Cross-References: CVE-2024-5742 CVSS scores: CVE-2024-5742 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nano fixes the following issues: - CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file (boo#1226099) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-157=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): nano-7.2-bp156.3.3.1 nano-debuginfo-7.2-bp156.3.3.1 nano-debugsource-7.2-bp156.3.3.1 - openSUSE Backports SLE-15-SP6 (noarch): nano-lang-7.2-bp156.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-5742.html https://bugzilla.suse.com/1226099

1 0

openSUSE-SU-2024:0254-2: important: Security update for chromium, gn, rust-bindgen
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for chromium, gn, rust-bindgen ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0254-2 Rating: important References: #1228628 #1228940 #1228941 #1228942 Cross-References: CVE-2024-6988 CVE-2024-6989 CVE-2024-6990 CVE-2024-6991 CVE-2024-6992 CVE-2024-6993 CVE-2024-6994 CVE-2024-6995 CVE-2024-6996 CVE-2024-6997 CVE-2024-6998 CVE-2024-6999 CVE-2024-7000 CVE-2024-7001 CVE-2024-7003 CVE-2024-7004 CVE-2024-7005 CVE-2024-7255 CVE-2024-7256 CVE-2024-7532 CVE-2024-7533 CVE-2024-7534 CVE-2024-7535 CVE-2024-7536 CVE-2024-7550 CVSS scores: CVE-2024-6988 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6989 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6990 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6991 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6994 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6995 (NVD) : 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVE-2024-6996 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-6997 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6998 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-6999 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7000 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7001 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7003 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7004 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7005 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7255 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7532 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7533 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7534 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7535 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7536 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7550 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 25 vulnerabilities is now available. Description: This update for chromium, gn, rust-bindgen fixes the following issues: - Chromium 127.0.6533.119 (boo#1228941) * CVE-2024-7532: Out of bounds memory access in ANGLE * CVE-2024-7533: Use after free in Sharing * CVE-2024-7550: Type Confusion in V8 * CVE-2024-7534: Heap buffer overflow in Layout * CVE-2024-7535: Inappropriate implementation in V8 * CVE-2024-7536: Use after free in WebAudio - Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942) * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-6990: Uninitialized Use in Dawn * CVE-2024-7255: Out of bounds read in WebTransport * CVE-2024-7256: Insufficient data validation in Dawn gh: - Update to version 0.20240730: * Rust: link_output, depend_output and runtime_outputs for dylibs * Add missing reference section to function_toolchain.cc * Do not cleanup args.gn imports located in the output directory. * Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule * Do not add native dependencies to the library search path * Support linking frameworks and swiftmodules in Rust targets * [desc] Silence print() statements when outputing json * infra: Move CI/try builds to Ubuntu-22.04 * [MinGW] Fix mingw building issues * [gn] Fix "link" in the //examples/simple_build/build/toolchain/BUILD.gn * [template] Fix "rule alink_thin" in the //build/build_linux.ninja.template * Allow multiple --ide switches * [src] Add "#include <limits>" in the //src/base/files/file_enumerator_win.cc * Get updates to infra/recipes.py from upstream * Revert "Teach gn to handle systems with > 64 processors" * [apple] Rename the code-signing properties of create_bundle * Fix a typo in "gn help refs" output * Revert "[bundle] Use "phony" builtin tool for create_bundle targets" * [bundle] Use "phony" builtin tool for create_bundle targets * [ios] Simplify handling of assets catalog * [swift] List all outputs as deps of "source_set" stamp file * [swift] Update `gn check ...` to consider the generated header * [swift] Set `restat = 1` to swift build rules * Fix build with gcc12 * [label_matches] Add new functions label_matches(), filter_labels_include() and filter_labels_exclude() * [swift] Remove problematic use of "stamp" tool * Implement new --ninja-outputs-file option. * Add NinjaOutputsWriter class * Move InvokePython() function to its own source file. * zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat * Enable C++ runtime assertions in debug mode. * Fix regression in MakeRelativePath() * fix: Fix Windows MakeRelativePath. * Add long path support for windows * Ensure read_file() files are considered by "gn analyze" * apply 2to3 to for some Python scripts * Add rustflags to desc and help output * strings: support case insensitive check only in StartsWith/EndsWith * add .git-blame-ignore-revs * use std::{string,string_view}::{starts_with,ends_with} * apply clang-format to all C++ sources * add forward declaration in rust_values.h * Add `root_patterns` list to build configuration. * Use c++20 in GN build * update windows sdk to 2024-01-11 * update windows sdk * Add linux-riscv64. * Update OWNERS list. * remove unused function * Ignore build warning -Werror=redundant-move * Fix --as=buildfile `gn desc deps` output. * Update recipe engine to 9dea1246. * treewide: Fix spelling mistakes Added rust-bindgen: - Version 0.69.1 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-254=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): gn-0.20240730-bp156.2.3.1 gn-debuginfo-0.20240730-bp156.2.3.1 gn-debugsource-0.20240730-bp156.2.3.1 rust-bindgen-0.69.1-bp156.2.1 rust-bindgen-debuginfo-0.69.1-bp156.2.1 - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-127.0.6533.119-bp156.2.14.1 chromedriver-debuginfo-127.0.6533.119-bp156.2.14.1 chromium-127.0.6533.119-bp156.2.14.1 chromium-debuginfo-127.0.6533.119-bp156.2.14.1 References: https://www.suse.com/security/cve/CVE-2024-6988.html https://www.suse.com/security/cve/CVE-2024-6989.html https://www.suse.com/security/cve/CVE-2024-6990.html https://www.suse.com/security/cve/CVE-2024-6991.html https://www.suse.com/security/cve/CVE-2024-6992.html https://www.suse.com/security/cve/CVE-2024-6993.html https://www.suse.com/security/cve/CVE-2024-6994.html https://www.suse.com/security/cve/CVE-2024-6995.html https://www.suse.com/security/cve/CVE-2024-6996.html https://www.suse.com/security/cve/CVE-2024-6997.html https://www.suse.com/security/cve/CVE-2024-6998.html https://www.suse.com/security/cve/CVE-2024-6999.html https://www.suse.com/security/cve/CVE-2024-7000.html https://www.suse.com/security/cve/CVE-2024-7001.html https://www.suse.com/security/cve/CVE-2024-7003.html https://www.suse.com/security/cve/CVE-2024-7004.html https://www.suse.com/security/cve/CVE-2024-7005.html https://www.suse.com/security/cve/CVE-2024-7255.html https://www.suse.com/security/cve/CVE-2024-7256.html https://www.suse.com/security/cve/CVE-2024-7532.html https://www.suse.com/security/cve/CVE-2024-7533.html https://www.suse.com/security/cve/CVE-2024-7534.html https://www.suse.com/security/cve/CVE-2024-7535.html https://www.suse.com/security/cve/CVE-2024-7536.html https://www.suse.com/security/cve/CVE-2024-7550.html https://bugzilla.suse.com/1228628 https://bugzilla.suse.com/1228940 https://bugzilla.suse.com/1228941 https://bugzilla.suse.com/1228942

1 0

openSUSE-SU-2024:0161-1: moderate: Security update for plasma5-workspace
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for plasma5-workspace ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0161-1 Rating: moderate References: #1225774 #1226110 Cross-References: CVE-2024-36041 CVSS scores: CVE-2024-36041 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: plasma5-workspace was updated to fix the following issue: - Fixed ksmserver authentication (CVE-2024-36041, boo#1225774). - Fixed a regression introduced by the preceding change (kde#487912, boo#1226110): Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-161=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64): gmenudbusmenuproxy-5.27.11-bp156.3.3.1 plasma5-session-wayland-5.27.11-bp156.3.3.1 plasma5-workspace-5.27.11-bp156.3.3.1 plasma5-workspace-devel-5.27.11-bp156.3.3.1 plasma5-workspace-libs-5.27.11-bp156.3.3.1 xembedsniproxy-5.27.11-bp156.3.3.1 - openSUSE Backports SLE-15-SP6 (noarch): plasma5-session-5.27.11-bp156.3.3.1 plasma5-workspace-lang-5.27.11-bp156.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-36041.html https://bugzilla.suse.com/1225774 https://bugzilla.suse.com/1226110

1 0

openSUSE-SU-2024:0203-1: critical: Security update for znc
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for znc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0203-1 Rating: critical References: #1227393 Cross-References: CVE-2024-39844 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for znc fixes the following issues: Update to 1.9.1 (boo#1227393, CVE-2024-39844) * This is a security release to fix CVE-2024-39844: remote code execution vulnerability in modtcl. To mitigate this for existing installations, simply unload the modtcl module for every user, if it's loaded. Note that only users with admin rights can load modtcl at all. * Improve tooltips in webadmin. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-203=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): znc-1.9.1-bp156.2.3.1 znc-devel-1.9.1-bp156.2.3.1 znc-perl-1.9.1-bp156.2.3.1 znc-python3-1.9.1-bp156.2.3.1 znc-tcl-1.9.1-bp156.2.3.1 - openSUSE Backports SLE-15-SP6 (noarch): znc-lang-1.9.1-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2024-39844.html https://bugzilla.suse.com/1227393

1 0

openSUSE-SU-2024:0150-2: moderate: Security update for libhtp
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for libhtp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0150-2 Rating: moderate References: #1220403 Cross-References: CVE-2024-23837 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libhtp fixes the following issues: - CVE-2024-23837: excessive processing time of HTTP headers can lead to denial of service (boo#1220403) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-150=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): libhtp-debugsource-0.5.42-bp156.3.3.1 libhtp-devel-0.5.42-bp156.3.3.1 libhtp2-0.5.42-bp156.3.3.1 libhtp2-debuginfo-0.5.42-bp156.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-23837.html https://bugzilla.suse.com/1220403

1 0

openSUSE-SU-2024:0224-2: moderate: Security update for keybase-client
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for keybase-client ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0224-2 Rating: moderate References: #1227167 Cross-References: CVE-2024-24792 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for keybase-client fixes the following issues: - Update the Image dependency to address CVE-2024-24792 (boo#1227167). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-224=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): kbfs-6.2.8-bp156.2.6.1 kbfs-debuginfo-6.2.8-bp156.2.6.1 kbfs-git-6.2.8-bp156.2.6.1 kbfs-git-debuginfo-6.2.8-bp156.2.6.1 kbfs-tool-6.2.8-bp156.2.6.1 kbfs-tool-debuginfo-6.2.8-bp156.2.6.1 keybase-client-6.2.8-bp156.2.6.1 keybase-client-debuginfo-6.2.8-bp156.2.6.1 References: https://www.suse.com/security/cve/CVE-2024-24792.html https://bugzilla.suse.com/1227167

1 0

openSUSE-SU-2024:0168-1: important: Security update for gdcm
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for gdcm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0168-1 Rating: important References: #1223398 Cross-References: CVE-2024-22373 CVSS scores: CVE-2024-22373 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gdcm fixes the following issues: - CVE-2024-22373: Fixed out-of-bounds write vulnerability in JPEG2000Codec::DecodeByStreamsCommon (boo#1223398). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-168=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64): gdcm-3.0.24-bp156.2.4.1 gdcm-applications-3.0.24-bp156.2.4.1 gdcm-devel-3.0.24-bp156.2.4.1 gdcm-examples-3.0.24-bp156.2.4.1 libgdcm3_0-3.0.24-bp156.2.4.1 libsocketxx1_2-3.0.24-bp156.2.4.1 python3-gdcm-3.0.24-bp156.2.4.1 References: https://www.suse.com/security/cve/CVE-2024-22373.html https://bugzilla.suse.com/1223398

1 0

openSUSE-SU-2024:0212-2: important: Security update for chromium
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0212-2 Rating: important References: #1227979 Cross-References: CVE-2024-6772 CVE-2024-6773 CVE-2024-6774 CVE-2024-6775 CVE-2024-6776 CVE-2024-6777 CVE-2024-6778 CVE-2024-6779 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 126.0.6478.182 (boo#1227979): - CVE-2024-6772: Inappropriate implementation in V8 - CVE-2024-6773: Type Confusion in V8 - CVE-2024-6774: Use after free in Screen Capture - CVE-2024-6775: Use after free in Media Stream - CVE-2024-6776: Use after free in Audio - CVE-2024-6777: Use after free in Navigation - CVE-2024-6778: Race in DevTools - CVE-2024-6779: Out of bounds memory access in V8 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-212=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): chromedriver-126.0.6478.182-bp156.2.11.1 chromedriver-debuginfo-126.0.6478.182-bp156.2.11.1 chromium-126.0.6478.182-bp156.2.11.1 chromium-debuginfo-126.0.6478.182-bp156.2.11.1 References: https://www.suse.com/security/cve/CVE-2024-6772.html https://www.suse.com/security/cve/CVE-2024-6773.html https://www.suse.com/security/cve/CVE-2024-6774.html https://www.suse.com/security/cve/CVE-2024-6775.html https://www.suse.com/security/cve/CVE-2024-6776.html https://www.suse.com/security/cve/CVE-2024-6777.html https://www.suse.com/security/cve/CVE-2024-6778.html https://www.suse.com/security/cve/CVE-2024-6779.html https://bugzilla.suse.com/1227979

1 0

openSUSE-SU-2024:0258-1: important: Security update for chromium
by opensuse-security＠opensuse.org 23 Aug '24

23 Aug '24

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0258-1 Rating: important References: #1229426 #1229591 Cross-References: CVE-2024-7964 CVE-2024-7965 CVE-2024-7966 CVE-2024-7967 CVE-2024-7968 CVE-2024-7969 CVE-2024-7971 CVE-2024-7972 CVE-2024-7973 CVE-2024-7974 CVE-2024-7975 CVE-2024-7976 CVE-2024-7977 CVE-2024-7978 CVE-2024-7979 CVE-2024-7980 CVE-2024-7981 CVE-2024-8033 CVE-2024-8034 CVE-2024-8035 CVSS scores: CVE-2024-7964 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7966 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7968 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7969 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7974 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7975 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7976 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-7977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-7978 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2024-7981 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8033 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8034 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2024-8035 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 128.0.6613.84 (boo#1229591) * CVE-2024-7964: Use after free in Passwords * CVE-2024-7965: Inappropriate implementation in V8 * CVE-2024-7966: Out of bounds memory access in Skia * CVE-2024-7967: Heap buffer overflow in Fonts * CVE-2024-7968: Use after free in Autofill * CVE-2024-7969: Type Confusion in V8 * CVE-2024-7971: Type confusion in V8 * CVE-2024-7972: Inappropriate implementation in V8 * CVE-2024-7973: Heap buffer overflow in PDFium * CVE-2024-7974: Insufficient data validation in V8 API * CVE-2024-7975: Inappropriate implementation in Permissions * CVE-2024-7976: Inappropriate implementation in FedCM * CVE-2024-7977: Insufficient data validation in Installer * CVE-2024-7978: Insufficient policy enforcement in Data Transfer * CVE-2024-7979: Insufficient data validation in Installer * CVE-2024-7980: Insufficient data validation in Installer * CVE-2024-7981: Inappropriate implementation in Views * CVE-2024-8033: Inappropriate implementation in WebApp Installs * CVE-2024-8034: Inappropriate implementation in Custom Tabs * CVE-2024-8035: Inappropriate implementation in Extensions * Various fixes from internal audits, fuzzing and other initiatives Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-258=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 x86_64): chromedriver-128.0.6613.84-bp155.2.105.1 chromium-128.0.6613.84-bp155.2.105.1 References: https://www.suse.com/security/cve/CVE-2024-7964.html https://www.suse.com/security/cve/CVE-2024-7965.html https://www.suse.com/security/cve/CVE-2024-7966.html https://www.suse.com/security/cve/CVE-2024-7967.html https://www.suse.com/security/cve/CVE-2024-7968.html https://www.suse.com/security/cve/CVE-2024-7969.html https://www.suse.com/security/cve/CVE-2024-7971.html https://www.suse.com/security/cve/CVE-2024-7972.html https://www.suse.com/security/cve/CVE-2024-7973.html https://www.suse.com/security/cve/CVE-2024-7974.html https://www.suse.com/security/cve/CVE-2024-7975.html https://www.suse.com/security/cve/CVE-2024-7976.html https://www.suse.com/security/cve/CVE-2024-7977.html https://www.suse.com/security/cve/CVE-2024-7978.html https://www.suse.com/security/cve/CVE-2024-7979.html https://www.suse.com/security/cve/CVE-2024-7980.html https://www.suse.com/security/cve/CVE-2024-7981.html https://www.suse.com/security/cve/CVE-2024-8033.html https://www.suse.com/security/cve/CVE-2024-8034.html https://www.suse.com/security/cve/CVE-2024-8035.html https://bugzilla.suse.com/1229426 https://bugzilla.suse.com/1229591

1 0

SUSE-SU-2024:3001-1: important: Security update for xen
by OPENSUSE-SECURITY-UPDATES 23 Aug '24

23 Aug '24

# Security update for xen Announcement ID: SUSE-SU-2024:3001-1 Rating: important References: * bsc#1228574 * bsc#1228575 Cross-References: * CVE-2024-31145 * CVE-2024-31146 CVSS scores: * CVE-2024-31145 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2024-31146 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities can now be installed. ## Description: This update for xen fixes the following issues: * CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) * CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-3001=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3001=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3001=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3001=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3001=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3001=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3001=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3001=1 ## Package List: * openSUSE Leap 15.3 (aarch64 x86_64 i586) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-domU-4.14.6_18-150300.3.78.1 * xen-devel-4.14.6_18-150300.3.78.1 * xen-tools-domU-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * openSUSE Leap 15.3 (x86_64) * xen-libs-32bit-debuginfo-4.14.6_18-150300.3.78.1 * xen-libs-32bit-4.14.6_18-150300.3.78.1 * openSUSE Leap 15.3 (aarch64 x86_64) * xen-4.14.6_18-150300.3.78.1 * xen-tools-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-4.14.6_18-150300.3.78.1 * xen-doc-html-4.14.6_18-150300.3.78.1 * openSUSE Leap 15.3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_18-150300.3.78.1 * openSUSE Leap 15.3 (aarch64_ilp32) * xen-libs-64bit-4.14.6_18-150300.3.78.1 * xen-libs-64bit-debuginfo-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-domU-4.14.6_18-150300.3.78.1 * xen-devel-4.14.6_18-150300.3.78.1 * xen-tools-domU-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-4.14.6_18-150300.3.78.1 * xen-4.14.6_18-150300.3.78.1 * xen-tools-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-domU-4.14.6_18-150300.3.78.1 * xen-devel-4.14.6_18-150300.3.78.1 * xen-tools-domU-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-4.14.6_18-150300.3.78.1 * xen-4.14.6_18-150300.3.78.1 * xen-tools-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-domU-4.14.6_18-150300.3.78.1 * xen-devel-4.14.6_18-150300.3.78.1 * xen-tools-domU-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-4.14.6_18-150300.3.78.1 * xen-4.14.6_18-150300.3.78.1 * xen-tools-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_18-150300.3.78.1 * SUSE Enterprise Storage 7.1 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-domU-4.14.6_18-150300.3.78.1 * xen-devel-4.14.6_18-150300.3.78.1 * xen-tools-domU-debuginfo-4.14.6_18-150300.3.78.1 * xen-tools-4.14.6_18-150300.3.78.1 * xen-4.14.6_18-150300.3.78.1 * xen-tools-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Enterprise Storage 7.1 (noarch) * xen-tools-xendomains-wait-disk-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * xen-libs-4.14.6_18-150300.3.78.1 * xen-libs-debuginfo-4.14.6_18-150300.3.78.1 * xen-debugsource-4.14.6_18-150300.3.78.1 ## References: * https://www.suse.com/security/cve/CVE-2024-31145.html * https://www.suse.com/security/cve/CVE-2024-31146.html * https://bugzilla.suse.com/show_bug.cgi?id=1228574 * https://bugzilla.suse.com/show_bug.cgi?id=1228575

1 0

SUSE-SU-2024:3003-1: important: Security update for MozillaFirefox
by OPENSUSE-SECURITY-UPDATES 23 Aug '24

23 Aug '24

# Security update for MozillaFirefox Announcement ID: SUSE-SU-2024:3003-1 Rating: important References: * bsc#1226316 * bsc#1228648 Cross-References: * CVE-2024-6600 * CVE-2024-6601 * CVE-2024-6602 * CVE-2024-6603 * CVE-2024-6604 * CVE-2024-6605 * CVE-2024-6606 * CVE-2024-6607 * CVE-2024-6608 * CVE-2024-6609 * CVE-2024-6610 * CVE-2024-6611 * CVE-2024-6612 * CVE-2024-6613 * CVE-2024-6614 * CVE-2024-6615 * CVE-2024-7518 * CVE-2024-7519 * CVE-2024-7520 * CVE-2024-7521 * CVE-2024-7522 * CVE-2024-7524 * CVE-2024-7525 * CVE-2024-7526 * CVE-2024-7527 * CVE-2024-7528 * CVE-2024-7529 * CVE-2024-7531 CVSS scores: * CVE-2024-6600 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2024-6601 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-6602 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2024-6603 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L * CVE-2024-6604 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-6605 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-6606 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L * CVE-2024-6607 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-6608 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2024-6609 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L * CVE-2024-6610 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L * CVE-2024-6611 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2024-6612 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2024-6614 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2024-6615 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7518 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N * CVE-2024-7518 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-7519 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7519 ( NVD ): 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2024-7520 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7520 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7521 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7521 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7522 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2024-7522 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7524 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7525 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7525 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-7526 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L * CVE-2024-7526 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2024-7527 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7527 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7528 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7528 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-7529 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2024-7529 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N * CVE-2024-7531 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L * CVE-2024-7531 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: * Desktop Applications Module 15-SP5 * Desktop Applications Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 28 vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.1.0 ESR (MFSA 2024-35, bsc#1228648) \- CVE-2024-7518: Fullscreen notification dialog can be obscured by document \- CVE-2024-7519: Out of bounds memory access in graphics shared memory handling \- CVE-2024-7520: Type confusion in WebAssembly \- CVE-2024-7521: Incomplete WebAssembly exception handing \- CVE-2024-7522: Out of bounds read in editor component \- CVE-2024-7524: CSP strict-dynamic bypass using web- compatibility shims \- CVE-2024-7525: Missing permission check when creating a StreamFilter \- CVE-2024-7526: Uninitialized memory used by WebGL \- CVE-2024-7527: Use-after-free in JavaScript garbage collection \- CVE-2024-7528: Use-after-free in IndexedDB \- CVE-2024-7529: Document content could partially obscure security prompts \- CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-3003=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-3003=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-3003=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3003=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3003=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3003=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3003=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3003=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3003=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3003=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3003=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3003=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3003=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3003=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-3003=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3003=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-branding-upstream-128.1.0-150200.152.146.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * openSUSE Leap 15.6 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * Desktop Applications Module 15-SP5 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * Desktop Applications Module 15-SP6 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * SUSE Enterprise Storage 7.1 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-128.1.0-150200.152.146.1 * MozillaFirefox-translations-other-128.1.0-150200.152.146.1 * MozillaFirefox-branding-SLE-128-150200.9.16.1 * MozillaFirefox-branding-upstream-128.1.0-150200.152.146.1 * MozillaFirefox-debugsource-128.1.0-150200.152.146.1 * MozillaFirefox-debuginfo-128.1.0-150200.152.146.1 * MozillaFirefox-128.1.0-150200.152.146.1 * openSUSE Leap 15.5 (noarch) * MozillaFirefox-devel-128.1.0-150200.152.146.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6600.html * https://www.suse.com/security/cve/CVE-2024-6601.html * https://www.suse.com/security/cve/CVE-2024-6602.html * https://www.suse.com/security/cve/CVE-2024-6603.html * https://www.suse.com/security/cve/CVE-2024-6604.html * https://www.suse.com/security/cve/CVE-2024-6605.html * https://www.suse.com/security/cve/CVE-2024-6606.html * https://www.suse.com/security/cve/CVE-2024-6607.html * https://www.suse.com/security/cve/CVE-2024-6608.html * https://www.suse.com/security/cve/CVE-2024-6609.html * https://www.suse.com/security/cve/CVE-2024-6610.html * https://www.suse.com/security/cve/CVE-2024-6611.html * https://www.suse.com/security/cve/CVE-2024-6612.html * https://www.suse.com/security/cve/CVE-2024-6613.html * https://www.suse.com/security/cve/CVE-2024-6614.html * https://www.suse.com/security/cve/CVE-2024-6615.html * https://www.suse.com/security/cve/CVE-2024-7518.html * https://www.suse.com/security/cve/CVE-2024-7519.html * https://www.suse.com/security/cve/CVE-2024-7520.html * https://www.suse.com/security/cve/CVE-2024-7521.html * https://www.suse.com/security/cve/CVE-2024-7522.html * https://www.suse.com/security/cve/CVE-2024-7524.html * https://www.suse.com/security/cve/CVE-2024-7525.html * https://www.suse.com/security/cve/CVE-2024-7526.html * https://www.suse.com/security/cve/CVE-2024-7527.html * https://www.suse.com/security/cve/CVE-2024-7528.html * https://www.suse.com/security/cve/CVE-2024-7529.html * https://www.suse.com/security/cve/CVE-2024-7531.html * https://bugzilla.suse.com/show_bug.cgi?id=1226316 * https://bugzilla.suse.com/show_bug.cgi?id=1228648

1 0

openSUSE-SU-2024:0257-1: moderate: Security update for roundcubemail
by opensuse-security＠opensuse.org 21 Aug '24

21 Aug '24

openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0257-1 Rating: moderate References: #1216895 Cross-References: CVE-2023-47272 CVSS scores: CVE-2023-47272 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for roundcubemail fixes the following issues: Update to 1.6.7 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerabilities: * Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. * Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences. Reported by Huy Nguyễn Phạm Nhật. * Fix command injection via crafted im_convert_path/im_identify_path on Windows. Reported by Huy Nguyễn Phạm Nhật. CHANGELOG * Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) * Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312) * Fix bug in collapsing/expanding folders with some special characters in names (#9324) * Fix PHP8 warnings (#9363, #9365, #9429) * Fix missing field labels in CSV import, for some locales (#9393) * Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes * Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences * Fix command injection via crafted im_convert_path/im_identify_path on Windows Update to 1.6.6: * Fix regression in handling LDAP search_fields configuration parameter (#9210) * Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3 * Fix page jump menu flickering on click (#9196) * Update to TinyMCE 5.10.9 security release (#9228) * Fix PHP8 warnings (#9235, #9238, #9242, #9306) * Fix saving other encryption settings besides enigma's (#9240) * Fix unneeded php command use in installto.sh and deluser.sh scripts (#9237) * Fix TinyMCE localization installation (#9266) * Fix bug where trailing non-ascii characters in email addresses could have been removed in recipient input (#9257) * Fix IMAP GETMETADATA command with options - RFC5464 Update to 1.6.5 (boo#1216895): * Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download CVE-2023-47272 Other changes: * Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) * Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166) * Fix PHP warnings (#9174) * Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175) * Fix bug where images attached to application/smil messages weren't displayed (#8870) * Fix PHP string replacement error in utils/error.php (#9185) * Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-257=1 Package List: - openSUSE Backports SLE-15-SP5 (noarch): roundcubemail-1.6.7-bp155.2.9.1 References: https://www.suse.com/security/cve/CVE-2023-47272.html https://bugzilla.suse.com/1216895

1 0

Fwd: SUSE-RU-2024:2017-1: important: Recommended update for transactional-update
by Thomas Röther 20 Aug '24

20 Aug '24

-------- Ursprüngliche Nachricht -------- Von: "Thomas Röther" <thomas(a)roether.at> Gesendet: 20. August 2024 15:07:08 MESZ An: opensuse-updates+unsubscribe(a)opensuse.org Betreff: Fwd: SUSE-RU-2024:2017-1: important: Recommended update for transactional-update -------- Ursprüngliche Nachricht -------- Von: OPENSUSE-UPDATES <null(a)suse.de> Gesendet: 20. August 2024 14:31:05 MESZ An: updates(a)lists.opensuse.org Betreff: SUSE-RU-2024:2017-1: important: Recommended update for transactional-update # Recommended update for transactional-update Announcement ID: SUSE-RU-2024:2017-1 Rating: important References: * bsc#1221346 Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that has one fix can now be installed. ## Description: This update for transactional-update fixes the following issues: * tukit: Properly handle overlay syncing failures: If the system would not be rebooted and several snapshots accumulated in the meantime, it was possible that the previous base snapshot "required for /etc syncing" was deleted already. In that case changes in /etc might have been reset (gh#openSUSE/transactional-update#116) (gh#kube-hetzner/terraform-hcloud- kube-hetzner#1287) * Always use zypper of installed system (bsc#1221346) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-2017=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2017=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2017=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.9.3 * dracut-transactional-update-4.1.8-150400.3.9.3 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * tukitd-debuginfo-4.1.8-150400.3.9.3 * libtukit4-debuginfo-4.1.8-150400.3.9.3 * tukit-4.1.8-150400.3.9.3 * tukitd-4.1.8-150400.3.9.3 * transactional-update-debugsource-4.1.8-150400.3.9.3 * transactional-update-debuginfo-4.1.8-150400.3.9.3 * libtukit4-4.1.8-150400.3.9.3 * tukit-debuginfo-4.1.8-150400.3.9.3 * transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.9.3 * dracut-transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tukitd-debuginfo-4.1.8-150400.3.9.3 * libtukit4-debuginfo-4.1.8-150400.3.9.3 * tukit-4.1.8-150400.3.9.3 * tukitd-4.1.8-150400.3.9.3 * transactional-update-debugsource-4.1.8-150400.3.9.3 * transactional-update-debuginfo-4.1.8-150400.3.9.3 * libtukit4-4.1.8-150400.3.9.3 * tukit-debuginfo-4.1.8-150400.3.9.3 * transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro 5.3 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.9.3 * dracut-transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tukitd-debuginfo-4.1.8-150400.3.9.3 * libtukit4-debuginfo-4.1.8-150400.3.9.3 * tukit-4.1.8-150400.3.9.3 * tukitd-4.1.8-150400.3.9.3 * transactional-update-debugsource-4.1.8-150400.3.9.3 * transactional-update-debuginfo-4.1.8-150400.3.9.3 * libtukit4-4.1.8-150400.3.9.3 * tukit-debuginfo-4.1.8-150400.3.9.3 * transactional-update-4.1.8-150400.3.9.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1221346

1 0

SUSE-SU-2024:2977-1: important: Security update for qemu
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for qemu Announcement ID: SUSE-SU-2024:2977-1 Rating: important References: * bsc#1212968 * bsc#1215311 * bsc#1227322 Cross-References: * CVE-2023-2861 * CVE-2024-4467 CVSS scores: * CVE-2023-2861 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-2861 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2024-4467 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2023-2861: Fixed improper access control on special files via 9p protocol (bsc#1212968) * CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) Other fixes: \- Fixed qemu build compilation with binutils 2.41 upgrade (bsc#1215311) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-2977=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2977=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2977=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2977=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2977=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-2977=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2977=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2977=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-vhost-user-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-vhost-user-gpu-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ivshmem-tools-debuginfo-5.2.0-150300.130.1 * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-linux-user-debuginfo-5.2.0-150300.130.1 * qemu-block-nfs-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-block-gluster-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-ppc-5.2.0-150300.130.1 * qemu-block-dmg-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-testsuite-5.2.0-150300.130.2 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-hw-usb-smartcard-5.2.0-150300.130.1 * qemu-block-nfs-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ppc-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * qemu-ivshmem-tools-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-block-gluster-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-extra-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-block-dmg-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * qemu-linux-user-5.2.0-150300.130.1 * qemu-linux-user-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-extra-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.130.1 * qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * openSUSE Leap 15.3 (s390x x86_64 i586) * qemu-kvm-5.2.0-150300.130.1 * openSUSE Leap 15.3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-SLOF-5.2.0-150300.130.1 * qemu-skiboot-5.2.0-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-microvm-5.2.0-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-kvm-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le x86_64) * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-SLOF-5.2.0-150300.130.1 * qemu-skiboot-5.2.0-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * qemu-ppc-debuginfo-5.2.0-150300.130.1 * qemu-ppc-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x x86_64) * qemu-kvm-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-SLOF-5.2.0-150300.130.1 * qemu-skiboot-5.2.0-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * qemu-ppc-debuginfo-5.2.0-150300.130.1 * qemu-ppc-5.2.0-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-kvm-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Enterprise Storage 7.1 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Enterprise Storage 7.1 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Enterprise Storage 7.1 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-kvm-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2861.html * https://www.suse.com/security/cve/CVE-2024-4467.html * https://bugzilla.suse.com/show_bug.cgi?id=1212968 * https://bugzilla.suse.com/show_bug.cgi?id=1215311 * https://bugzilla.suse.com/show_bug.cgi?id=1227322

1 0

SUSE-SU-2024:1499-2: low: Security update for java-17-openjdk
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for java-17-openjdk Announcement ID: SUSE-SU-2024:1499-2 Rating: low References: * bsc#1213470 * bsc#1222979 * bsc#1222983 * bsc#1222986 * bsc#1222987 Cross-References: * CVE-2024-21011 * CVE-2024-21012 * CVE-2024-21068 * CVE-2024-21094 CVSS scores: * CVE-2024-21011 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21012 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21068 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21094 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP6 * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: * CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) * CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) * CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) * CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with "Exceeded _node_regs array" (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: \- Update to upstream tag jdk-17.0.11+9 (April 2024 CPU) * Security fixes \+ JDK-8318340: Improve RSA key implementations * Other changes \+ JDK-6928542: Chinese characters in RTF are not decoded \+ JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS \+ JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. \+ JDK-7167356: (javac) investigate failing tests in JavacParserTest \+ JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking \+ JDK-8054572: [macosx] JComboBox paints the border incorrectly \+ JDK-8169475: WheelModifier.java fails by timeout \+ JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean \+ JDK-8209595: MonitorVmStartTerminate.java timed out \+ JDK-8210410: Refactor java.util.Currency:i18n shell tests to plain java tests \+ JDK-8261404: Class.getReflectionFactory() is not thread-safe \+ JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from \+ JDK-8263256: Test java/net/Inet6Address/serialize/ /Inet6AddressSerializationTest.java fails due to dynamic reconfigurations of network interface during test \+ JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout \+ JDK-8271118: C2: StressGCM should have higher priority than frequency-based policy \+ JDK-8271616: oddPart in MutableBigInteger::mutableModInverse contains info on final result \+ JDK-8272811: Document the effects of building with _GNU_SOURCE in os_posix.hpp \+ JDK-8272853: improve `JavadocTester.runTests` \+ JDK-8273454: C2: Transform (-a) _(-b) into a_ b \+ JDK-8274060: C2: Incorrect computation after JDK-8273454 \+ JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 \+ JDK-8274621: NullPointerException because listenAddress[0] is null \+ JDK-8274632: Possible pointer overflow in PretouchTask chunk claiming \+ JDK-8274634: Use String.equals instead of String.compareTo in java.desktop \+ JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id \+ JDK-8278028: [test-library] Warnings cleanup of the test library \+ JDK-8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses \+ JDK-8278363: Create extented container test groups \+ JDK-8280241: (aio) AsynchronousSocketChannel init fails in IPv6 only Windows env \+ JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. \+ JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp \+ JDK-8281585: Remove unused imports under test/lib and jtreg/gc \+ JDK-8283400: [macos] a11y : Screen magnifier does not reflect JRadioButton value change \+ JDK-8283626: AArch64: Set relocInfo::offset_unit to 4 \+ JDK-8283994: Make Xerces DatatypeException stackless \+ JDK-8286312: Stop mixing signed and unsigned types in bit operations \+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 \+ JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java failed with "Expected two batches of Active Setting events" \+ JDK-8288663: JFR: Disabling the JfrThreadSampler commits only a partially disabled state \+ JDK-8288846: misc tests fail "assert(ms < 1000) failed: Un-interruptable sleep, short time use only" \+ JDK-8289764: gc/lock tests failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" \+ JDK-8290041: ModuleDescriptor.hashCode is inconsistent \+ JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/ /capability/CM03/cm03t001/TestDescription.java on linux-all \+ JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed \+ JDK-8292458: Atomic operations on scoped enums don't build with clang \+ JDK-8292946: GC lock/jni/jnilock001 test failed "assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row" \+ JDK-8293117: Add atomic bitset functions \+ JDK-8293547: Add relaxed add_and_fetch for macos aarch64 atomics \+ JDK-8294158: HTML formatting for PassFailJFrame instructions \+ JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure \+ JDK-8294535: Add screen capture functionality to PassFailJFrame \+ JDK-8295068: SSLEngine throws NPE parsing CertificateRequests \+ JDK-8295124: Atomic::add to pointer type may return wrong value \+ JDK-8295274: HelidonAppTest.java fails "assert(event->should_commit()) failed: invariant" from compiled frame" \+ JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts \+ JDK-8297968: Crash in PrintOptoAssembly \+ JDK-8298087: XML Schema Validation reports an required attribute twice via ErrorHandler \+ JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found \+ JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF \+ JDK-8301306: java/net/httpclient/ _fail with -Xcomp \+ JDK-8301310: The SendRawSysexMessage test may cause a JVM crash \+ JDK-8301787: java/net/httpclient/SpecialHeadersTest failing after JDK-8301306 \+ JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library \+ JDK-8302017: Allocate BadPaddingException only if it will be thrown \+ JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/ /TestAMEnotNPE.java \+ JDK-8303605: Memory leaks in Metaspace gtests \+ JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM \+ JDK-8304696: Duplicate class names in dynamicArchive tests can lead to test failure \+ JDK-8305356: Fix ignored bad CompileCommands in tests \+ JDK-8305900: Use loopback IP addresses in security policy files of httpclient tests \+ JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address \+ JDK-8305962: update jcstress to 0.16 \+ JDK-8305972: Update XML Security for Java to 3.0.2 \+ JDK-8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate \+ JDK-8306408: Fix the format of several tables in building.md \+ JDK-8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock \+ JDK-8307926: Support byte-sized atomic bitset operations \+ JDK-8307955: Prefer to PTRACE_GETREGSET instead of PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs' \+ JDK-8307990: jspawnhelper must close its writing side of a pipe before reading from it \+ JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating \+ JDK-8308245: Add -proc:full to describe current default annotation processing policy \+ JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use \+ JDK-8309302: java/net/Socket/Timeouts.java fails with AssertionError on test temporal post condition \+ JDK-8309305: sun/security/ssl/SSLSocketImpl/ /BlockedAsyncClose.java fails with jtreg test timeout \+ JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop \+ JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect announcements of JRadioButton \+ JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing \+ JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers \+ JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails \+ JDK-8310380: Handle problems in core-related tests on macOS when codesign tool does not work \+ JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is spuriously passing \+ JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out \+ JDK-8310838: Correct range notations in MethodTypeDesc specification \+ JDK-8310844: [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate \+ JDK-8310923: Refactor Currency tests to use JUnit \+ JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform \+ JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem \+ JDK-8311581: Remove obsolete code and comments in TestLVT.java \+ JDK-8311645: Memory leak in jspawnhelper spawnChild after JDK-8307990 \+ JDK-8311986: Disable runtime/os/TestTracePageSizes.java for ShenandoahGC \+ JDK-8312428: PKCS11 tests fail with NSS 3.91 \+ JDK-8312434: SPECjvm2008/xml.transform with CDS fails with "can't seal package nu.xom" \+ JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 \+ JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles \+ JDK-8313206: PKCS11 tests silently skip execution \+ JDK-8313575: Refactor PKCS11Test tests \+ JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/ /TestFloatingDecimal should use RandomFactory \+ JDK-8313643: Update HarfBuzz to 8.2.2 \+ JDK-8313816: Accessing jmethodID might lead to spurious crashes \+ JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout \+ JDK-8314220: Configurable InlineCacheBuffer size \+ JDK-8314830: runtime/ErrorHandling/ tests ignore external VM flags \+ JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder \+ JDK-8315042: NPE in PKCS7.parseOldSignedData \+ JDK-8315594: Open source few headless Swing misc tests \+ JDK-8315600: Open source few more headless Swing misc tests \+ JDK-8315602: Open source swing security manager test \+ JDK-8315611: Open source swing text/html and tree test \+ JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch \+ JDK-8315731: Open source several Swing Text related tests \+ JDK-8315761: Open source few swing JList and JMenuBar tests \+ JDK-8315920: C2: "control input must dominate current control" assert failure \+ JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location \+ JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm \+ JDK-8316028: Update FreeType to 2.13.2 \+ JDK-8316030: Update Libpng to 1.6.40 \+ JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests \+ JDK-8316304: (fs) Add support for BasicFileAttributes .creationTime() for Linux \+ JDK-8316392: compiler/interpreter/ /TestVerifyStackAfterDeopt.java failed with SIGBUS in PcDescContainer::find_pc_desc_internal \+ JDK-8316414: C2: large byte array clone triggers "failed: malformed control flow" assertion failure on linux-x86 \+ JDK-8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests \+ JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java get OOM killed with Parallel GC \+ JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/ /CheckOrigin.java as vm.flagless \+ JDK-8316679: C2 SuperWord: wrong result, load should not be moved before store if not comparable \+ JDK-8316693: Simplify at-requires checkDockerSupport() \+ JDK-8316929: Shenandoah: Shenandoah degenerated GC and full GC need to cleanup old OopMapCache entries \+ JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly \+ JDK-8317039: Enable specifying the JDK used to run jtreg \+ JDK-8317144: Exclude sun/security/pkcs11/sslecc/ /ClientJSSEServerJSSE.java on Linux ppc64le \+ JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information \+ JDK-8317603: Improve exception messages thrown by sun.nio.ch.Net native methods (win) \+ JDK-8317771: [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma \+ JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039 \+ JDK-8317960: [17u] Excessive CPU usage on AbstractQueuedSynchronized.isEnqueued \+ JDK-8318154: Improve stability of WheelModifier.java test \+ JDK-8318183: C2: VM may crash after hitting node limit \+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows \+ JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 \+ JDK-8318490: Increase timeout for JDK tests that are close to the limit when run with libgraal \+ JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java \+ JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests \+ JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests \+ JDK-8318689: jtreg is confused when folder name is the same as the test name \+ JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed: Address already in use" \+ JDK-8318951: Additional negative value check in JPEG decoding \+ JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return \+ JDK-8318957: Enhance agentlib:jdwp help output by info about allow option \+ JDK-8318961: increase javacserver connection timeout values and max retry attempts \+ JDK-8318971: Better Error Handling for Jar Tool When Processing Non- existent Files \+ JDK-8318983: Fix comment typo in PKCS12Passwd.java \+ JDK-8319124: Update XML Security for Java to 3.0.3 \+ JDK-8319213: Compatibility.java reads both stdout and stderr of JdkUtils \+ JDK-8319436: Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader \+ JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes \+ JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh \+ JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21 \+ JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks \+ JDK-8320001: javac crashes while adding type annotations to the return type of a constructor \+ JDK-8320168: handle setsocktopt return values \+ JDK-8320208: Update Public Suffix List to b5bf572 \+ JDK-8320300: Adjust hs_err output in malloc/mmap error cases \+ JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity \+ JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly \+ JDK-8320798: Console read line with zero out should zero out underlying buffer \+ JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11 \+ JDK-8320921: GHA: Parallelize hotspot_compiler test jobs \+ JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp \+ JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions \+ JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode \+ JDK-8321408: Add Certainly roots R1 and E1 \+ JDK-8321480: ISO 4217 Amendment 176 Update \+ JDK-8321599: Data loss in AVX3 Base64 decoding \+ JDK-8321815: Shenandoah: gc state should be synchronized to java threads only once per safepoint \+ JDK-8321972: test runtime/Unsafe/InternalErrorTest.java timeout on linux-riscv64 platform \+ JDK-8322098: os::Linux::print_system_memory_info enhance the THP output with /sys/kernel/mm/transparent_hugepage/hpage_pmd_size \+ JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces \+ JDK-8322417: Console read line with zero out should zero out when throwing exception \+ JDK-8322583: RISC-V: Enable fast class initialization checks \+ JDK-8322725: (tz) Update Timezone Data to 2023d \+ JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray \+ JDK-8322772: Clean up code after JDK-8322417 \+ JDK-8322783: prioritize /etc/os-release over /etc/SuSE-release in hs_err/info output \+ JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests \+ JDK-8323008: filter out harmful -std_ flags added by autoconf from CXX \+ JDK-8323021: Shenandoah: Encountered reference count always attributed to first worker thread \+ JDK-8323086: Shenandoah: Heap could be corrupted by oom during evacuation \+ JDK-8323243: JNI invocation of an abstract instance method corrupts the stack \+ JDK-8323331: fix typo hpage_pdm_size \+ JDK-8323428: Shenandoah: Unused memory in regions compacted during a full GC should be mangled \+ JDK-8323515: Create test alias "all" for all test roots \+ JDK-8323637: Capture hotspot replay files in GHA \+ JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed \+ JDK-8323806: [17u] VS2017 build fails with warning after 8293117\. \+ JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" \+ JDK-8324280: RISC-V: Incorrect implementation in VM_Version::parse_satp_mode \+ JDK-8324347: Enable "maybe-uninitialized" warning for FreeType 2.13.1 \+ JDK-8324514: ClassLoaderData::print_on should print address of class loader \+ JDK-8324647: Invalid test group of lib-test after JDK-8323515 \+ JDK-8324659: GHA: Generic jtreg errors are not reported \+ JDK-8324937: GHA: Avoid multiple test suites per job \+ JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing \+ JDK-8325150: (tz) Update Timezone Data to 2024a \+ JDK-8325585: Remove no longer necessary calls to set/unset-in-asgct flag in JDK 17 \+ JDK-8326000: Remove obsolete comments for class sun.security.ssl.SunJSSE \+ JDK-8327036: [macosx- aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 \+ JDK-8327391: Add SipHash attribution file \+ JDK-8329836: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11 * Removed the possibility to use the system timezone-java (bsc#1213470). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1499=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1499=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-1499=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-demo-17.0.11.0-150400.3.42.1 * java-17-openjdk-devel-17.0.11.0-150400.3.42.1 * java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-17.0.11.0-150400.3.42.1 * java-17-openjdk-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-src-17.0.11.0-150400.3.42.1 * java-17-openjdk-jmods-17.0.11.0-150400.3.42.1 * openSUSE Leap 15.6 (noarch) * java-17-openjdk-javadoc-17.0.11.0-150400.3.42.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-devel-17.0.11.0-150400.3.42.1 * java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-17.0.11.0-150400.3.42.1 * java-17-openjdk-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-demo-17.0.11.0-150400.3.42.1 * java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21011.html * https://www.suse.com/security/cve/CVE-2024-21012.html * https://www.suse.com/security/cve/CVE-2024-21068.html * https://www.suse.com/security/cve/CVE-2024-21094.html * https://bugzilla.suse.com/show_bug.cgi?id=1213470 * https://bugzilla.suse.com/show_bug.cgi?id=1222979 * https://bugzilla.suse.com/show_bug.cgi?id=1222983 * https://bugzilla.suse.com/show_bug.cgi?id=1222986 * https://bugzilla.suse.com/show_bug.cgi?id=1222987

1 0

SUSE-SU-2024:2983-1: important: Security update for qemu
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for qemu Announcement ID: SUSE-SU-2024:2983-1 Rating: important References: * bsc#1227322 * bsc#1229007 Cross-References: * CVE-2024-4467 * CVE-2024-7409 CVSS scores: * CVE-2024-4467 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-7409 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-7409 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) * CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007) * nbd/server: Close stray clients at server-stop * nbd/server: Drop non-negotiating clients * nbd/server: Cap default max-connections to 100 * nbd/server: Plumb in new args to nbd_client_add() * nbd: Minor style and typo fixes * Update qemu to version 8.2.6 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2983=1 openSUSE-SLE-15.6-2024-2983=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2983=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2983=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-2983=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * qemu-chardev-baum-8.2.6-150600.3.9.1 * qemu-audio-dbus-debuginfo-8.2.6-150600.3.9.1 * qemu-block-iscsi-debuginfo-8.2.6-150600.3.9.1 * qemu-ksm-8.2.6-150600.3.9.1 * qemu-ui-curses-8.2.6-150600.3.9.1 * qemu-ppc-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-spice-core-8.2.6-150600.3.9.1 * qemu-block-gluster-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-debuginfo-8.2.6-150600.3.9.1 * qemu-extra-8.2.6-150600.3.9.1 * qemu-img-8.2.6-150600.3.9.1 * qemu-ui-gtk-debuginfo-8.2.6-150600.3.9.1 * qemu-block-ssh-8.2.6-150600.3.9.1 * qemu-pr-helper-8.2.6-150600.3.9.1 * qemu-ui-spice-core-debuginfo-8.2.6-150600.3.9.1 * qemu-spice-8.2.6-150600.3.9.1 * qemu-ui-opengl-debuginfo-8.2.6-150600.3.9.1 * qemu-block-ssh-debuginfo-8.2.6-150600.3.9.1 * qemu-ppc-8.2.6-150600.3.9.1 * qemu-headless-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-debuginfo-8.2.6-150600.3.9.1 * qemu-block-iscsi-8.2.6-150600.3.9.1 * qemu-s390x-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-spice-app-8.2.6-150600.3.9.1 * qemu-audio-dbus-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-smartcard-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-8.2.6-150600.3.9.1 * qemu-chardev-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-opengl-8.2.6-150600.3.9.1 * qemu-accel-qtest-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-host-debuginfo-8.2.6-150600.3.9.1 * qemu-8.2.6-150600.3.9.1 * qemu-img-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-gtk-8.2.6-150600.3.9.1 * qemu-audio-pa-debuginfo-8.2.6-150600.3.9.1 * qemu-guest-agent-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-pa-8.2.6-150600.3.9.1 * qemu-ivshmem-tools-debuginfo-8.2.6-150600.3.9.1 * qemu-extra-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-jack-8.2.6-150600.3.9.1 * qemu-arm-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-8.2.6-150600.3.9.1 * qemu-hw-usb-host-8.2.6-150600.3.9.1 * qemu-audio-alsa-8.2.6-150600.3.9.1 * qemu-pr-helper-debuginfo-8.2.6-150600.3.9.1 * qemu-tools-8.2.6-150600.3.9.1 * qemu-block-dmg-8.2.6-150600.3.9.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-smartcard-debuginfo-8.2.6-150600.3.9.1 * qemu-linux-user-8.2.6-150600.3.9.1 * qemu-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-curses-debuginfo-8.2.6-150600.3.9.1 * qemu-linux-user-debugsource-8.2.6-150600.3.9.1 * qemu-block-nfs-debuginfo-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-arm-8.2.6-150600.3.9.1 * qemu-audio-jack-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-s390x-virtio-gpu-ccw-8.2.6-150600.3.9.1 * qemu-block-curl-8.2.6-150600.3.9.1 * qemu-accel-qtest-8.2.6-150600.3.9.1 * qemu-audio-pipewire-8.2.6-150600.3.9.1 * qemu-audio-alsa-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-oss-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-8.2.6-150600.3.9.1 * qemu-ui-spice-app-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-spice-8.2.6-150600.3.9.1 * qemu-vhost-user-gpu-debuginfo-8.2.6-150600.3.9.1 * qemu-ivshmem-tools-8.2.6-150600.3.9.1 * qemu-audio-oss-8.2.6-150600.3.9.1 * qemu-audio-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-dbus-8.2.6-150600.3.9.1 * qemu-lang-8.2.6-150600.3.9.1 * qemu-s390x-8.2.6-150600.3.9.1 * qemu-chardev-spice-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-8.2.6-150600.3.9.1 * qemu-ui-dbus-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-debuginfo-8.2.6-150600.3.9.1 * qemu-block-nfs-8.2.6-150600.3.9.1 * qemu-tools-debuginfo-8.2.6-150600.3.9.1 * qemu-chardev-baum-debuginfo-8.2.6-150600.3.9.1 * qemu-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-8.2.6-150600.3.9.1 * qemu-debugsource-8.2.6-150600.3.9.1 * qemu-block-curl-debuginfo-8.2.6-150600.3.9.1 * qemu-x86-8.2.6-150600.3.9.1 * qemu-block-gluster-8.2.6-150600.3.9.1 * qemu-guest-agent-8.2.6-150600.3.9.1 * qemu-vhost-user-gpu-8.2.6-150600.3.9.1 * qemu-audio-pipewire-debuginfo-8.2.6-150600.3.9.1 * qemu-linux-user-debuginfo-8.2.6-150600.3.9.1 * qemu-block-dmg-debuginfo-8.2.6-150600.3.9.1 * openSUSE Leap 15.6 (noarch) * qemu-vgabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-SLOF-8.2.6-150600.3.9.1 * qemu-seabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-skiboot-8.2.6-150600.3.9.1 * qemu-ipxe-8.2.6-150600.3.9.1 * qemu-doc-8.2.6-150600.3.9.1 * qemu-microvm-8.2.6-150600.3.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-8.2.6-150600.3.9.1 * qemu-block-rbd-debuginfo-8.2.6-150600.3.9.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * qemu-pr-helper-8.2.6-150600.3.9.1 * qemu-pr-helper-debuginfo-8.2.6-150600.3.9.1 * qemu-tools-debuginfo-8.2.6-150600.3.9.1 * qemu-img-debuginfo-8.2.6-150600.3.9.1 * qemu-tools-8.2.6-150600.3.9.1 * qemu-debuginfo-8.2.6-150600.3.9.1 * qemu-debugsource-8.2.6-150600.3.9.1 * qemu-img-8.2.6-150600.3.9.1 * SUSE Package Hub 15 15-SP6 (noarch) * qemu-vgabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-SLOF-8.2.6-150600.3.9.1 * qemu-seabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-skiboot-8.2.6-150600.3.9.1 * qemu-microvm-8.2.6-150600.3.9.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * qemu-vhost-user-gpu-debuginfo-8.2.6-150600.3.9.1 * qemu-ivshmem-tools-8.2.6-150600.3.9.1 * qemu-audio-oss-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-debuginfo-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-8.2.6-150600.3.9.1 * qemu-chardev-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-smartcard-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-opengl-8.2.6-150600.3.9.1 * qemu-accel-qtest-debuginfo-8.2.6-150600.3.9.1 * qemu-linux-user-8.2.6-150600.3.9.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-8.2.6-150600.3.9.1 * qemu-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-s390x-8.2.6-150600.3.9.1 * qemu-chardev-spice-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-8.2.6-150600.3.9.1 * qemu-ppc-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-gtk-8.2.6-150600.3.9.1 * qemu-ui-spice-core-8.2.6-150600.3.9.1 * qemu-block-gluster-debuginfo-8.2.6-150600.3.9.1 * qemu-linux-user-debugsource-8.2.6-150600.3.9.1 * qemu-audio-pa-debuginfo-8.2.6-150600.3.9.1 * qemu-block-nfs-debuginfo-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-arm-8.2.6-150600.3.9.1 * qemu-extra-8.2.6-150600.3.9.1 * qemu-audio-jack-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-gtk-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-pa-8.2.6-150600.3.9.1 * qemu-block-nfs-8.2.6-150600.3.9.1 * qemu-ivshmem-tools-debuginfo-8.2.6-150600.3.9.1 * qemu-extra-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-s390x-virtio-gpu-ccw-8.2.6-150600.3.9.1 * qemu-audio-jack-8.2.6-150600.3.9.1 * qemu-arm-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-8.2.6-150600.3.9.1 * qemu-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-opengl-debuginfo-8.2.6-150600.3.9.1 * qemu-debugsource-8.2.6-150600.3.9.1 * qemu-ui-spice-core-debuginfo-8.2.6-150600.3.9.1 * qemu-x86-8.2.6-150600.3.9.1 * qemu-block-gluster-8.2.6-150600.3.9.1 * qemu-ppc-8.2.6-150600.3.9.1 * qemu-accel-qtest-8.2.6-150600.3.9.1 * qemu-audio-alsa-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-debuginfo-8.2.6-150600.3.9.1 * qemu-block-dmg-8.2.6-150600.3.9.1 * qemu-vhost-user-gpu-8.2.6-150600.3.9.1 * qemu-s390x-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-alsa-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-oss-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-8.2.6-150600.3.9.1 * qemu-ui-spice-app-8.2.6-150600.3.9.1 * qemu-linux-user-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-spice-app-debuginfo-8.2.6-150600.3.9.1 * qemu-block-dmg-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-spice-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-smartcard-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * qemu-chardev-baum-8.2.6-150600.3.9.1 * qemu-audio-dbus-debuginfo-8.2.6-150600.3.9.1 * qemu-chardev-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-block-iscsi-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-spice-debuginfo-8.2.6-150600.3.9.1 * qemu-ksm-8.2.6-150600.3.9.1 * qemu-ui-opengl-8.2.6-150600.3.9.1 * qemu-hw-usb-host-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-dbus-8.2.6-150600.3.9.1 * qemu-8.2.6-150600.3.9.1 * qemu-lang-8.2.6-150600.3.9.1 * qemu-ui-curses-8.2.6-150600.3.9.1 * qemu-chardev-spice-8.2.6-150600.3.9.1 * qemu-block-rbd-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-curses-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-spice-core-8.2.6-150600.3.9.1 * qemu-ui-dbus-debuginfo-8.2.6-150600.3.9.1 * qemu-block-rbd-8.2.6-150600.3.9.1 * qemu-block-nfs-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-debuginfo-8.2.6-150600.3.9.1 * qemu-guest-agent-debuginfo-8.2.6-150600.3.9.1 * qemu-block-ssh-8.2.6-150600.3.9.1 * qemu-block-nfs-8.2.6-150600.3.9.1 * qemu-ui-spice-core-debuginfo-8.2.6-150600.3.9.1 * qemu-chardev-baum-debuginfo-8.2.6-150600.3.9.1 * qemu-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-qxl-8.2.6-150600.3.9.1 * qemu-block-ssh-debuginfo-8.2.6-150600.3.9.1 * qemu-debugsource-8.2.6-150600.3.9.1 * qemu-spice-8.2.6-150600.3.9.1 * qemu-block-curl-8.2.6-150600.3.9.1 * qemu-ui-opengl-debuginfo-8.2.6-150600.3.9.1 * qemu-block-curl-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-usb-host-8.2.6-150600.3.9.1 * qemu-headless-8.2.6-150600.3.9.1 * qemu-guest-agent-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-pipewire-8.2.6-150600.3.9.1 * qemu-block-iscsi-8.2.6-150600.3.9.1 * qemu-hw-usb-redirect-8.2.6-150600.3.9.1 * qemu-audio-pipewire-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-dbus-8.2.6-150600.3.9.1 * qemu-audio-spice-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-vga-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (aarch64) * qemu-arm-debuginfo-8.2.6-150600.3.9.1 * qemu-arm-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (noarch) * qemu-vgabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-SLOF-8.2.6-150600.3.9.1 * qemu-skiboot-8.2.6-150600.3.9.1 * qemu-seabios-8.2.61.16.3_3_ga95067eb-150600.3.9.1 * qemu-ipxe-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (aarch64 ppc64le x86_64) * qemu-ui-gtk-8.2.6-150600.3.9.1 * qemu-ui-spice-app-debuginfo-8.2.6-150600.3.9.1 * qemu-ui-spice-app-8.2.6-150600.3.9.1 * qemu-ui-gtk-debuginfo-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (ppc64le) * qemu-ppc-8.2.6-150600.3.9.1 * qemu-ppc-debuginfo-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (s390x x86_64) * qemu-hw-display-virtio-gpu-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-pci-8.2.6-150600.3.9.1 * qemu-hw-display-virtio-gpu-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (s390x) * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-8.2.6-150600.3.9.1 * qemu-s390x-8.2.6-150600.3.9.1 * qemu-s390x-debuginfo-8.2.6-150600.3.9.1 * qemu-hw-s390x-virtio-gpu-ccw-8.2.6-150600.3.9.1 * Server Applications Module 15-SP6 (x86_64) * qemu-audio-alsa-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-8.2.6-150600.3.9.1 * qemu-audio-alsa-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-pa-debuginfo-8.2.6-150600.3.9.1 * qemu-accel-tcg-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-x86-8.2.6-150600.3.9.1 * qemu-x86-debuginfo-8.2.6-150600.3.9.1 * qemu-audio-pa-8.2.6-150600.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2024-4467.html * https://www.suse.com/security/cve/CVE-2024-7409.html * https://bugzilla.suse.com/show_bug.cgi?id=1227322 * https://bugzilla.suse.com/show_bug.cgi?id=1229007

1 0

SUSE-SU-2024:2786-1: important: Security update for java-1_8_0-openjdk
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2024:2786-1 Rating: important References: * bsc#1228046 * bsc#1228047 * bsc#1228048 * bsc#1228050 * bsc#1228051 * bsc#1228052 Cross-References: * CVE-2024-21131 * CVE-2024-21138 * CVE-2024-21140 * CVE-2024-21144 * CVE-2024-21145 * CVE-2024-21147 CVSS scores: * CVE-2024-21131 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21138 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21140 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21144 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21147 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * Legacy Module 15-SP5 * Legacy Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u422 (icedtea-3.32.0): * Security fixes * JDK-8314794, CVE-2024-21131, bsc#1228046: Improve UTF8 String supports * JDK-8319859, CVE-2024-21138, bsc#1228047: Better symbol storage * JDK-8320097: Improve Image transformations * JDK-8320548, CVE-2024-21140, bsc#1228048: Improved loop handling * JDK-8322106, CVE-2024-21144, bsc#1228050: Enhance Pack 200 loading * JDK-8323231, CVE-2024-21147, bsc#1228052: Improve array management * JDK-8323390: Enhance mask blit functionality * JDK-8324559, CVE-2024-21145, bsc#1228051: Improve 2D image handling * JDK-8325600: Better symbol storage * Import of OpenJDK 8 u422 build 05 * JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105 * JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings * JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/ /bug7123767.java: number of checked graphics configurations should be limited * JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails * JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails * JDK-8205407: [windows, vs<2017] C4800 after 8203197 * JDK-8235834: IBM-943 charset encoder needs updating * JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly" * JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled * JDK-8256152: tests fail because of ambiguous method resolution * JDK-8258855: Two tests sun/security/krb5/auto/ /ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3 * JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info. * JDK-8268916: Tests for AffirmTrust roots * JDK-8278067: Make HttpURLConnection default keep alive timeout configurable * JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 * JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value * JDK-8291638: Keep-Alive timeout of 0 should close connection immediately * JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections * JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL * JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM * JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 * JDK-8315020: The macro definition for LoongArch64 zero build is not accurate. * JDK-8316138: Add GlobalSign 2 TLS root certificates * JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows * JDK-8320005: Allow loading of shared objects with .a extension on AIX * JDK-8324185: [8u] Accept Xcode 12+ builds on macOS * JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing * JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test * JDK-8326686: Bump update version of OpenJDK: 8u422 * JDK-8327440: Fix "bad source file" error during beaninfo generation * JDK-8328809: [8u] Problem list some CA tests * JDK-8328825: Google CAInterop test failures * JDK-8329544: [8u] sun/security/krb5/auto/ /ReplayCacheTestProc.java cannot find the testlibrary * JDK-8331791: [8u] AIX build break from JDK-8320005 backport * JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test * JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes * Bug fixes * JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye * JDK-8333669: [8u] GHA: Dead VS2010 download link * JDK-8318039: GHA: Bump macOS and Xcode versions ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2786=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2786=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-2786=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-2786=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2786=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2786=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2786=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2786=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2786=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2786=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2786=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-src-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-accessibility-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.422-150000.3.97.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-src-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-accessibility-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * openSUSE Leap 15.6 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.422-150000.3.97.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21131.html * https://www.suse.com/security/cve/CVE-2024-21138.html * https://www.suse.com/security/cve/CVE-2024-21140.html * https://www.suse.com/security/cve/CVE-2024-21144.html * https://www.suse.com/security/cve/CVE-2024-21145.html * https://www.suse.com/security/cve/CVE-2024-21147.html * https://bugzilla.suse.com/show_bug.cgi?id=1228046 * https://bugzilla.suse.com/show_bug.cgi?id=1228047 * https://bugzilla.suse.com/show_bug.cgi?id=1228048 * https://bugzilla.suse.com/show_bug.cgi?id=1228050 * https://bugzilla.suse.com/show_bug.cgi?id=1228051 * https://bugzilla.suse.com/show_bug.cgi?id=1228052

1 0

SUSE-SU-2024:2980-1: important: Security update for kernel-firmware
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for kernel-firmware Announcement ID: SUSE-SU-2024:2980-1 Rating: important References: * bsc#1229069 Cross-References: * CVE-2023-31315 CVSS scores: * CVE-2023-31315 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for kernel-firmware fixes the following issues: CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2980=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2980=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2980=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2980=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2980=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2980=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2980=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2980=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2980=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2980=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-2980=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-2980=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-2980=1 ## Package List: * openSUSE Leap 15.4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Manager Proxy 4.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 * SUSE Manager Server 4.3 (noarch) * kernel-firmware-ath10k-20220509-150400.4.28.1 * kernel-firmware-bnx2-20220509-150400.4.28.1 * kernel-firmware-brcm-20220509-150400.4.28.1 * kernel-firmware-sound-20220509-150400.4.28.1 * kernel-firmware-chelsio-20220509-150400.4.28.1 * kernel-firmware-mellanox-20220509-150400.4.28.1 * kernel-firmware-platform-20220509-150400.4.28.1 * kernel-firmware-i915-20220509-150400.4.28.1 * kernel-firmware-liquidio-20220509-150400.4.28.1 * kernel-firmware-all-20220509-150400.4.28.1 * kernel-firmware-amdgpu-20220509-150400.4.28.1 * kernel-firmware-intel-20220509-150400.4.28.1 * kernel-firmware-usb-network-20220509-150400.4.28.1 * kernel-firmware-ti-20220509-150400.4.28.1 * kernel-firmware-nfp-20220509-150400.4.28.1 * kernel-firmware-bluetooth-20220509-150400.4.28.1 * kernel-firmware-iwlwifi-20220509-150400.4.28.1 * kernel-firmware-marvell-20220509-150400.4.28.1 * kernel-firmware-nvidia-20220509-150400.4.28.1 * kernel-firmware-prestera-20220509-150400.4.28.1 * kernel-firmware-radeon-20220509-150400.4.28.1 * kernel-firmware-atheros-20220509-150400.4.28.1 * kernel-firmware-media-20220509-150400.4.28.1 * kernel-firmware-qlogic-20220509-150400.4.28.1 * kernel-firmware-ath11k-20220509-150400.4.28.1 * kernel-firmware-mwifiex-20220509-150400.4.28.1 * kernel-firmware-network-20220509-150400.4.28.1 * kernel-firmware-dpaa2-20220509-150400.4.28.1 * ucode-amd-20220509-150400.4.28.1 * kernel-firmware-ueagle-20220509-150400.4.28.1 * kernel-firmware-mediatek-20220509-150400.4.28.1 * kernel-firmware-serial-20220509-150400.4.28.1 * kernel-firmware-realtek-20220509-150400.4.28.1 * kernel-firmware-qcom-20220509-150400.4.28.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31315.html * https://bugzilla.suse.com/show_bug.cgi?id=1229069

1 0

SUSE-SU-2024:2982-1: important: Security update for python311
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for python311 Announcement ID: SUSE-SU-2024:2982-1 Rating: important References: * bsc#1225660 * bsc#1226447 * bsc#1226448 * bsc#1227378 * bsc#1227999 * bsc#1228780 Cross-References: * CVE-2023-27043 * CVE-2024-0397 * CVE-2024-4032 * CVE-2024-6923 CVSS scores: * CVE-2023-27043 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-27043 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-0397 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2024-4032 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-6923 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities and has two security fixes can now be installed. ## Description: This update for python311 fixes the following issues: Security issues fixed: * CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) * CVE-2024-5642: Removed support for anything but OpenSSL 1.1.1 or newer (bsc#1227233) * CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448) Non-security issues fixed: * Fixed executable bits for /usr/bin/idle* (bsc#1227378). * Improve python reproducible builds (bsc#1227999) * Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660) * %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-2982=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2982=1 openSUSE-SLE-15.6-2024-2982=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2982=1 ## Package List: * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python311-3.11.9-150600.3.3.1 * python311-idle-3.11.9-150600.3.3.1 * python311-dbm-3.11.9-150600.3.3.1 * python311-devel-3.11.9-150600.3.3.1 * python311-core-debugsource-3.11.9-150600.3.3.1 * python311-debuginfo-3.11.9-150600.3.3.1 * python311-curses-3.11.9-150600.3.3.1 * python311-tk-3.11.9-150600.3.3.1 * python311-tk-debuginfo-3.11.9-150600.3.3.1 * python311-tools-3.11.9-150600.3.3.1 * python311-dbm-debuginfo-3.11.9-150600.3.3.1 * python311-curses-debuginfo-3.11.9-150600.3.3.1 * python311-debugsource-3.11.9-150600.3.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python311-doc-devhelp-3.11.9-150600.3.3.1 * python311-dbm-3.11.9-150600.3.3.1 * python311-tk-3.11.9-150600.3.3.1 * python311-debuginfo-3.11.9-150600.3.3.1 * python311-tools-3.11.9-150600.3.3.1 * python311-testsuite-3.11.9-150600.3.3.1 * python311-base-3.11.9-150600.3.3.1 * python311-idle-3.11.9-150600.3.3.1 * libpython3_11-1_0-3.11.9-150600.3.3.1 * python311-curses-3.11.9-150600.3.3.1 * python311-doc-3.11.9-150600.3.3.1 * python311-3.11.9-150600.3.3.1 * python311-devel-3.11.9-150600.3.3.1 * python311-core-debugsource-3.11.9-150600.3.3.1 * python311-testsuite-debuginfo-3.11.9-150600.3.3.1 * python311-tk-debuginfo-3.11.9-150600.3.3.1 * libpython3_11-1_0-debuginfo-3.11.9-150600.3.3.1 * python311-dbm-debuginfo-3.11.9-150600.3.3.1 * python311-base-debuginfo-3.11.9-150600.3.3.1 * python311-curses-debuginfo-3.11.9-150600.3.3.1 * python311-debugsource-3.11.9-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * python311-32bit-3.11.9-150600.3.3.1 * python311-base-32bit-3.11.9-150600.3.3.1 * python311-32bit-debuginfo-3.11.9-150600.3.3.1 * libpython3_11-1_0-32bit-3.11.9-150600.3.3.1 * python311-base-32bit-debuginfo-3.11.9-150600.3.3.1 * libpython3_11-1_0-32bit-debuginfo-3.11.9-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpython3_11-1_0-64bit-debuginfo-3.11.9-150600.3.3.1 * python311-64bit-debuginfo-3.11.9-150600.3.3.1 * python311-base-64bit-debuginfo-3.11.9-150600.3.3.1 * libpython3_11-1_0-64bit-3.11.9-150600.3.3.1 * python311-64bit-3.11.9-150600.3.3.1 * python311-base-64bit-3.11.9-150600.3.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libpython3_11-1_0-debuginfo-3.11.9-150600.3.3.1 * libpython3_11-1_0-3.11.9-150600.3.3.1 * python311-core-debugsource-3.11.9-150600.3.3.1 * python311-base-debuginfo-3.11.9-150600.3.3.1 * python311-base-3.11.9-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27043.html * https://www.suse.com/security/cve/CVE-2024-0397.html * https://www.suse.com/security/cve/CVE-2024-4032.html * https://www.suse.com/security/cve/CVE-2024-6923.html * https://bugzilla.suse.com/show_bug.cgi?id=1225660 * https://bugzilla.suse.com/show_bug.cgi?id=1226447 * https://bugzilla.suse.com/show_bug.cgi?id=1226448 * https://bugzilla.suse.com/show_bug.cgi?id=1227378 * https://bugzilla.suse.com/show_bug.cgi?id=1227999 * https://bugzilla.suse.com/show_bug.cgi?id=1228780

1 0

SUSE-SU-2024:2984-1: important: Security update for libqt5-qt3d
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for libqt5-qt3d Announcement ID: SUSE-SU-2024:2984-1 Rating: important References: * bsc#1228204 Cross-References: * CVE-2024-40724 CVSS scores: * CVE-2024-40724 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40724 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability can now be installed. ## Description: This update for libqt5-qt3d fixes the following issues: * CVE-2024-40724: Fixed a heap-based buffer overflow in the PLY importer class (bsc#1228204) * Checked for a nullptr returned from the shader manager * Fill image with transparency by default to avoid having junk if it's not filled properly before the first paint call * Fixed QTextureAtlas parenting that could lead to crashes due to being used after free'd ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2984=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2984=1 openSUSE-SLE-15.6-2024-2984=1 ## Package List: * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libQt53DInput5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-tools-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput5-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender5-5.15.12+kde0-150600.3.3.1 * libQt53DCore5-5.15.12+kde0-150600.3.3.1 * libQt53DQuick-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DInput5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuick5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DExtras5-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation5-5.15.12+kde0-150600.3.3.1 * libQt53DExtras-devel-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation5-debuginfo-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DInput-devel-5.15.12+kde0-150600.3.3.1 * libQt53DRender5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuick5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-debugsource-5.15.12+kde0-150600.3.3.1 * libQt53DCore5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput-devel-5.15.12+kde0-150600.3.3.1 * libQt53DExtras5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DLogic5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DLogic5-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D5-5.15.12+kde0-150600.3.3.1 * libQt53DRender5-5.15.12+kde0-150600.3.3.1 * libQt53DRender-devel-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DCore-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-imports-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D-devel-5.15.12+kde0-150600.3.3.1 * libQt53DLogic-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras5-5.15.12+kde0-150600.3.3.1 * Desktop Applications Module 15-SP6 (noarch) * libqt5-qt3d-private-headers-devel-5.15.12+kde0-150600.3.3.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libQt53DInput5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-tools-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput5-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender5-5.15.12+kde0-150600.3.3.1 * libQt53DCore5-5.15.12+kde0-150600.3.3.1 * libQt53DQuick-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DInput5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuick5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DExtras5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-examples-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation5-5.15.12+kde0-150600.3.3.1 * libQt53DExtras-devel-5.15.12+kde0-150600.3.3.1 * libQt53DAnimation5-debuginfo-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DInput-devel-5.15.12+kde0-150600.3.3.1 * libQt53DRender5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuick5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-debugsource-5.15.12+kde0-150600.3.3.1 * libQt53DCore5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DQuickInput-devel-5.15.12+kde0-150600.3.3.1 * libQt53DExtras5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DLogic5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DLogic5-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D5-5.15.12+kde0-150600.3.3.1 * libQt53DRender5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-examples-5.15.12+kde0-150600.3.3.1 * libQt53DRender-devel-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.12+kde0-150600.3.3.1 * libQt53DCore-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickRender-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation5-5.15.12+kde0-150600.3.3.1 * libqt5-qt3d-imports-5.15.12+kde0-150600.3.3.1 * libQt53DQuickScene2D-devel-5.15.12+kde0-150600.3.3.1 * libQt53DLogic-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickAnimation-devel-5.15.12+kde0-150600.3.3.1 * libQt53DQuickExtras5-5.15.12+kde0-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * libqt5-qt3d-private-headers-devel-5.15.12+kde0-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40724.html * https://bugzilla.suse.com/show_bug.cgi?id=1228204

1 0

SUSE-SU-2024:2985-1: important: Security update for libqt5-qtquick3d
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for libqt5-qtquick3d Announcement ID: SUSE-SU-2024:2985-1 Rating: important References: * bsc#1228199 Cross-References: * CVE-2024-40724 CVSS scores: * CVE-2024-40724 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40724 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for libqt5-qtquick3d fixes the following issues: * CVE-2024-40724: Fixed a heap-based buffer overflow in the PLY importer class (bsc#1228199) * Fixed progressive anti-aliasing, which doesn't work if any object in the scene used a PrincipledMaterial * Fixed a crash when a custom material/effect shader variable changes * Skipped processing unknown uniforms, as those that are vendor specific ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2985=1 openSUSE-SLE-15.6-2024-2985=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2985=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libqt5-qtquick3d-debuginfo-5.15.12+kde1-150600.3.3.1 * libQt5Quick3D5-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-examples-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-imports-debuginfo-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-private-headers-devel-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-tools-5.15.12+kde1-150600.3.3.1 * libQt5Quick3DAssetImport5-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-examples-debuginfo-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-tools-debuginfo-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-imports-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-devel-5.15.12+kde1-150600.3.3.1 * libQt5Quick3DAssetImport5-debuginfo-5.15.12+kde1-150600.3.3.1 * libQt5Quick3D5-debuginfo-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-debugsource-5.15.12+kde1-150600.3.3.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * libqt5-qtquick3d-debuginfo-5.15.12+kde1-150600.3.3.1 * libQt5Quick3D5-5.15.12+kde1-150600.3.3.1 * libQt5Quick3DAssetImport5-5.15.12+kde1-150600.3.3.1 * libQt5Quick3DAssetImport5-debuginfo-5.15.12+kde1-150600.3.3.1 * libQt5Quick3D5-debuginfo-5.15.12+kde1-150600.3.3.1 * libqt5-qtquick3d-debugsource-5.15.12+kde1-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40724.html * https://bugzilla.suse.com/show_bug.cgi?id=1228199

1 0

SUSE-SU-2024:2976-1: important: Security update for libqt5-qt3d
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for libqt5-qt3d Announcement ID: SUSE-SU-2024:2976-1 Rating: important References: * bsc#1228204 Cross-References: * CVE-2024-40724 CVSS scores: * CVE-2024-40724 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40724 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for libqt5-qt3d fixes the following issues: * CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class in assimp (bsc#1228204) Other fixes: \- Check for a nullptr returned from the shader manager \- Fill image with transparency by default to avoid having junk if it's not filled properly before the first paint call \- Fix QTextureAtlas parenting that could lead to crashes due to being used after free'd. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2976=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2976=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2976=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2976=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2976=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2976=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-examples-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-examples-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * openSUSE Leap 15.4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DCore-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1 * libQt53DAnimation5-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-5.15.2+kde39-150400.3.3.1 * libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DInput5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1 * libQt53DLogic5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1 * libQt53DCore5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuick5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-imports-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DRender-devel-5.15.2+kde39-150400.3.3.1 * libQt53DQuickExtras5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DExtras5-5.15.2+kde39-150400.3.3.1 * libQt53DQuickInput5-debuginfo-5.15.2+kde39-150400.3.3.1 * libqt5-qt3d-debugsource-5.15.2+kde39-150400.3.3.1 * libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-debuginfo-5.15.2+kde39-150400.3.3.1 * libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1 * libQt53DRender5-5.15.2+kde39-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-40724.html * https://bugzilla.suse.com/show_bug.cgi?id=1228204

1 0

SUSE-SU-2024:2974-1: important: Security update for python310
by OPENSUSE-SECURITY-UPDATES 20 Aug '24

20 Aug '24

# Security update for python310 Announcement ID: SUSE-SU-2024:2974-1 Rating: important References: * bsc#1225660 * bsc#1227378 * bsc#1227999 * bsc#1228780 Cross-References: * CVE-2024-6923 CVSS scores: * CVE-2024-6923 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability and has three security fixes can now be installed. ## Description: This update for python310 fixes the following issues: Security issue fixed: * CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) Non-security issues fixed: * Improve python reproducible builds (bsc#1227999) * Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660) * Fixed executable bits for /usr/bin/idle* (bsc#1227378). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2974=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2974=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2974=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2974=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2974=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2974=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2974=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2974=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-testsuite-debuginfo-3.10.14-150400.4.54.1 * python310-testsuite-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-doc-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-doc-devhelp-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * openSUSE Leap 15.5 (x86_64) * python310-32bit-3.10.14-150400.4.54.1 * python310-base-32bit-debuginfo-3.10.14-150400.4.54.1 * python310-base-32bit-3.10.14-150400.4.54.1 * python310-32bit-debuginfo-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-debuginfo-3.10.14-150400.4.54.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-testsuite-debuginfo-3.10.14-150400.4.54.1 * python310-testsuite-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-doc-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-doc-devhelp-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * openSUSE Leap 15.6 (x86_64) * python310-32bit-3.10.14-150400.4.54.1 * python310-base-32bit-debuginfo-3.10.14-150400.4.54.1 * python310-base-32bit-3.10.14-150400.4.54.1 * python310-32bit-debuginfo-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-debuginfo-3.10.14-150400.4.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * libpython3_10-1_0-3.10.14-150400.4.54.1 * python310-testsuite-debuginfo-3.10.14-150400.4.54.1 * python310-testsuite-3.10.14-150400.4.54.1 * python310-debugsource-3.10.14-150400.4.54.1 * python310-tk-debuginfo-3.10.14-150400.4.54.1 * python310-core-debugsource-3.10.14-150400.4.54.1 * python310-devel-3.10.14-150400.4.54.1 * python310-dbm-debuginfo-3.10.14-150400.4.54.1 * python310-base-3.10.14-150400.4.54.1 * python310-dbm-3.10.14-150400.4.54.1 * python310-debuginfo-3.10.14-150400.4.54.1 * python310-idle-3.10.14-150400.4.54.1 * python310-tk-3.10.14-150400.4.54.1 * python310-base-debuginfo-3.10.14-150400.4.54.1 * python310-curses-debuginfo-3.10.14-150400.4.54.1 * python310-3.10.14-150400.4.54.1 * python310-doc-3.10.14-150400.4.54.1 * libpython3_10-1_0-debuginfo-3.10.14-150400.4.54.1 * python310-curses-3.10.14-150400.4.54.1 * python310-doc-devhelp-3.10.14-150400.4.54.1 * python310-tools-3.10.14-150400.4.54.1 * openSUSE Leap 15.4 (x86_64) * python310-32bit-3.10.14-150400.4.54.1 * python310-base-32bit-debuginfo-3.10.14-150400.4.54.1 * python310-base-32bit-3.10.14-150400.4.54.1 * python310-32bit-debuginfo-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-3.10.14-150400.4.54.1 * libpython3_10-1_0-32bit-debuginfo-3.10.14-150400.4.54.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libpython3_10-1_0-64bit-debuginfo-3.10.14-150400.4.54.1 * python310-base-64bit-3.10.14-150400.4.54.1 * python310-64bit-3.10.14-150400.4.54.1 * libpython3_10-1_0-64bit-3.10.14-150400.4.54.1 * python310-64bit-debuginfo-3.10.14-150400.4.54.1 * python310-base-64bit-debuginfo-3.10.14-150400.4.54.1 ## References: * https://www.suse.com/security/cve/CVE-2024-6923.html * https://bugzilla.suse.com/show_bug.cgi?id=1225660 * https://bugzilla.suse.com/show_bug.cgi?id=1227378 * https://bugzilla.suse.com/show_bug.cgi?id=1227999 * https://bugzilla.suse.com/show_bug.cgi?id=1228780

1 0

SUSE-SU-2024:2961-1: moderate: Security update for osc
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for osc Announcement ID: SUSE-SU-2024:2961-1 Rating: moderate References: * bsc#1122683 * bsc#1212476 * bsc#1218170 * bsc#1221340 * bsc#1225911 Cross-References: * CVE-2024-22034 CVSS scores: * CVE-2024-22034 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP5 * Development Tools Module 15-SP6 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves one vulnerability and has four security fixes can now be installed. ## Description: This update for osc fixes the following issues: * 1.9.0 * Security: * Fix possibility to overwrite special files in .osc (CVE-2024-22034 bsc#1225911) Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. * Command-line: * Introduce build --checks parameter * Library: * OscConfigParser: Remove automatic **name** option * 1.8.3 * Command-line: * Change 'repairwc' command to always run all repair steps * Library: * Make most of the fields in KeyinfoPubkey and KeyinfoSslcert models optional * Fix colorize() to avoid wrapping empty string into color escape sequences * Provide default values for kwargs.get/pop in get_results() function * 1.8.2 * Library: * Change 'repairwc' command to fix missing .osc/_osclib_version * Make error message in check_store_version() more generic to work for both projects and packages * Fix check_store_version in project store * 1.8.1 * Command-line: * Fix 'linkpac' command crash when used with '\--disable-build' or '\--disable-publish' option * 1.8.0 * Command-line: * Improve 'submitrequest' command to inherit description from superseded request * Fix 'mv' command when renaming a file multiple times * Improve 'info' command to support projects * Improve 'getbinaries' command by accepting '-M' / '\--multibuild-package' option outside checkouts * Add architecture filtering to 'release' command * Change 'results' command so the normal and multibuild packages have the same output * Change 'results' command to use csv writer instead of formatting csv as string * Add couple mutually exclusive options errors to 'results' command * Set a default value for 'results --format' only for the csv output * Add support for 'results --format' for the default text mode * Update help text for '\--format' option in 'results' command * Add 'results --fail-on-error/-F' flag * Redirect venv warnings from stderr to debug output * Configuration: * Fix config parser to throw an exception on duplicate sections or options * Modify conf.get_config() to print permissions warning to stderr rather than stdout * Library: * Run check_store_version() in obs_scm.Store and fix related code in Project and Package * Forbid extracting files with absolute path from 'cpio' archives (bsc#1122683) * Forbid extracting files with absolute path from 'ar' archives (bsc#1122683) * Remove no longer valid warning from core.unpack_srcrpm() * Make obs_api.KeyinfoSslcert keyid and fingerprint fields optional * Fix return value in build build.create_build_descr_data() * Fix core.get_package_results() to obey 'multibuild_packages' argument * Tests: * Fix tests so they don't modify fixtures * 1.7.0 * Command-line: * Add 'person search' command * Add 'person register' command * Add '-M/--multibuild-package' option to '[what]dependson' commands * Update '-U/--user' option in 'maintainer' command to accept also an email address * Fix 'branch' command to allow using '\--new-package' option on packages that do not exist * Fix 'buildinfo' command to include obs:cli_debug_packages by default * Fix 'buildinfo' command to send complete local build environment as the 'build' command does * Fix 'maintainer --devel-project' to raise an error if running outside a working copy without any arguments * Fix handling arguments in 'service remoterun prj/pac' * Fix 'rebuild' command so the '\--all' option conflicts with the 'package' argument * Fix crash when removing 'scmsync' element from dst package meta in 'linkpac' command * Fix crash when reading dst package meta in 'linkpac' command * Allow `osc rpmlint` to infer prj/pkg from CWD * Propagate exit code from the run() and do_() commandline methods * Give a hint where a scmsync git is hosted * Fix crash in 'updatepacmetafromspec' command when working with an incomplete spec * Improve 'updatepacmetafromspec' command to expand rpm spec macros by calling rpmspec to query the data * Improve 'build' and 'buildinfo' commands by uploading *.inc files to OBS for parsing BuildRequires (bsc#1221340) * Improve 'service' command by printing names of running services * Improve 'getbinaries' command by ignoring source and debuginfo filters when a binary name is specified * Change 'build' command to pass '\--jobs' option to 'build' tool only if 'build_jobs' > 0 * Clarify 'list' command's help that that listing binaries doesn't contain md5 checksums * Improve 'log' command: produce proper CSV and XML outputs, add -p/--patch option for the text output * Allow setlinkrev to set a specific vrev * Document '\--buildtool-opt=--noclean' example in 'build' command's help * Fix handling the default package argument on the command-line * Configuration: * Document loading configuration from env variables * Connection: * Don't retry on error 400 * Remove now unused 'retry_on_400' http_request() option from XmlModel * Revert "Don't retry on 400 HTTP status code in core.server_diff()" * Revert "connection: Allow disabling retry on 400 HTTP status code" * Authentication: * Update SignatureAuthHandler to support specifying ssh key by its fingerprint * Use ssh key from ssh agent that contains comment 'obs=<apiurl-hostname>' * Use strings instead of bytes in SignatureAuthHandler * Cache password from SecretService to avoid spamming user with an accept dialog * Never ask for credentials when displaying help * Remove unused SignatureAuthHandler.get_fingerprint() * Library: * Add rootless build support for 'qemu' VM type * Support package linking of packages from scmsync projects * Fix do_createrequest() function to return None instead of request id * Replace invalid 'if' with 'elif' in BaseModel.dict() * Fix crash when no prefered packages are defined * Add XmlModel class that encapsulates manipulation with XML * Add obs_api.Person.cmd_register() for registering new users * Fix conf.get_config() to ignore file type bits when comparing oscrc perms * Fix conf.get_config() to correctly handle overrides when env variables are set * Fix output.tty.IS_INTERACTIVE when os.isatty() throws OSError * Improve cmdln.HelpFormatter to obey newline characters * Update list of color codes in 'output.tty' module * Remove core.setDevelProject() in favor of core.set_devel_project() * Move removing control characters to output.sanitize_text() * Improve sanitize_text() to keep selected CSI escape sequences * Add output.pipe_to_pager() that pipes lines to a pager without creating an intermediate temporary file * Fix output.safe_write() in connection with NamedTemporaryFile * Modernize output.run_pager() * Extend output.print_msg() to accept 'error' and 'warning' values of 'to_print' argument * Add XPathQuery class for translating keyword arguments to an xpath query * Add obs_api.Keyinfo class * Add obs_api.Package class * Add Package.get_revision_list() for listing commit log * Add obs_api.PackageSources class for handling OBS SCM sources * Add obs_api.Person class * Add obs_api.Project class * Add obs_api.Request class * Add obs_api.Token class * Allow storing apiurl in the XmlModel instances * Allow retrieving default field value from top-level model * Fix BaseModel to convert dictionaries to objects on retrieving a model list * Fix BaseModel to always deepcopy mutable defaults on first use * Implement do_snapshot() and has_changed() methods to determine changes in BaseModel * Implement total ordering on BaseModel * Add comments with available attributes/elements to edited XML * Refactoring: * Migrate repo {list,add,remove} commands to obs_api.Project * Migrate core.show_package_disabled_repos() to obs_api.Package * Migrate core.Package.update_package_meta() to obs_api.Package * Migrate core.get_repos_of_project() to obs_api.Project * Migrate core.get_repositories_of_project() to obs_api.Project * Migrate core.show_scmsync() to obs_api.{Package,Project} * Migrate core.set_devel_project() to obs_api.Package * Migrate core.show_devel_project() to obs_api.Package * Migrate Fetcher.run() to obs_api.Keyinfo * Migrate core.create_submit_request() to obs_api.Request * Migrate 'token' command to obs_api.Token * Migrate 'whois/user' command to obs_api.Person * Migrate 'signkey' command to obs_api.Keyinfo * Move print_msg() to the 'osc.output' module * Move run_pager() and get_default_pager() from 'core' to 'output' module * Move core.Package to obs_scm.Package * Move core.Project to obs_scm.Project * Move functions manipulating store from core to obs_scm.store * Move store.Store to obs_scm.Store * Move core.Linkinfo to obs_scm.Linkinfo * Move core.Serviceinfo to obs_scm.Serviceinfo * Move core.File to obs_scm.File * Merge _private.project.ProjectMeta into obs_api.Project * Spec: * Remove dependency on /usr/bin/python3 using %python3_fix_shebang macro (bsc#1212476) * 1.6.2 * Command-line: * Fix 'branch' command to allow using '\--new-package' option on packages that do not exist * Fix 'buildinfo' command to include obs:cli_debug_packages by default * Fix 'buildinfo' command to send complete local build environment as the 'build' command does * Allow `osc rpmlint` to infer prj/pkg from CWD * Propagate exit code from the run() and do_() commandline methods * Give a hint where a scmsync git is hosted * Fix crash in 'updatepacmetafromspec' command when working with an incomplete spec * Authentication: * Cache password from SecretService to avoid spamming user with an accept dialog * Never ask for credentials when displaying help * Library: * Support package linking of packages from scmsync projects * Fix do_createrequest() function to return None instead of request id * Replace invalid 'if' with 'elif' in BaseModel.dict() * Fix crash when no prefered packages are defined * 1.6.1 * Command-line: * Use busybox compatible commands for completion * Change 'wipe' command to use the new get_user_input() function * Fix error 500 in running 'meta attribute <prj>' * Configuration: * Fix resolving config symlink to the actual config file * Honor XDG_CONFIG_HOME and XDG_CACHE_HOME env vars * Warn about ignoring XDG_CONFIG_HOME and ~/.config/osc/oscrc if ~/.oscrc exists * Library: * Error out when branching a scmsync package * New get_user_input() function for consistent handling of user input * Move xml_indent, xml_quote and xml_unquote to osc.util.xml module * Refactor makeurl(), deprecate query taking string or list arguments, drop osc_urlencode() * Remove all path quoting, rely on makeurl() * Always use dict query in makeurl() * Fix core.slash_split() to strip both leading and trailing slashes * 1.6.0 * Command-line: * The 'token --trigger' command no longer sets '\--operation=runservice' by default. * Change 'token --create' command to require '\--operation' * Fix 'linkdiff' command error 400: prj/pac/md5 not in repository * Update 'build' command to support building 'productcompose' build type with updateinfo.xml data * Don't show meter in terminals that are not interactive * Fix traceback when running osc from an arbitrary git repo that fails to map branch to a project (bsc#1218170) * Configuration: * Implement reading credentials from environmental variables * Allow starting with an empty config if --configfile is either empty or points to /dev/null * Implement 'quiet' conf option * Password can be an empty string (commonly used with ssh auth) * Connection: * Allow -X HEAD on osc api requests as well * Library: * Fix credentials managers to consistently return Password * Fix Password.encode() on python < 3.8 * Refactor 'meter' module, use config settings to pick the right class * Convert to using f-strings * Use Field.get_callback to handle quiet/verbose and http_debug/http_full_debug options * Implement get_callback that allows modifying returned value to the Field class * Add support for List[BaseModel] type to Field class * Report class name when reporting an error during instantiating BaseModel object * Fix exporting an empty model field in BaseModel.dict() * Fix initializing a sub-model instance from a dictionary * Implement 'Enum' support in models * Fix Field.origin_type for Optional types * Drop unused 'exclude_unset' argument from BaseModel.dict() method * Store cached model defaults in self._defaults, avoid sharing references to mutable defaults * Limit model attributes to predefined fields by forbidding creating new attributes on fly * Store model values in self._values dict instead of private attributes * Spec: * Recommend openssh-clients for ssh-add that is required during ssh auth * Add 0%{?amzn} macro that wasn't usptreamed ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2961=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2961=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2961=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-2961=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2961=1 ## Package List: * openSUSE Leap 15.4 (noarch) * osc-1.9.0-150400.10.6.1 * openSUSE Leap 15.5 (noarch) * osc-1.9.0-150400.10.6.1 * openSUSE Leap 15.6 (noarch) * osc-1.9.0-150400.10.6.1 * Development Tools Module 15-SP5 (noarch) * osc-1.9.0-150400.10.6.1 * Development Tools Module 15-SP6 (noarch) * osc-1.9.0-150400.10.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-22034.html * https://bugzilla.suse.com/show_bug.cgi?id=1122683 * https://bugzilla.suse.com/show_bug.cgi?id=1212476 * https://bugzilla.suse.com/show_bug.cgi?id=1218170 * https://bugzilla.suse.com/show_bug.cgi?id=1221340 * https://bugzilla.suse.com/show_bug.cgi?id=1225911

1 0

SUSE-SU-2024:2970-1: moderate: Security update for python-WebOb
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-WebOb Announcement ID: SUSE-SU-2024:2970-1 Rating: moderate References: * bsc#1229221 Cross-References: * CVE-2024-42353 CVSS scores: * CVE-2024-42353 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.6 An update that solves one vulnerability can now be installed. ## Description: This update for python-WebOb fixes the following issues: * CVE-2024-42353: Fixed open redirect via WebOb's Response object in Location header (bsc#1229221) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-2970=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2970=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-WebOb-1.8.7-150400.11.6.1 * openSUSE Leap 15.6 (noarch) * python311-WebOb-1.8.7-150400.11.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-42353.html * https://bugzilla.suse.com/show_bug.cgi?id=1229221

1 0

SUSE-SU-2024:1464-1: important: Security update for jasper
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for jasper Announcement ID: SUSE-SU-2024:1464-1 Rating: important References: * bsc#1223155 Cross-References: * CVE-2024-31744 CVSS scores: * CVE-2024-31744 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for jasper fixes the following issues: * CVE-2024-31744: Fixed denial of service through assertion failure in jpc_streamlist_remove() (bsc#1223155). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1464=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1464=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2024-1464=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1464=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1464=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1464=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1464=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1464=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1464=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1464=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1464=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1464=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1464=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1464=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1464=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2024-1464=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1464=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1464=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * jasper-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * openSUSE Leap 15.5 (x86_64) * libjasper4-32bit-2.0.14-150000.3.34.1 * libjasper4-32bit-debuginfo-2.0.14-150000.3.34.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Manager Proxy 4.3 (x86_64) * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libjasper-devel-2.0.14-150000.3.34.1 * jasper-debugsource-2.0.14-150000.3.34.1 * libjasper4-2.0.14-150000.3.34.1 * libjasper4-debuginfo-2.0.14-150000.3.34.1 * jasper-debuginfo-2.0.14-150000.3.34.1 ## References: * https://www.suse.com/security/cve/CVE-2024-31744.html * https://bugzilla.suse.com/show_bug.cgi?id=1223155

1 0

SUSE-SU-2024:1486-1: moderate: Security update for cosign
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for cosign Announcement ID: SUSE-SU-2024:1486-1 Rating: moderate References: * bsc#1222835 * bsc#1222837 * jsc#SLE-23879 Cross-References: * CVE-2024-29902 * CVE-2024-29903 CVSS scores: * CVE-2024-29902 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2024-29903 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for cosign fixes the following issues: * CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments (bsc#1222835) * CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts (bsc#1222837) Other fixes: \- Updated to 2.2.4 (jsc#SLE-23879) * Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661) * ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526) * fix semgrep issues for dgryski.semgrep-go ruleset (#3541) * Honor creation timestamp for signatures again (#3549) * Features * Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1486=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1486=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1486=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * cosign-debuginfo-2.2.4-150400.3.20.1 * cosign-2.2.4-150400.3.20.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cosign-2.2.4-150400.3.20.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cosign-2.2.4-150400.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2024-29902.html * https://www.suse.com/security/cve/CVE-2024-29903.html * https://bugzilla.suse.com/show_bug.cgi?id=1222835 * https://bugzilla.suse.com/show_bug.cgi?id=1222837 * https://jira.suse.com/browse/SLE-23879

1 0

SUSE-SU-2024:1489-1: important: Security update for the Linux Kernel
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:1489-1 Rating: important References: * bsc#1184942 * bsc#1186060 * bsc#1192145 * bsc#1194516 * bsc#1208995 * bsc#1209635 * bsc#1209657 * bsc#1212514 * bsc#1213456 * bsc#1217987 * bsc#1217988 * bsc#1217989 * bsc#1218336 * bsc#1218447 * bsc#1218479 * bsc#1218562 * bsc#1219170 * bsc#1219264 * bsc#1220320 * bsc#1220340 * bsc#1220366 * bsc#1220400 * bsc#1220411 * bsc#1220413 * bsc#1220414 * bsc#1220425 * bsc#1220426 * bsc#1220429 * bsc#1220432 * bsc#1220442 * bsc#1220445 * bsc#1220465 * bsc#1220468 * bsc#1220475 * bsc#1220484 * bsc#1220486 * bsc#1220487 * bsc#1220516 * bsc#1220521 * bsc#1220528 * bsc#1220529 * bsc#1220532 * bsc#1220554 * bsc#1220556 * bsc#1220557 * bsc#1220560 * bsc#1220561 * bsc#1220566 * bsc#1220575 * bsc#1220580 * bsc#1220583 * bsc#1220611 * bsc#1220615 * bsc#1220621 * bsc#1220625 * bsc#1220630 * bsc#1220631 * bsc#1220638 * bsc#1220639 * bsc#1220640 * bsc#1220641 * bsc#1220662 * bsc#1220663 * bsc#1220669 * bsc#1220670 * bsc#1220677 * bsc#1220678 * bsc#1220685 * bsc#1220687 * bsc#1220688 * bsc#1220692 * bsc#1220697 * bsc#1220703 * bsc#1220706 * bsc#1220733 * bsc#1220734 * bsc#1220739 * bsc#1220743 * bsc#1220745 * bsc#1220749 * bsc#1220751 * bsc#1220753 * bsc#1220758 * bsc#1220759 * bsc#1220764 * bsc#1220768 * bsc#1220769 * bsc#1220777 * bsc#1220779 * bsc#1220785 * bsc#1220790 * bsc#1220794 * bsc#1220824 * bsc#1220826 * bsc#1220829 * bsc#1220836 * bsc#1220846 * bsc#1220850 * bsc#1220861 * bsc#1220871 * bsc#1220883 * bsc#1220946 * bsc#1220954 * bsc#1220969 * bsc#1220979 * bsc#1220982 * bsc#1220985 * bsc#1220987 * bsc#1221015 * bsc#1221044 * bsc#1221058 * bsc#1221061 * bsc#1221077 * bsc#1221088 * bsc#1221276 * bsc#1221293 * bsc#1221532 * bsc#1221534 * bsc#1221541 * bsc#1221548 * bsc#1221552 * bsc#1221575 * bsc#1221605 * bsc#1221606 * bsc#1221608 * bsc#1221830 * bsc#1221931 * bsc#1221932 * bsc#1221934 * bsc#1221935 * bsc#1221949 * bsc#1221952 * bsc#1221965 * bsc#1221966 * bsc#1221969 * bsc#1221973 * bsc#1221974 * bsc#1221978 * bsc#1221989 * bsc#1221990 * bsc#1221991 * bsc#1221992 * bsc#1221993 * bsc#1221994 * bsc#1221996 * bsc#1221997 * bsc#1221998 * bsc#1221999 * bsc#1222000 * bsc#1222001 * bsc#1222002 * bsc#1222003 * bsc#1222004 * bsc#1222117 * bsc#1222422 * bsc#1222585 * bsc#1222619 * bsc#1222660 * bsc#1222664 * bsc#1222669 * bsc#1222706 * jsc#PED-5759 * jsc#SLE-13706 * jsc#SLE-15131 * jsc#SLE-15172 * jsc#SLE-15176 Cross-References: * CVE-2020-36780 * CVE-2020-36781 * CVE-2020-36782 * CVE-2020-36783 * CVE-2021-23134 * CVE-2021-29155 * CVE-2021-46908 * CVE-2021-46909 * CVE-2021-46911 * CVE-2021-46914 * CVE-2021-46917 * CVE-2021-46918 * CVE-2021-46919 * CVE-2021-46920 * CVE-2021-46921 * CVE-2021-46922 * CVE-2021-46930 * CVE-2021-46931 * CVE-2021-46933 * CVE-2021-46938 * CVE-2021-46939 * CVE-2021-46943 * CVE-2021-46944 * CVE-2021-46950 * CVE-2021-46951 * CVE-2021-46956 * CVE-2021-46958 * CVE-2021-46959 * CVE-2021-46960 * CVE-2021-46961 * CVE-2021-46962 * CVE-2021-46963 * CVE-2021-46971 * CVE-2021-46976 * CVE-2021-46980 * CVE-2021-46981 * CVE-2021-46983 * CVE-2021-46984 * CVE-2021-46988 * CVE-2021-46990 * CVE-2021-46991 * CVE-2021-46992 * CVE-2021-46998 * CVE-2021-47000 * CVE-2021-47001 * CVE-2021-47003 * CVE-2021-47006 * CVE-2021-47009 * CVE-2021-47013 * CVE-2021-47014 * CVE-2021-47015 * CVE-2021-47017 * CVE-2021-47020 * CVE-2021-47026 * CVE-2021-47034 * CVE-2021-47035 * CVE-2021-47038 * CVE-2021-47044 * CVE-2021-47045 * CVE-2021-47046 * CVE-2021-47049 * CVE-2021-47051 * CVE-2021-47055 * CVE-2021-47056 * CVE-2021-47058 * CVE-2021-47061 * CVE-2021-47063 * CVE-2021-47065 * CVE-2021-47068 * CVE-2021-47069 * CVE-2021-47070 * CVE-2021-47071 * CVE-2021-47073 * CVE-2021-47077 * CVE-2021-47082 * CVE-2021-47087 * CVE-2021-47095 * CVE-2021-47097 * CVE-2021-47100 * CVE-2021-47101 * CVE-2021-47109 * CVE-2021-47110 * CVE-2021-47112 * CVE-2021-47114 * CVE-2021-47117 * CVE-2021-47118 * CVE-2021-47119 * CVE-2021-47120 * CVE-2021-47130 * CVE-2021-47136 * CVE-2021-47137 * CVE-2021-47138 * CVE-2021-47139 * CVE-2021-47141 * CVE-2021-47142 * CVE-2021-47144 * CVE-2021-47150 * CVE-2021-47153 * CVE-2021-47160 * CVE-2021-47161 * CVE-2021-47164 * CVE-2021-47165 * CVE-2021-47166 * CVE-2021-47167 * CVE-2021-47168 * CVE-2021-47169 * CVE-2021-47170 * CVE-2021-47171 * CVE-2021-47172 * CVE-2021-47173 * CVE-2021-47174 * CVE-2021-47175 * CVE-2021-47176 * CVE-2021-47177 * CVE-2021-47179 * CVE-2021-47180 * CVE-2021-47181 * CVE-2021-47183 * CVE-2021-47185 * CVE-2021-47189 * CVE-2022-0487 * CVE-2022-4744 * CVE-2022-48626 * CVE-2023-0160 * CVE-2023-1192 * CVE-2023-28746 * CVE-2023-35827 * CVE-2023-52454 * CVE-2023-52469 * CVE-2023-52470 * CVE-2023-52474 * CVE-2023-52476 * CVE-2023-52477 * CVE-2023-52492 * CVE-2023-52500 * CVE-2023-52508 * CVE-2023-52509 * CVE-2023-52572 * CVE-2023-52575 * CVE-2023-52583 * CVE-2023-52590 * CVE-2023-52591 * CVE-2023-52607 * CVE-2023-52628 * CVE-2023-6270 * CVE-2023-6356 * CVE-2023-6531 * CVE-2023-6535 * CVE-2023-6536 * CVE-2023-7042 * CVE-2023-7192 * CVE-2024-22099 * CVE-2024-26600 * CVE-2024-26614 * CVE-2024-26642 * CVE-2024-26704 * CVE-2024-26733 CVSS scores: * CVE-2020-36780 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36781 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36782 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2020-36783 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-23134 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-23134 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-29155 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-29155 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46908 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46908 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46909 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46909 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-46914 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46914 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46917 ( SUSE ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L * CVE-2021-46917 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46918 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-46918 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46919 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46919 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46920 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46920 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2021-46921 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46922 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46922 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46930 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2021-46930 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46931 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46931 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46933 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2021-46933 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46938 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H * CVE-2021-46938 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-46939 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46939 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46943 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-46944 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46944 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46950 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2021-46950 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-46951 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46951 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46956 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46958 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46959 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-46960 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46961 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46962 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46963 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46971 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2021-46976 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46980 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46981 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46983 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46984 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46990 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-46991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-46992 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2021-46998 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47000 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2021-47001 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47003 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47006 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47009 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2021-47013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47014 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2021-47015 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47017 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47020 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-47026 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47034 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47035 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2021-47038 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47044 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47045 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47046 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H * CVE-2021-47049 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47051 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47055 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47056 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47058 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H * CVE-2021-47061 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47063 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47065 ( SUSE ): 6.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2021-47068 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47069 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47070 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47071 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-47073 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47077 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47082 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47087 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2021-47095 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47097 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-47100 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47101 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2021-47109 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47110 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47112 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2021-47114 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47117 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47118 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47119 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47130 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47136 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2021-47137 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2021-47138 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2021-47139 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47141 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47142 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47144 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47150 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47153 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47160 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47161 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47164 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47164 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47165 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47166 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47167 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47168 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47169 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47170 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47171 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47173 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47173 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47174 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47175 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47176 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47177 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47179 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47179 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47180 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47181 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47189 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-0487 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-0487 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48626 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2022-48626 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0160 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0160 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1192 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28746 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2023-35827 ( SUSE ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-35827 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52454 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52469 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-52469 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52470 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52470 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52474 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-52474 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52476 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52477 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52492 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52500 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-52508 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52509 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-52572 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N * CVE-2023-52575 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52583 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52590 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2023-52591 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-52607 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52628 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6270 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6270 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6356 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6356 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6535 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6535 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6536 ( SUSE ): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-6536 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-7042 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-7042 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-7192 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-7192 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-22099 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-22099 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26600 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26600 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26614 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26642 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26704 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26733 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 157 vulnerabilities, contains five features and has four security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557). * CVE-2021-46911: Fixed kernel panic (bsc#1220400). * CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465). * CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432). * CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429). * CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414). * CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426). * CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475). * CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). * CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). * CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). * CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516). * CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734). * CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529). * CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697). * CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621). * CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663). * CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639). * CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706). * CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670). * CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677). * CVE-2021-47009: Fixed memory leak on object td (bsc#1220733). * CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630). * CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678). * CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685). * CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688). * CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753). * CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759). * CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758). * CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). * CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). * CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). * CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). * CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). * CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534). * CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552). * CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932). * CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973). * CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974). * CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978). * CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990). * CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003). * CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). * CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). * CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). * CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). * CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). * CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). * CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). * CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). * CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). * CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). * CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). * CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). * CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). * CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). * CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). * CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). * CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). * CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). * CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). * CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). * CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). * CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). * CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). * CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). * CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). * CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). * CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). The following non-security bugs were fixed: * fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264). * tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). * group-source-files.pl: Quote filenames (boo#1221077). * kernel-binary: certs: Avoid trailing space * mm: fix gup_pud_range (bsc#1220824). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1489=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-1489=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-1489=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1489=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-1489=1 * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-1489=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2024-1489=1 * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2024-1489=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1489=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1489=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-default-devel-5.3.18-150300.59.158.1 * kernel-syms-5.3.18-150300.59.158.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-default-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-obs-build-debugsource-5.3.18-150300.59.158.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.158.1 * kernel-devel-5.3.18-150300.59.158.1 * kernel-macros-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-devel-5.3.18-150300.59.158.1 * kernel-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-debugsource-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.158.1 * kernel-64kb-devel-5.3.18-150300.59.158.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-debuginfo-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.158.1 * kernel-preempt-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-default-devel-5.3.18-150300.59.158.1 * kernel-preempt-debugsource-5.3.18-150300.59.158.1 * kernel-syms-5.3.18-150300.59.158.1 * kernel-preempt-devel-5.3.18-150300.59.158.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-default-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-debugsource-5.3.18-150300.59.158.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-source-5.3.18-150300.59.158.1 * kernel-devel-5.3.18-150300.59.158.1 * kernel-macros-5.3.18-150300.59.158.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (noarch) * kernel-devel-5.3.18-150300.59.158.1 * kernel-docs-html-5.3.18-150300.59.158.1 * kernel-source-vanilla-5.3.18-150300.59.158.1 * kernel-source-5.3.18-150300.59.158.1 * kernel-macros-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (nosrc ppc64le x86_64) * kernel-kvmsmall-5.3.18-150300.59.158.1 * kernel-debug-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (ppc64le x86_64) * kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-debug-devel-5.3.18-150300.59.158.1 * kernel-kvmsmall-debugsource-5.3.18-150300.59.158.1 * kernel-debug-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-debug-debugsource-5.3.18-150300.59.158.1 * kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.158.1 * kernel-kvmsmall-devel-5.3.18-150300.59.158.1 * kernel-debug-debuginfo-5.3.18-150300.59.158.1 * kernel-kvmsmall-debuginfo-5.3.18-150300.59.158.1 * kernel-debug-livepatch-devel-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * kselftests-kmp-default-5.3.18-150300.59.158.1 * dlm-kmp-default-5.3.18-150300.59.158.1 * cluster-md-kmp-default-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-default-extra-debuginfo-5.3.18-150300.59.158.1 * kernel-default-livepatch-5.3.18-150300.59.158.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-qa-5.3.18-150300.59.158.1 * kernel-default-devel-5.3.18-150300.59.158.1 * kernel-syms-5.3.18-150300.59.158.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-optional-debuginfo-5.3.18-150300.59.158.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-debugsource-5.3.18-150300.59.158.1 * gfs2-kmp-default-5.3.18-150300.59.158.1 * kernel-default-livepatch-devel-5.3.18-150300.59.158.1 * kernel-default-extra-5.3.18-150300.59.158.1 * kselftests-kmp-default-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-default-5.3.18-150300.59.158.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.158.1 * ocfs2-kmp-default-5.3.18-150300.59.158.1 * kernel-default-base-rebuild-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-default-optional-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-5.3.18-150300.59.158.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP3_Update_43-debugsource-1-150300.7.3.5 * kernel-livepatch-5_3_18-150300_59_158-default-1-150300.7.3.5 * kernel-livepatch-5_3_18-150300_59_158-default-debuginfo-1-150300.7.3.5 * openSUSE Leap 15.3 (x86_64) * kernel-livepatch-5_3_18-150300_59_158-preempt-1-150300.7.3.5 * kernel-livepatch-5_3_18-150300_59_158-preempt-debuginfo-1-150300.7.3.5 * openSUSE Leap 15.3 (aarch64 x86_64) * reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-livepatch-devel-5.3.18-150300.59.158.1 * kselftests-kmp-preempt-5.3.18-150300.59.158.1 * dlm-kmp-preempt-5.3.18-150300.59.158.1 * kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-optional-debuginfo-5.3.18-150300.59.158.1 * ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * ocfs2-kmp-preempt-5.3.18-150300.59.158.1 * kernel-preempt-debugsource-5.3.18-150300.59.158.1 * kernel-preempt-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-preempt-5.3.18-150300.59.158.1 * kernel-preempt-extra-5.3.18-150300.59.158.1 * gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * cluster-md-kmp-preempt-5.3.18-150300.59.158.1 * cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-optional-5.3.18-150300.59.158.1 * kernel-preempt-devel-5.3.18-150300.59.158.1 * dlm-kmp-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-extra-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.158.1 * gfs2-kmp-preempt-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.158.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (nosrc) * dtb-aarch64-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (aarch64) * gfs2-kmp-64kb-5.3.18-150300.59.158.1 * dtb-al-5.3.18-150300.59.158.1 * dtb-xilinx-5.3.18-150300.59.158.1 * ocfs2-kmp-64kb-5.3.18-150300.59.158.1 * dtb-marvell-5.3.18-150300.59.158.1 * kernel-64kb-extra-5.3.18-150300.59.158.1 * kselftests-kmp-64kb-5.3.18-150300.59.158.1 * dtb-freescale-5.3.18-150300.59.158.1 * dtb-exynos-5.3.18-150300.59.158.1 * dtb-rockchip-5.3.18-150300.59.158.1 * dtb-broadcom-5.3.18-150300.59.158.1 * dtb-arm-5.3.18-150300.59.158.1 * dtb-mediatek-5.3.18-150300.59.158.1 * dlm-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-devel-5.3.18-150300.59.158.1 * kernel-64kb-optional-5.3.18-150300.59.158.1 * dtb-cavium-5.3.18-150300.59.158.1 * dtb-renesas-5.3.18-150300.59.158.1 * dtb-socionext-5.3.18-150300.59.158.1 * cluster-md-kmp-64kb-5.3.18-150300.59.158.1 * kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-debugsource-5.3.18-150300.59.158.1 * dtb-amlogic-5.3.18-150300.59.158.1 * dtb-apm-5.3.18-150300.59.158.1 * dtb-allwinner-5.3.18-150300.59.158.1 * gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-extra-debuginfo-5.3.18-150300.59.158.1 * dtb-sprd-5.3.18-150300.59.158.1 * dtb-qcom-5.3.18-150300.59.158.1 * dtb-lg-5.3.18-150300.59.158.1 * kernel-64kb-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-64kb-5.3.18-150300.59.158.1 * ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * dtb-altera-5.3.18-150300.59.158.1 * dtb-nvidia-5.3.18-150300.59.158.1 * cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-livepatch-devel-5.3.18-150300.59.158.1 * dtb-hisilicon-5.3.18-150300.59.158.1 * dtb-zte-5.3.18-150300.59.158.1 * dlm-kmp-64kb-5.3.18-150300.59.158.1 * kernel-64kb-optional-debuginfo-5.3.18-150300.59.158.1 * dtb-amd-5.3.18-150300.59.158.1 * openSUSE Leap 15.3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-livepatch-5.3.18-150300.59.158.1 * kernel-livepatch-5_3_18-150300_59_158-default-1-150300.7.3.5 * kernel-default-livepatch-devel-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * ocfs2-kmp-default-5.3.18-150300.59.158.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * dlm-kmp-default-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * cluster-md-kmp-default-5.3.18-150300.59.158.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.158.1 * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.158.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.158.1 * gfs2-kmp-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.158.1 * kernel-64kb-devel-5.3.18-150300.59.158.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-debuginfo-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.158.1 * kernel-preempt-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-default-devel-5.3.18-150300.59.158.1 * kernel-preempt-debugsource-5.3.18-150300.59.158.1 * kernel-syms-5.3.18-150300.59.158.1 * kernel-preempt-devel-5.3.18-150300.59.158.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-default-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-debugsource-5.3.18-150300.59.158.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.158.1 * kernel-devel-5.3.18-150300.59.158.1 * kernel-macros-5.3.18-150300.59.158.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debugsource-5.3.18-150300.59.158.1 * kernel-64kb-devel-5.3.18-150300.59.158.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-64kb-debuginfo-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.3.18-150300.59.158.1 * kernel-syms-5.3.18-150300.59.158.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.158.1 * reiserfs-kmp-default-5.3.18-150300.59.158.1 * kernel-default-debuginfo-5.3.18-150300.59.158.1 * kernel-obs-build-5.3.18-150300.59.158.1 * kernel-default-debugsource-5.3.18-150300.59.158.1 * kernel-default-base-5.3.18-150300.59.158.1.150300.18.92.5 * kernel-obs-build-debugsource-5.3.18-150300.59.158.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-source-5.3.18-150300.59.158.1 * kernel-devel-5.3.18-150300.59.158.1 * kernel-macros-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-devel-5.3.18-150300.59.158.1 * kernel-preempt-debuginfo-5.3.18-150300.59.158.1 * kernel-preempt-debugsource-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.158.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debugsource-5.3.18-150300.59.158.1 * kernel-zfcpdump-debuginfo-5.3.18-150300.59.158.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36780.html * https://www.suse.com/security/cve/CVE-2020-36781.html * https://www.suse.com/security/cve/CVE-2020-36782.html * https://www.suse.com/security/cve/CVE-2020-36783.html * https://www.suse.com/security/cve/CVE-2021-23134.html * https://www.suse.com/security/cve/CVE-2021-29155.html * https://www.suse.com/security/cve/CVE-2021-46908.html * https://www.suse.com/security/cve/CVE-2021-46909.html * https://www.suse.com/security/cve/CVE-2021-46911.html * https://www.suse.com/security/cve/CVE-2021-46914.html * https://www.suse.com/security/cve/CVE-2021-46917.html * https://www.suse.com/security/cve/CVE-2021-46918.html * https://www.suse.com/security/cve/CVE-2021-46919.html * https://www.suse.com/security/cve/CVE-2021-46920.html * https://www.suse.com/security/cve/CVE-2021-46921.html * https://www.suse.com/security/cve/CVE-2021-46922.html * https://www.suse.com/security/cve/CVE-2021-46930.html * https://www.suse.com/security/cve/CVE-2021-46931.html * https://www.suse.com/security/cve/CVE-2021-46933.html * https://www.suse.com/security/cve/CVE-2021-46938.html * https://www.suse.com/security/cve/CVE-2021-46939.html * https://www.suse.com/security/cve/CVE-2021-46943.html * https://www.suse.com/security/cve/CVE-2021-46944.html * https://www.suse.com/security/cve/CVE-2021-46950.html * https://www.suse.com/security/cve/CVE-2021-46951.html * https://www.suse.com/security/cve/CVE-2021-46956.html * https://www.suse.com/security/cve/CVE-2021-46958.html * https://www.suse.com/security/cve/CVE-2021-46959.html * https://www.suse.com/security/cve/CVE-2021-46960.html * https://www.suse.com/security/cve/CVE-2021-46961.html * https://www.suse.com/security/cve/CVE-2021-46962.html * https://www.suse.com/security/cve/CVE-2021-46963.html * https://www.suse.com/security/cve/CVE-2021-46971.html * https://www.suse.com/security/cve/CVE-2021-46976.html * https://www.suse.com/security/cve/CVE-2021-46980.html * https://www.suse.com/security/cve/CVE-2021-46981.html * https://www.suse.com/security/cve/CVE-2021-46983.html * https://www.suse.com/security/cve/CVE-2021-46984.html * https://www.suse.com/security/cve/CVE-2021-46988.html * https://www.suse.com/security/cve/CVE-2021-46990.html * https://www.suse.com/security/cve/CVE-2021-46991.html * https://www.suse.com/security/cve/CVE-2021-46992.html * https://www.suse.com/security/cve/CVE-2021-46998.html * https://www.suse.com/security/cve/CVE-2021-47000.html * https://www.suse.com/security/cve/CVE-2021-47001.html * https://www.suse.com/security/cve/CVE-2021-47003.html * https://www.suse.com/security/cve/CVE-2021-47006.html * https://www.suse.com/security/cve/CVE-2021-47009.html * https://www.suse.com/security/cve/CVE-2021-47013.html * https://www.suse.com/security/cve/CVE-2021-47014.html * https://www.suse.com/security/cve/CVE-2021-47015.html * https://www.suse.com/security/cve/CVE-2021-47017.html * https://www.suse.com/security/cve/CVE-2021-47020.html * https://www.suse.com/security/cve/CVE-2021-47026.html * https://www.suse.com/security/cve/CVE-2021-47034.html * https://www.suse.com/security/cve/CVE-2021-47035.html * https://www.suse.com/security/cve/CVE-2021-47038.html * https://www.suse.com/security/cve/CVE-2021-47044.html * https://www.suse.com/security/cve/CVE-2021-47045.html * https://www.suse.com/security/cve/CVE-2021-47046.html * https://www.suse.com/security/cve/CVE-2021-47049.html * https://www.suse.com/security/cve/CVE-2021-47051.html * https://www.suse.com/security/cve/CVE-2021-47055.html * https://www.suse.com/security/cve/CVE-2021-47056.html * https://www.suse.com/security/cve/CVE-2021-47058.html * https://www.suse.com/security/cve/CVE-2021-47061.html * https://www.suse.com/security/cve/CVE-2021-47063.html * https://www.suse.com/security/cve/CVE-2021-47065.html * https://www.suse.com/security/cve/CVE-2021-47068.html * https://www.suse.com/security/cve/CVE-2021-47069.html * https://www.suse.com/security/cve/CVE-2021-47070.html * https://www.suse.com/security/cve/CVE-2021-47071.html * https://www.suse.com/security/cve/CVE-2021-47073.html * https://www.suse.com/security/cve/CVE-2021-47077.html * https://www.suse.com/security/cve/CVE-2021-47082.html * https://www.suse.com/security/cve/CVE-2021-47087.html * https://www.suse.com/security/cve/CVE-2021-47095.html * https://www.suse.com/security/cve/CVE-2021-47097.html * https://www.suse.com/security/cve/CVE-2021-47100.html * https://www.suse.com/security/cve/CVE-2021-47101.html * https://www.suse.com/security/cve/CVE-2021-47109.html * https://www.suse.com/security/cve/CVE-2021-47110.html * https://www.suse.com/security/cve/CVE-2021-47112.html * https://www.suse.com/security/cve/CVE-2021-47114.html * https://www.suse.com/security/cve/CVE-2021-47117.html * https://www.suse.com/security/cve/CVE-2021-47118.html * https://www.suse.com/security/cve/CVE-2021-47119.html * https://www.suse.com/security/cve/CVE-2021-47120.html * https://www.suse.com/security/cve/CVE-2021-47130.html * https://www.suse.com/security/cve/CVE-2021-47136.html * https://www.suse.com/security/cve/CVE-2021-47137.html * https://www.suse.com/security/cve/CVE-2021-47138.html * https://www.suse.com/security/cve/CVE-2021-47139.html * https://www.suse.com/security/cve/CVE-2021-47141.html * https://www.suse.com/security/cve/CVE-2021-47142.html * https://www.suse.com/security/cve/CVE-2021-47144.html * https://www.suse.com/security/cve/CVE-2021-47150.html * https://www.suse.com/security/cve/CVE-2021-47153.html * https://www.suse.com/security/cve/CVE-2021-47160.html * https://www.suse.com/security/cve/CVE-2021-47161.html * https://www.suse.com/security/cve/CVE-2021-47164.html * https://www.suse.com/security/cve/CVE-2021-47165.html * https://www.suse.com/security/cve/CVE-2021-47166.html * https://www.suse.com/security/cve/CVE-2021-47167.html * https://www.suse.com/security/cve/CVE-2021-47168.html * https://www.suse.com/security/cve/CVE-2021-47169.html * https://www.suse.com/security/cve/CVE-2021-47170.html * https://www.suse.com/security/cve/CVE-2021-47171.html * https://www.suse.com/security/cve/CVE-2021-47172.html * https://www.suse.com/security/cve/CVE-2021-47173.html * https://www.suse.com/security/cve/CVE-2021-47174.html * https://www.suse.com/security/cve/CVE-2021-47175.html * https://www.suse.com/security/cve/CVE-2021-47176.html * https://www.suse.com/security/cve/CVE-2021-47177.html * https://www.suse.com/security/cve/CVE-2021-47179.html * https://www.suse.com/security/cve/CVE-2021-47180.html * https://www.suse.com/security/cve/CVE-2021-47181.html * https://www.suse.com/security/cve/CVE-2021-47183.html * https://www.suse.com/security/cve/CVE-2021-47185.html * https://www.suse.com/security/cve/CVE-2021-47189.html * https://www.suse.com/security/cve/CVE-2022-0487.html * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2022-48626.html * https://www.suse.com/security/cve/CVE-2023-0160.html * https://www.suse.com/security/cve/CVE-2023-1192.html * https://www.suse.com/security/cve/CVE-2023-28746.html * https://www.suse.com/security/cve/CVE-2023-35827.html * https://www.suse.com/security/cve/CVE-2023-52454.html * https://www.suse.com/security/cve/CVE-2023-52469.html * https://www.suse.com/security/cve/CVE-2023-52470.html * https://www.suse.com/security/cve/CVE-2023-52474.html * https://www.suse.com/security/cve/CVE-2023-52476.html * https://www.suse.com/security/cve/CVE-2023-52477.html * https://www.suse.com/security/cve/CVE-2023-52492.html * https://www.suse.com/security/cve/CVE-2023-52500.html * https://www.suse.com/security/cve/CVE-2023-52508.html * https://www.suse.com/security/cve/CVE-2023-52509.html * https://www.suse.com/security/cve/CVE-2023-52572.html * https://www.suse.com/security/cve/CVE-2023-52575.html * https://www.suse.com/security/cve/CVE-2023-52583.html * https://www.suse.com/security/cve/CVE-2023-52590.html * https://www.suse.com/security/cve/CVE-2023-52591.html * https://www.suse.com/security/cve/CVE-2023-52607.html * https://www.suse.com/security/cve/CVE-2023-52628.html * https://www.suse.com/security/cve/CVE-2023-6270.html * https://www.suse.com/security/cve/CVE-2023-6356.html * https://www.suse.com/security/cve/CVE-2023-6531.html * https://www.suse.com/security/cve/CVE-2023-6535.html * https://www.suse.com/security/cve/CVE-2023-6536.html * https://www.suse.com/security/cve/CVE-2023-7042.html * https://www.suse.com/security/cve/CVE-2023-7192.html * https://www.suse.com/security/cve/CVE-2024-22099.html * https://www.suse.com/security/cve/CVE-2024-26600.html * https://www.suse.com/security/cve/CVE-2024-26614.html * https://www.suse.com/security/cve/CVE-2024-26642.html * https://www.suse.com/security/cve/CVE-2024-26704.html * https://www.suse.com/security/cve/CVE-2024-26733.html * https://bugzilla.suse.com/show_bug.cgi?id=1184942 * https://bugzilla.suse.com/show_bug.cgi?id=1186060 * https://bugzilla.suse.com/show_bug.cgi?id=1192145 * https://bugzilla.suse.com/show_bug.cgi?id=1194516 * https://bugzilla.suse.com/show_bug.cgi?id=1208995 * https://bugzilla.suse.com/show_bug.cgi?id=1209635 * https://bugzilla.suse.com/show_bug.cgi?id=1209657 * https://bugzilla.suse.com/show_bug.cgi?id=1212514 * https://bugzilla.suse.com/show_bug.cgi?id=1213456 * https://bugzilla.suse.com/show_bug.cgi?id=1217987 * https://bugzilla.suse.com/show_bug.cgi?id=1217988 * https://bugzilla.suse.com/show_bug.cgi?id=1217989 * https://bugzilla.suse.com/show_bug.cgi?id=1218336 * https://bugzilla.suse.com/show_bug.cgi?id=1218447 * https://bugzilla.suse.com/show_bug.cgi?id=1218479 * https://bugzilla.suse.com/show_bug.cgi?id=1218562 * https://bugzilla.suse.com/show_bug.cgi?id=1219170 * https://bugzilla.suse.com/show_bug.cgi?id=1219264 * https://bugzilla.suse.com/show_bug.cgi?id=1220320 * https://bugzilla.suse.com/show_bug.cgi?id=1220340 * https://bugzilla.suse.com/show_bug.cgi?id=1220366 * https://bugzilla.suse.com/show_bug.cgi?id=1220400 * https://bugzilla.suse.com/show_bug.cgi?id=1220411 * https://bugzilla.suse.com/show_bug.cgi?id=1220413 * https://bugzilla.suse.com/show_bug.cgi?id=1220414 * https://bugzilla.suse.com/show_bug.cgi?id=1220425 * https://bugzilla.suse.com/show_bug.cgi?id=1220426 * https://bugzilla.suse.com/show_bug.cgi?id=1220429 * https://bugzilla.suse.com/show_bug.cgi?id=1220432 * https://bugzilla.suse.com/show_bug.cgi?id=1220442 * https://bugzilla.suse.com/show_bug.cgi?id=1220445 * https://bugzilla.suse.com/show_bug.cgi?id=1220465 * https://bugzilla.suse.com/show_bug.cgi?id=1220468 * https://bugzilla.suse.com/show_bug.cgi?id=1220475 * https://bugzilla.suse.com/show_bug.cgi?id=1220484 * https://bugzilla.suse.com/show_bug.cgi?id=1220486 * https://bugzilla.suse.com/show_bug.cgi?id=1220487 * https://bugzilla.suse.com/show_bug.cgi?id=1220516 * https://bugzilla.suse.com/show_bug.cgi?id=1220521 * https://bugzilla.suse.com/show_bug.cgi?id=1220528 * https://bugzilla.suse.com/show_bug.cgi?id=1220529 * https://bugzilla.suse.com/show_bug.cgi?id=1220532 * https://bugzilla.suse.com/show_bug.cgi?id=1220554 * https://bugzilla.suse.com/show_bug.cgi?id=1220556 * https://bugzilla.suse.com/show_bug.cgi?id=1220557 * https://bugzilla.suse.com/show_bug.cgi?id=1220560 * https://bugzilla.suse.com/show_bug.cgi?id=1220561 * https://bugzilla.suse.com/show_bug.cgi?id=1220566 * https://bugzilla.suse.com/show_bug.cgi?id=1220575 * https://bugzilla.suse.com/show_bug.cgi?id=1220580 * https://bugzilla.suse.com/show_bug.cgi?id=1220583 * https://bugzilla.suse.com/show_bug.cgi?id=1220611 * https://bugzilla.suse.com/show_bug.cgi?id=1220615 * https://bugzilla.suse.com/show_bug.cgi?id=1220621 * https://bugzilla.suse.com/show_bug.cgi?id=1220625 * https://bugzilla.suse.com/show_bug.cgi?id=1220630 * https://bugzilla.suse.com/show_bug.cgi?id=1220631 * https://bugzilla.suse.com/show_bug.cgi?id=1220638 * https://bugzilla.suse.com/show_bug.cgi?id=1220639 * https://bugzilla.suse.com/show_bug.cgi?id=1220640 * https://bugzilla.suse.com/show_bug.cgi?id=1220641 * https://bugzilla.suse.com/show_bug.cgi?id=1220662 * https://bugzilla.suse.com/show_bug.cgi?id=1220663 * https://bugzilla.suse.com/show_bug.cgi?id=1220669 * https://bugzilla.suse.com/show_bug.cgi?id=1220670 * https://bugzilla.suse.com/show_bug.cgi?id=1220677 * https://bugzilla.suse.com/show_bug.cgi?id=1220678 * https://bugzilla.suse.com/show_bug.cgi?id=1220685 * https://bugzilla.suse.com/show_bug.cgi?id=1220687 * https://bugzilla.suse.com/show_bug.cgi?id=1220688 * https://bugzilla.suse.com/show_bug.cgi?id=1220692 * https://bugzilla.suse.com/show_bug.cgi?id=1220697 * https://bugzilla.suse.com/show_bug.cgi?id=1220703 * https://bugzilla.suse.com/show_bug.cgi?id=1220706 * https://bugzilla.suse.com/show_bug.cgi?id=1220733 * https://bugzilla.suse.com/show_bug.cgi?id=1220734 * https://bugzilla.suse.com/show_bug.cgi?id=1220739 * https://bugzilla.suse.com/show_bug.cgi?id=1220743 * https://bugzilla.suse.com/show_bug.cgi?id=1220745 * https://bugzilla.suse.com/show_bug.cgi?id=1220749 * https://bugzilla.suse.com/show_bug.cgi?id=1220751 * https://bugzilla.suse.com/show_bug.cgi?id=1220753 * https://bugzilla.suse.com/show_bug.cgi?id=1220758 * https://bugzilla.suse.com/show_bug.cgi?id=1220759 * https://bugzilla.suse.com/show_bug.cgi?id=1220764 * https://bugzilla.suse.com/show_bug.cgi?id=1220768 * https://bugzilla.suse.com/show_bug.cgi?id=1220769 * https://bugzilla.suse.com/show_bug.cgi?id=1220777 * https://bugzilla.suse.com/show_bug.cgi?id=1220779 * https://bugzilla.suse.com/show_bug.cgi?id=1220785 * https://bugzilla.suse.com/show_bug.cgi?id=1220790 * https://bugzilla.suse.com/show_bug.cgi?id=1220794 * https://bugzilla.suse.com/show_bug.cgi?id=1220824 * https://bugzilla.suse.com/show_bug.cgi?id=1220826 * https://bugzilla.suse.com/show_bug.cgi?id=1220829 * https://bugzilla.suse.com/show_bug.cgi?id=1220836 * https://bugzilla.suse.com/show_bug.cgi?id=1220846 * https://bugzilla.suse.com/show_bug.cgi?id=1220850 * https://bugzilla.suse.com/show_bug.cgi?id=1220861 * https://bugzilla.suse.com/show_bug.cgi?id=1220871 * https://bugzilla.suse.com/show_bug.cgi?id=1220883 * https://bugzilla.suse.com/show_bug.cgi?id=1220946 * https://bugzilla.suse.com/show_bug.cgi?id=1220954 * https://bugzilla.suse.com/show_bug.cgi?id=1220969 * https://bugzilla.suse.com/show_bug.cgi?id=1220979 * https://bugzilla.suse.com/show_bug.cgi?id=1220982 * https://bugzilla.suse.com/show_bug.cgi?id=1220985 * https://bugzilla.suse.com/show_bug.cgi?id=1220987 * https://bugzilla.suse.com/show_bug.cgi?id=1221015 * https://bugzilla.suse.com/show_bug.cgi?id=1221044 * https://bugzilla.suse.com/show_bug.cgi?id=1221058 * https://bugzilla.suse.com/show_bug.cgi?id=1221061 * https://bugzilla.suse.com/show_bug.cgi?id=1221077 * https://bugzilla.suse.com/show_bug.cgi?id=1221088 * https://bugzilla.suse.com/show_bug.cgi?id=1221276 * https://bugzilla.suse.com/show_bug.cgi?id=1221293 * https://bugzilla.suse.com/show_bug.cgi?id=1221532 * https://bugzilla.suse.com/show_bug.cgi?id=1221534 * https://bugzilla.suse.com/show_bug.cgi?id=1221541 * https://bugzilla.suse.com/show_bug.cgi?id=1221548 * https://bugzilla.suse.com/show_bug.cgi?id=1221552 * https://bugzilla.suse.com/show_bug.cgi?id=1221575 * https://bugzilla.suse.com/show_bug.cgi?id=1221605 * https://bugzilla.suse.com/show_bug.cgi?id=1221606 * https://bugzilla.suse.com/show_bug.cgi?id=1221608 * https://bugzilla.suse.com/show_bug.cgi?id=1221830 * https://bugzilla.suse.com/show_bug.cgi?id=1221931 * https://bugzilla.suse.com/show_bug.cgi?id=1221932 * https://bugzilla.suse.com/show_bug.cgi?id=1221934 * https://bugzilla.suse.com/show_bug.cgi?id=1221935 * https://bugzilla.suse.com/show_bug.cgi?id=1221949 * https://bugzilla.suse.com/show_bug.cgi?id=1221952 * https://bugzilla.suse.com/show_bug.cgi?id=1221965 * https://bugzilla.suse.com/show_bug.cgi?id=1221966 * https://bugzilla.suse.com/show_bug.cgi?id=1221969 * https://bugzilla.suse.com/show_bug.cgi?id=1221973 * https://bugzilla.suse.com/show_bug.cgi?id=1221974 * https://bugzilla.suse.com/show_bug.cgi?id=1221978 * https://bugzilla.suse.com/show_bug.cgi?id=1221989 * https://bugzilla.suse.com/show_bug.cgi?id=1221990 * https://bugzilla.suse.com/show_bug.cgi?id=1221991 * https://bugzilla.suse.com/show_bug.cgi?id=1221992 * https://bugzilla.suse.com/show_bug.cgi?id=1221993 * https://bugzilla.suse.com/show_bug.cgi?id=1221994 * https://bugzilla.suse.com/show_bug.cgi?id=1221996 * https://bugzilla.suse.com/show_bug.cgi?id=1221997 * https://bugzilla.suse.com/show_bug.cgi?id=1221998 * https://bugzilla.suse.com/show_bug.cgi?id=1221999 * https://bugzilla.suse.com/show_bug.cgi?id=1222000 * https://bugzilla.suse.com/show_bug.cgi?id=1222001 * https://bugzilla.suse.com/show_bug.cgi?id=1222002 * https://bugzilla.suse.com/show_bug.cgi?id=1222003 * https://bugzilla.suse.com/show_bug.cgi?id=1222004 * https://bugzilla.suse.com/show_bug.cgi?id=1222117 * https://bugzilla.suse.com/show_bug.cgi?id=1222422 * https://bugzilla.suse.com/show_bug.cgi?id=1222585 * https://bugzilla.suse.com/show_bug.cgi?id=1222619 * https://bugzilla.suse.com/show_bug.cgi?id=1222660 * https://bugzilla.suse.com/show_bug.cgi?id=1222664 * https://bugzilla.suse.com/show_bug.cgi?id=1222669 * https://bugzilla.suse.com/show_bug.cgi?id=1222706 * https://jira.suse.com/browse/PED-5759 * https://jira.suse.com/browse/SLE-13706 * https://jira.suse.com/browse/SLE-15131 * https://jira.suse.com/browse/SLE-15172 * https://jira.suse.com/browse/SLE-15176

1 0

SUSE-SU-2024:1663-1: important: Security update for the Linux Kernel
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for the Linux Kernel Announcement ID: SUSE-SU-2024:1663-1 Rating: important References: * bsc#1141539 * bsc#1177529 * bsc#1190576 * bsc#1192145 * bsc#1192837 * bsc#1193629 * bsc#1196869 * bsc#1200313 * bsc#1201308 * bsc#1201489 * bsc#1203906 * bsc#1203935 * bsc#1204614 * bsc#1207361 * bsc#1211592 * bsc#1213573 * bsc#1217408 * bsc#1218562 * bsc#1218917 * bsc#1219104 * bsc#1219126 * bsc#1219141 * bsc#1219169 * bsc#1219170 * bsc#1219264 * bsc#1220342 * bsc#1220492 * bsc#1220569 * bsc#1220761 * bsc#1220901 * bsc#1220915 * bsc#1220935 * bsc#1221042 * bsc#1221044 * bsc#1221080 * bsc#1221084 * bsc#1221088 * bsc#1221162 * bsc#1221299 * bsc#1221612 * bsc#1221617 * bsc#1221645 * bsc#1221791 * bsc#1221825 * bsc#1222011 * bsc#1222051 * bsc#1222247 * bsc#1222266 * bsc#1222294 * bsc#1222307 * bsc#1222357 * bsc#1222368 * bsc#1222379 * bsc#1222416 * bsc#1222422 * bsc#1222424 * bsc#1222427 * bsc#1222428 * bsc#1222430 * bsc#1222431 * bsc#1222435 * bsc#1222437 * bsc#1222445 * bsc#1222449 * bsc#1222482 * bsc#1222503 * bsc#1222520 * bsc#1222536 * bsc#1222549 * bsc#1222550 * bsc#1222557 * bsc#1222559 * bsc#1222585 * bsc#1222586 * bsc#1222596 * bsc#1222609 * bsc#1222610 * bsc#1222613 * bsc#1222615 * bsc#1222618 * bsc#1222624 * bsc#1222630 * bsc#1222632 * bsc#1222660 * bsc#1222662 * bsc#1222664 * bsc#1222666 * bsc#1222669 * bsc#1222671 * bsc#1222677 * bsc#1222678 * bsc#1222680 * bsc#1222703 * bsc#1222704 * bsc#1222706 * bsc#1222709 * bsc#1222710 * bsc#1222720 * bsc#1222721 * bsc#1222724 * bsc#1222726 * bsc#1222727 * bsc#1222764 * bsc#1222772 * bsc#1222773 * bsc#1222776 * bsc#1222781 * bsc#1222784 * bsc#1222785 * bsc#1222787 * bsc#1222790 * bsc#1222791 * bsc#1222792 * bsc#1222796 * bsc#1222798 * bsc#1222801 * bsc#1222812 * bsc#1222824 * bsc#1222829 * bsc#1222832 * bsc#1222836 * bsc#1222838 * bsc#1222866 * bsc#1222867 * bsc#1222869 * bsc#1222876 * bsc#1222878 * bsc#1222879 * bsc#1222881 * bsc#1222883 * bsc#1222888 * bsc#1222894 * bsc#1222901 * bsc#1222968 * bsc#1223012 * bsc#1223014 * bsc#1223016 * bsc#1223024 * bsc#1223030 * bsc#1223033 * bsc#1223034 * bsc#1223035 * bsc#1223036 * bsc#1223037 * bsc#1223041 * bsc#1223042 * bsc#1223051 * bsc#1223052 * bsc#1223056 * bsc#1223057 * bsc#1223058 * bsc#1223060 * bsc#1223061 * bsc#1223065 * bsc#1223066 * bsc#1223067 * bsc#1223068 * bsc#1223076 * bsc#1223078 * bsc#1223111 * bsc#1223115 * bsc#1223118 * bsc#1223187 * bsc#1223189 * bsc#1223190 * bsc#1223191 * bsc#1223196 * bsc#1223197 * bsc#1223198 * bsc#1223275 * bsc#1223323 * bsc#1223369 * bsc#1223380 * bsc#1223473 * bsc#1223474 * bsc#1223475 * bsc#1223477 * bsc#1223478 * bsc#1223479 * bsc#1223481 * bsc#1223482 * bsc#1223484 * bsc#1223487 * bsc#1223490 * bsc#1223496 * bsc#1223498 * bsc#1223499 * bsc#1223501 * bsc#1223502 * bsc#1223503 * bsc#1223505 * bsc#1223509 * bsc#1223511 * bsc#1223512 * bsc#1223513 * bsc#1223516 * bsc#1223517 * bsc#1223518 * bsc#1223519 * bsc#1223520 * bsc#1223522 * bsc#1223523 * bsc#1223525 * bsc#1223536 * bsc#1223539 * bsc#1223574 * bsc#1223595 * bsc#1223598 * bsc#1223634 * bsc#1223640 * bsc#1223643 * bsc#1223644 * bsc#1223645 * bsc#1223646 * bsc#1223648 * bsc#1223655 * bsc#1223657 * bsc#1223660 * bsc#1223661 * bsc#1223663 * bsc#1223664 * bsc#1223668 * bsc#1223686 * bsc#1223693 * bsc#1223705 * bsc#1223714 * bsc#1223735 * bsc#1223745 * bsc#1223784 * bsc#1223785 * bsc#1223790 * bsc#1223816 * bsc#1223821 * bsc#1223822 * bsc#1223824 * bsc#1223827 * bsc#1223834 * bsc#1223875 * bsc#1223876 * bsc#1223877 * bsc#1223878 * bsc#1223879 * bsc#1223894 * bsc#1223921 * bsc#1223922 * bsc#1223923 * bsc#1223924 * bsc#1223929 * bsc#1223931 * bsc#1223932 * bsc#1223934 * bsc#1223941 * bsc#1223948 * bsc#1223949 * bsc#1223950 * bsc#1223951 * bsc#1223952 * bsc#1223953 * bsc#1223956 * bsc#1223957 * bsc#1223960 * bsc#1223962 * bsc#1223963 * bsc#1223964 * jsc#PED-1166 * jsc#PED-1168 * jsc#PED-1170 * jsc#PED-1218 * jsc#PED-1220 * jsc#PED-1222 * jsc#PED-1223 * jsc#PED-1225 * jsc#PED-1565 * jsc#PED-2849 * jsc#PED-376 * jsc#PED-542 * jsc#PED-7167 * jsc#PED-7619 * jsc#SLE-18378 * jsc#SLE-18383 * jsc#SLE-18385 * jsc#SLE-18978 * jsc#SLE-19249 * jsc#SLE-19253 Cross-References: * CVE-2021-47047 * CVE-2021-47181 * CVE-2021-47182 * CVE-2021-47183 * CVE-2021-47184 * CVE-2021-47185 * CVE-2021-47187 * CVE-2021-47188 * CVE-2021-47189 * CVE-2021-47191 * CVE-2021-47192 * CVE-2021-47193 * CVE-2021-47194 * CVE-2021-47195 * CVE-2021-47196 * CVE-2021-47197 * CVE-2021-47198 * CVE-2021-47199 * CVE-2021-47200 * CVE-2021-47201 * CVE-2021-47202 * CVE-2021-47203 * CVE-2021-47204 * CVE-2021-47205 * CVE-2021-47206 * CVE-2021-47207 * CVE-2021-47209 * CVE-2021-47210 * CVE-2021-47211 * CVE-2021-47212 * CVE-2021-47214 * CVE-2021-47215 * CVE-2021-47216 * CVE-2021-47217 * CVE-2021-47218 * CVE-2021-47219 * CVE-2022-48631 * CVE-2022-48632 * CVE-2022-48634 * CVE-2022-48636 * CVE-2022-48637 * CVE-2022-48638 * CVE-2022-48639 * CVE-2022-48640 * CVE-2022-48642 * CVE-2022-48644 * CVE-2022-48646 * CVE-2022-48647 * CVE-2022-48648 * CVE-2022-48650 * CVE-2022-48651 * CVE-2022-48652 * CVE-2022-48653 * CVE-2022-48654 * CVE-2022-48655 * CVE-2022-48656 * CVE-2022-48657 * CVE-2022-48658 * CVE-2022-48659 * CVE-2022-48660 * CVE-2022-48662 * CVE-2022-48663 * CVE-2022-48667 * CVE-2022-48668 * CVE-2022-48671 * CVE-2022-48672 * CVE-2022-48673 * CVE-2022-48675 * CVE-2022-48686 * CVE-2022-48687 * CVE-2022-48688 * CVE-2022-48690 * CVE-2022-48692 * CVE-2022-48693 * CVE-2022-48694 * CVE-2022-48695 * CVE-2022-48697 * CVE-2022-48698 * CVE-2022-48700 * CVE-2022-48701 * CVE-2022-48702 * CVE-2022-48703 * CVE-2022-48704 * CVE-2023-2860 * CVE-2023-52488 * CVE-2023-52503 * CVE-2023-52561 * CVE-2023-52585 * CVE-2023-52589 * CVE-2023-52590 * CVE-2023-52591 * CVE-2023-52593 * CVE-2023-52614 * CVE-2023-52616 * CVE-2023-52620 * CVE-2023-52627 * CVE-2023-52635 * CVE-2023-52636 * CVE-2023-52645 * CVE-2023-52652 * CVE-2023-6270 * CVE-2024-0639 * CVE-2024-0841 * CVE-2024-22099 * CVE-2024-23307 * CVE-2024-23848 * CVE-2024-23850 * CVE-2024-26601 * CVE-2024-26610 * CVE-2024-26656 * CVE-2024-26660 * CVE-2024-26671 * CVE-2024-26673 * CVE-2024-26675 * CVE-2024-26680 * CVE-2024-26681 * CVE-2024-26684 * CVE-2024-26685 * CVE-2024-26687 * CVE-2024-26688 * CVE-2024-26689 * CVE-2024-26696 * CVE-2024-26697 * CVE-2024-26702 * CVE-2024-26704 * CVE-2024-26718 * CVE-2024-26722 * CVE-2024-26727 * CVE-2024-26733 * CVE-2024-26736 * CVE-2024-26737 * CVE-2024-26739 * CVE-2024-26743 * CVE-2024-26744 * CVE-2024-26745 * CVE-2024-26747 * CVE-2024-26749 * CVE-2024-26751 * CVE-2024-26754 * CVE-2024-26760 * CVE-2024-267600 * CVE-2024-26763 * CVE-2024-26764 * CVE-2024-26766 * CVE-2024-26769 * CVE-2024-26771 * CVE-2024-26772 * CVE-2024-26773 * CVE-2024-26776 * CVE-2024-26779 * CVE-2024-26783 * CVE-2024-26787 * CVE-2024-26790 * CVE-2024-26792 * CVE-2024-26793 * CVE-2024-26798 * CVE-2024-26805 * CVE-2024-26807 * CVE-2024-26816 * CVE-2024-26817 * CVE-2024-26820 * CVE-2024-26825 * CVE-2024-26830 * CVE-2024-26833 * CVE-2024-26836 * CVE-2024-26843 * CVE-2024-26848 * CVE-2024-26852 * CVE-2024-26853 * CVE-2024-26855 * CVE-2024-26856 * CVE-2024-26857 * CVE-2024-26861 * CVE-2024-26862 * CVE-2024-26866 * CVE-2024-26872 * CVE-2024-26875 * CVE-2024-26878 * CVE-2024-26879 * CVE-2024-26881 * CVE-2024-26882 * CVE-2024-26883 * CVE-2024-26884 * CVE-2024-26885 * CVE-2024-26891 * CVE-2024-26893 * CVE-2024-26895 * CVE-2024-26896 * CVE-2024-26897 * CVE-2024-26898 * CVE-2024-26901 * CVE-2024-26903 * CVE-2024-26917 * CVE-2024-26927 * CVE-2024-26948 * CVE-2024-26950 * CVE-2024-26951 * CVE-2024-26955 * CVE-2024-26956 * CVE-2024-26960 * CVE-2024-26965 * CVE-2024-26966 * CVE-2024-26969 * CVE-2024-26970 * CVE-2024-26972 * CVE-2024-26981 * CVE-2024-26982 * CVE-2024-26993 * CVE-2024-27013 * CVE-2024-27014 * CVE-2024-27030 * CVE-2024-27038 * CVE-2024-27039 * CVE-2024-27041 * CVE-2024-27043 * CVE-2024-27046 * CVE-2024-27056 * CVE-2024-27062 * CVE-2024-27389 CVSS scores: * CVE-2021-47047 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H * CVE-2021-47181 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47182 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47183 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47184 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47185 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47188 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47189 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47191 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47192 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47193 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47193 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47194 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47194 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47195 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47195 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47196 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47197 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47198 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47198 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2021-47199 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47200 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47202 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47203 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47204 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47205 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47206 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47207 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47209 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47210 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47211 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47212 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47214 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47216 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2021-47217 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47218 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-47219 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48631 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48632 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48634 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48636 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48637 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48638 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48639 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48640 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48642 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48644 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48646 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48647 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48648 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48650 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48652 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48653 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48654 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2022-48654 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48655 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48655 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48656 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48657 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48658 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48658 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48659 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48659 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48660 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48660 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48662 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48662 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48663 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48667 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2022-48668 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2022-48671 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48671 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48672 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2022-48672 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48673 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48673 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48675 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48675 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48686 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48686 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48687 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2022-48687 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-48688 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48688 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48690 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48692 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48692 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48693 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48693 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48694 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-48695 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48697 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-48698 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48700 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2022-48701 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2022-48702 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2022-48703 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-48704 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2860 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2860 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52488 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52503 ( SUSE ): 4.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-52561 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52585 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52589 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52590 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2023-52591 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-52593 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-52614 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2023-52616 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52620 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52627 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52635 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52636 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52645 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52645 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-52652 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-6270 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-6270 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-0639 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0639 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0841 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-0841 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-22099 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-22099 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-23307 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23307 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-23848 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2024-23848 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-23850 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-23850 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26601 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26601 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26610 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-26656 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26660 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26671 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26673 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26675 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26680 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26681 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26684 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26685 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26687 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26688 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26689 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26696 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26697 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26702 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26704 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26718 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26722 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26727 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26733 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26736 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26737 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26743 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-26744 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26745 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26747 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26749 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-26751 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-26754 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26760 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26763 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2024-26764 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-26766 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26769 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26771 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26772 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26773 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26776 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26779 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26783 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26787 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26790 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26792 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26793 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26798 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26805 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26807 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26816 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-26817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26820 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26825 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26830 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26833 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26836 ( SUSE ): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-26843 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26848 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-26852 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26853 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26855 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26856 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26857 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26861 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26862 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-26866 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26872 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26875 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26878 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26879 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26881 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26881 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26882 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26882 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26883 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26883 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26884 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26884 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26885 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26885 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26891 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26893 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26895 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26896 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26898 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26898 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-26901 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2024-26901 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26903 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26903 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26917 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26927 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26948 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26950 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26951 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26955 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26956 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26960 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26965 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26966 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26969 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26970 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26972 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26981 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-26993 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L * CVE-2024-27013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27013 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27014 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27014 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27030 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2024-27038 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27039 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27041 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27043 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-27046 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27056 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27062 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27389 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Real Time Module 15-SP5 An update that solves 219 vulnerabilities, contains 20 features and has 45 security fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP5 Real Time kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). * CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834). * CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). * CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827). * CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). * CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714). * CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821). * CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816). * CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790). * CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). * CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). * CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). * CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). * CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644). * CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645). * CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646). * CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648). * CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). * CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660). * CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661). * CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). * CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525). * CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). * CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042). * CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196). * CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). * CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). * CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). * CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). * CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041). * CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066). * CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). * CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024). * CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). * CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076). * CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058). * CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052). * CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051). * CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061). * CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). * CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030). * CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). * CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012). * CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812). * CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). * CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). * CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630). * CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428). * CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). * CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772). * CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). * CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). * CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610) * CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726). * CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). * CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720). * CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596). * CVE-2024-267600: Fixed scsi/target/pscsi error case in bio_put() (bsc#1222596). * CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632). * CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724). * CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609). * CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). * CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677). * CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). * CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). * CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536). * CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416). * CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). * CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549). * CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). * CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435). * CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437). * CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). * CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431). * CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427). * CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379). * CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). * CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). * CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266). * CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307). * CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). * CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). * CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). * CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). * CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). * CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). * CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). * CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). * CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). * CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). * CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). * CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247). * CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294). * CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051). * CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825). * CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612). * CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617). * CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042). * CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). * CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). * CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084). * CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080). * CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935). * CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). * CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162). * CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921). * CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505). * CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498). * CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496). * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). * CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478). * CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499). * CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). * CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710). * CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb- audio (bsc#1222869). * CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790). * CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888). * CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) * CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838). * CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832). * CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). * CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). * CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666). * CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). * CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662). * CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). The following non-security bugs were fixed: * ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). * ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). * ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). * ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). * ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). * ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git- fixes). * ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable- fixes). * ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable- fixes). * ALSA: scarlett2: Add correct product series name to messages (stable-fixes). * ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). * ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). * ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). * ASoC: meson: axg-card: make links nonatomic (git-fixes). * ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). * ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). * ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). * ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). * ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). * Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes). * Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). * Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). * Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable- fixes). * Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). * Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). * Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). * Bluetooth: add quirk for broken address properties (git-fixes). * Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable- fixes). * Bluetooth: btintel: Fixe build regression (git-fixes). * Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable- fixes). * Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). * Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). * Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). * Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). * Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes). * HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). * HID: logitech-dj: allow mice to use all types of reports (git-fixes). * HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes). * Input: allocate keycode for Display refresh rate toggle (stable-fixes). * Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails (stable-fixes). * NFC: trf7970a: disable all regulators on removal (git-fixes). * NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791). * PCI/AER: Block runtime suspend when handling errors (git-fixes). * PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes). * PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes). * PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes). * PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes). * PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes). * PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). * RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). * RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes). * RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) * README.BRANCH: Correct email address for Petr Tesarik * README.BRANCH: Remove copy of branch name * Reapply "drm/qxl: simplify qxl_fence_wait" (stable-fixes). * Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default" (stable-fixes). * Revert "drm/qxl: simplify qxl_fence_wait" (git-fixes). * Revert "ice: Fix ice VF reset during iavf initialization (jsc#PED-376)." (bsc#1223275) * Revert "usb: cdc-wdm: close race between read and workqueue" (git-fixes). * Revert "usb: phy: generic: Get the vbus supply" (git-fixes). * USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). * USB: serial: add device ID for VeriFone adapter (stable-fixes). * USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). * USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable- fixes). * USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable- fixes). * USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). * USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). * USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). * USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable- fixes). * USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). * USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). * USB: serial: option: support Quectel EM060K sub-models (stable-fixes). * ahci: asm1064: asm1166: do not limit reported ports (git-fixes). * ahci: asm1064: correct count of reported ports (stable-fixes). * arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) * arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git- fixes) * arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git- fixes) * arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) * arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git- fixes) * arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) * arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) * arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). * ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). * batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). * bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). * bcache: Remove dead references to cache_readaheads (git-fixes). * bcache: Remove unnecessary NULL point check in node allocations (git-fixes). * bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). * bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). * bcache: avoid oversize memory allocation by small stripe_size (git-fixes). * bcache: bset: Fix comment typos (git-fixes). * bcache: check return value from btree_node_alloc_replacement() (git-fixes). * bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes). * bcache: fix error info in register_bcache() (git-fixes). * bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes). * bcache: fixup btree_cache_wait list damage (git-fixes). * bcache: fixup init dirty data errors (git-fixes). * bcache: fixup lock c->root error (git-fixes). * bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git- fixes). * bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes). * bcache: move uapi header bcache.h to bcache code directory (git-fixes). * bcache: prevent potential division by zero error (git-fixes). * bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes). * bcache: remove redundant assignment to variable cur_idx (git-fixes). * bcache: remove the backing_dev_name field from struct cached_dev (git- fixes). * bcache: remove the cache_dev_name field from struct cache (git-fixes). * bcache: remove unnecessary flush_workqueue (git-fixes). * bcache: remove unused bch_mark_cache_readahead function def in stats.h (git- fixes). * bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). * bcache: replace snprintf in show functions with sysfs_emit (git-fixes). * bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). * bcache: use bvec_kmap_local in bch_data_verify (git-fixes). * bcache: use bvec_kmap_local in bio_csum (git-fixes). * bcache: use default_groups in kobj_type (git-fixes). * bcache:: fix repeated words in comments (git-fixes). * ceph: stop copying to iter at EOF on sync reads (bsc#1223068). * ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067). * clk: Get runtime PM before walking tree during disable_unused (git-fixes). * clk: Initialize struct clk_core kref earlier (stable-fixes). * clk: Mark 'all_lists' as const (stable-fixes). * clk: Print an info line before disabling unused clocks (stable-fixes). * clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). * clk: remove extra empty line (stable-fixes). * comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). * dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). * dm cache: add cond_resched() to various workqueue loops (git-fixes). * dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git- fixes). * dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). * dm crypt: avoid accessing uninitialized tasklet (git-fixes). * dm flakey: do not corrupt the zero page (git-fixes). * dm flakey: fix a bug with 32-bit highmem systems (git-fixes). * dm flakey: fix a crash with invalid table line (git-fixes). * dm flakey: fix logic when corrupting a bio (git-fixes). * dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). * dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). * dm integrity: fix out-of-range warning (git-fixes). * dm integrity: reduce vmalloc space footprint on 32-bit architectures (git- fixes). * dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). * dm raid: fix false positive for requeue needed during reshape (git-fixes). * dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git- fixes). * dm stats: check for and propagate alloc_percpu failure (git-fixes). * dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git- fixes). * dm thin metadata: check fail_io before using data_sm (git-fixes). * dm thin: add cond_resched() to various workqueue loops (git-fixes). * dm thin: fix deadlock when swapping to thin device (bsc#1177529). * dm verity: do not perform FEC for failed readahead IO (git-fixes). * dm verity: fix error handling for check_at_most_once on FEC (git-fixes). * dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). * dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). * dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). * dm-raid: fix lockdep waring in "pers->hot_add_disk" (git-fixes). * dm-verity, dm-crypt: align "struct bvec_iter" correctly (git-fixes). * dm-verity: align struct dm_verity_fec_io properly (git-fixes). * dm: add cond_resched() to dm_wq_work() (git-fixes). * dm: call the resume method on internal suspend (git-fixes). * dm: do not lock fs when the map is NULL during suspend or resume (git- fixes). * dm: do not lock fs when the map is NULL in process of resume (git-fixes). * dm: remove flush_scheduled_work() during local_exit() (git-fixes). * dm: send just one event on resize, not two (git-fixes). * dma: xilinx_dpdma: Fix locking (git-fixes). * dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). * dmaengine: owl: fix register access functions (git-fixes). * dmaengine: tegra186: Fix residual calculation (git-fixes). * docs: Document the FAN_FS_ERROR event (stable-fixes). * drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes). * drm/amd/display: Do not recursively call manual trigger programming (stable- fixes). * drm/amd/display: Fix nanosec stat overflow (stable-fixes). * drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). * drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). * drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). * drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). * drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). * drm/amdgpu: always force full reset for SOC21 (stable-fixes). * drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes). * drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). * drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). * drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). * drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). * drm/ast: Fix soft lockup (git-fixes). * drm/client: Fully protect modes[] with dev->mode_config.mutex (stable- fixes). * drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git- fixes). * drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). * drm/i915: Disable port sync when bigjoiner is used (stable-fixes). * drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). * drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834) * drm/panel: ili9341: Respect deferred probe (git-fixes). * drm/panel: ili9341: Use predefined error codes (git-fixes). * drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). * drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). * drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). * drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). * drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). * drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). * drm: nv04: Fix out of bounds access (git-fixes). * drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). * drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable- fixes). * dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574). * fbdev: fix incorrect address computation in deferred IO (git-fixes). * fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). * fbmon: prevent division by zero in fb_videomode_from_videomode() (stable- fixes). * fix build warning * fuse: do not unhash root (bsc#1223951). * fuse: fix root lookup with nonzero generation (bsc#1223950). * hwmon: (amc6821) add of_match table (stable-fixes). * i2c: pxa: hide unused icr_bits[] variable (git-fixes). * i2c: smbus: fix NULL function pointer dereference (git-fixes). * i40e: Fix VF MAC filter removal (git-fixes). * idma64: Do not try to serve interrupts when device is powered off (git- fixes). * iio: accel: mxc4005: Interrupt handling fixes (git-fixes). * iio:imu: adis16475: Fix sync mode setting (git-fixes). * init/main.c: Fix potential static_command_line memory overflow (git-fixes). * iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes). * iommu/amd: Do not block updates to GATag if guest mode is on (git-fixes). * iommu/amd: Fix "Guest Virtual APIC Table Root Pointer" configuration in IRTE (git-fixes). * iommu/amd: Fix domain flush size when syncing iotlb (git-fixes). * iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes). * iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes). * iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes). * iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 (git-fixes). * iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes). * iommu/iova: Fix alloc iova overflows issue (git-fixes). * iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes). * iommu/rockchip: Fix unwind goto issue (git-fixes). * iommu/sprd: Release dma buffer to avoid memory leak (git-fixes). * iommu/vt-d: Allocate local memory for page request queue (git-fixes). * iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes). * iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes). * iommu: Fix error unwind in iommu_group_alloc() (git-fixes). * ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes). * kABI: Adjust trace_iterator.wait_index (git-fixes). * kprobes: Fix double free of kretprobe_holder (bsc#1220901). * kprobes: Fix possible use-after-free issue on kprobe registration (git- fixes). * libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes). * libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes). * livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). * md/raid1: fix choose next idle in read_balance() (git-fixes). * md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes). * md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git- fixes). * media: cec: core: remove length check of Timer Status (stable-fixes). * media: sta2x11: fix irq handler cast (stable-fixes). * mei: me: add arrow lake point H DID (stable-fixes). * mei: me: add arrow lake point S DID (stable-fixes). * mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). * mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473). * mmc: sdhci-msm: pervent access to suspended controller (git-fixes). * mtd: diskonchip: work around ubsan link failure (stable-fixes). * nd_btt: Make BTT lanes preemptible (git-fixes). * net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes). * net: fix a memleak when uncloning an skb dst and its metadata (git-fixes). * net: fix skb leak in __skb_tstamp_tx() (git-fixes). * net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes). * net: mld: fix reference count leak in mld_{query | report}_work() (git- fixes). * net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes). * net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). * net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). * net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). * net: vlan: fix underflow for the real_dev refcnt (git-fixes). * netfilter: br_netfilter: Drop dst references before setting (git-fixes). * netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git- fixes). * netfilter: nft_ct: fix l3num expectations with inet pseudo family (git- fixes). * nfsd: Fixed mount issue with KOTD (bsc#1223380 bsc#1217408 bsc#1223640). * nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). * nilfs2: fix OOB in nilfs_set_de_type (git-fixes). * nilfs2: fix OOB in nilfs_set_de_type (git-fixes). * nouveau: fix function cast warning (git-fixes). * nouveau: fix instmem race condition around ptr stores (git-fixes). * nvdimm/namespace: drop nested variable in create_namespace_pmem() (git- fixes). * nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes). * nvdimm: Fix badblocks clear off-by-one error (git-fixes). * nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes). * nvdimm: Fix firmware activation deadlock scenarios (git-fixes). * nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git- fixes). * pci_iounmap(): Fix MMIO mapping leak (git-fixes). * phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes). * pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). * platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git- fixes). * platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). * powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). * powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900). * powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888). * powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888). * powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). * powerpc: Refactor verification of MSR_RI (bsc#1223191). * printk: Add this_cpu_in_panic() (bsc#1223574). * printk: Adjust mapping for 32bit seq macros (bsc#1223574). * printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574). * printk: Disable passing console lock owner completely during panic() (bsc#1223574). * printk: Drop console_sem during panic (bsc#1223574). * printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574). * printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574). * printk: Wait for all reserved records with pr_flush() (bsc#1223574). * printk: nbcon: Relocate 32bit seq macros (bsc#1223574). * printk: ringbuffer: Clarify special lpos values (bsc#1223574). * printk: ringbuffer: Cleanup reader terminology (bsc#1223574). * printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574). * printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574). * printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574). * pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). * ring-buffer: Do not set shortest_full when full target is hit (git-fixes). * ring-buffer: Fix full_waiters_pending in poll (git-fixes). * ring-buffer: Fix resetting of shortest_full (git-fixes). * ring-buffer: Fix waking up ring buffer readers (git-fixes). * ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). * ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git- fixes). * ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). * s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875). * s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785). * s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877). * s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878). * s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879). * s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784). * s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876). * s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598). * s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595). * s390: Fixed LPM of lpar failure with error HSCLA2CF in 19th loops (jsc#PED-542 git-fixes bsc#1213573 ltc#203238). * s390: Fixed kernel backtrack (bsc#1141539 git-fixes). * serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). * serial: core: Provide port lock wrappers (stable-fixes). * serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes). * serial: mxs-auart: add spinlock around changing cts state (git-fixes). * slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). * speakup: Avoid crash on very long word (git-fixes). * speakup: Fix 8bit characters from direct synth (git-fixes). * tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes). * thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). * thunderbolt: Fix wake configurations after device unplug (stable-fixes). * tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git- fixes). * tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). * tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). * tracing: Remove precision vsnprintf() check from print event (git-fixes). * tracing: Show size of requested perf buffer (git-fixes). * tracing: Use .flush() call to wake up readers (git-fixes). * usb: Disable USB3 LPM at shutdown (stable-fixes). * usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes). * usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). * usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). * usb: gadget: f_fs: Fix a race condition when processing setup packets (git- fixes). * usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). * usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes). * usb: ohci: Prevent missed ohci interrupts (git-fixes). * usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). * usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). * usb: typec: tcpm: Check for port partner validity before consuming it (git- fixes). * usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569). * usb: typec: ucsi: Ack unsupported commands (stable-fixes). * usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). * usb: typec: ucsi: Fix connector check on init (git-fixes). * usb: udc: remove warning when queue disabled ep (stable-fixes). * vdpa/mlx5: Allow CVQ size changes (git-fixes). * virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949). * wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). * wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git- fixes). * wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). * wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable- fixes). * wifi: nl80211: do not free NULL coalescing rule (git-fixes). * x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git- fixes). * x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes). * x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes). * x86/xen: Add some null pointer checking to smp.c (git-fixes). * x86/xen: add CPU dependencies for 32-bit build (git-fixes). * x86/xen: fix percpu vcpu_info allocation (git-fixes). * xen-netback: properly sync TX responses (git-fixes). * xen-netfront: Add missing skb_mark_for_recycle (git-fixes). * xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git- fixes). * xen/xenbus: document will_handle argument for xenbus_watch_path() (git- fixes). * xfrm6: fix inet6_dev refcount underflow problem (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2024-1663=1 openSUSE-SLE-15.5-2024-1663=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-1663=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-1663=1 * SUSE Real Time Module 15-SP5 zypper in -t patch SUSE-SLE-Module-RT-15-SP5-2024-1663=1 ## Package List: * openSUSE Leap 15.5 (noarch) * kernel-devel-rt-5.14.21-150500.13.52.1 * kernel-source-rt-5.14.21-150500.13.52.1 * openSUSE Leap 15.5 (x86_64) * gfs2-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt-extra-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-livepatch-devel-5.14.21-150500.13.52.1 * kernel-livepatch-5_14_21-150500_13_52-rt-1-150500.11.5.1 * reiserfs-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt-optional-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.52.1 * kernel-rt-debugsource-5.14.21-150500.13.52.1 * dlm-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt-optional-5.14.21-150500.13.52.1 * kselftests-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-extra-5.14.21-150500.13.52.1 * kernel-syms-rt-5.14.21-150500.13.52.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-1-150500.11.5.1 * kernel-rt_debug-devel-5.14.21-150500.13.52.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-vdso-5.14.21-150500.13.52.1 * kernel-rt_debug-livepatch-devel-5.14.21-150500.13.52.1 * kernel-rt-debuginfo-5.14.21-150500.13.52.1 * ocfs2-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt-livepatch-5.14.21-150500.13.52.1 * kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-1-150500.11.5.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kselftests-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt-vdso-5.14.21-150500.13.52.1 * cluster-md-kmp-rt-5.14.21-150500.13.52.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-devel-5.14.21-150500.13.52.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.52.1 * reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.52.1 * openSUSE Leap 15.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.52.1 * kernel-rt_debug-5.14.21-150500.13.52.1 * SUSE Linux Enterprise Micro 5.5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.52.1 * SUSE Linux Enterprise Micro 5.5 (x86_64) * kernel-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-debugsource-5.14.21-150500.13.52.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * kernel-source-rt-5.14.21-150500.13.52.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo-1-150500.11.5.1 * kernel-livepatch-5_14_21-150500_13_52-rt-1-150500.11.5.1 * kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource-1-150500.11.5.1 * SUSE Real Time Module 15-SP5 (x86_64) * gfs2-kmp-rt-5.14.21-150500.13.52.1 * kernel-rt_debug-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-debugsource-5.14.21-150500.13.52.1 * kernel-rt-debugsource-5.14.21-150500.13.52.1 * dlm-kmp-rt-5.14.21-150500.13.52.1 * dlm-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-syms-rt-5.14.21-150500.13.52.1 * gfs2-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-devel-5.14.21-150500.13.52.1 * kernel-rt_debug-vdso-5.14.21-150500.13.52.1 * kernel-rt-debuginfo-5.14.21-150500.13.52.1 * ocfs2-kmp-rt-5.14.21-150500.13.52.1 * cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-vdso-5.14.21-150500.13.52.1 * cluster-md-kmp-rt-5.14.21-150500.13.52.1 * ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-devel-5.14.21-150500.13.52.1 * kernel-rt-devel-debuginfo-5.14.21-150500.13.52.1 * kernel-rt-vdso-debuginfo-5.14.21-150500.13.52.1 * kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.52.1 * SUSE Real Time Module 15-SP5 (noarch) * kernel-devel-rt-5.14.21-150500.13.52.1 * kernel-source-rt-5.14.21-150500.13.52.1 * SUSE Real Time Module 15-SP5 (nosrc x86_64) * kernel-rt-5.14.21-150500.13.52.1 * kernel-rt_debug-5.14.21-150500.13.52.1 ## References: * https://www.suse.com/security/cve/CVE-2021-47047.html * https://www.suse.com/security/cve/CVE-2021-47181.html * https://www.suse.com/security/cve/CVE-2021-47182.html * https://www.suse.com/security/cve/CVE-2021-47183.html * https://www.suse.com/security/cve/CVE-2021-47184.html * https://www.suse.com/security/cve/CVE-2021-47185.html * https://www.suse.com/security/cve/CVE-2021-47187.html * https://www.suse.com/security/cve/CVE-2021-47188.html * https://www.suse.com/security/cve/CVE-2021-47189.html * https://www.suse.com/security/cve/CVE-2021-47191.html * https://www.suse.com/security/cve/CVE-2021-47192.html * https://www.suse.com/security/cve/CVE-2021-47193.html * https://www.suse.com/security/cve/CVE-2021-47194.html * https://www.suse.com/security/cve/CVE-2021-47195.html * https://www.suse.com/security/cve/CVE-2021-47196.html * https://www.suse.com/security/cve/CVE-2021-47197.html * https://www.suse.com/security/cve/CVE-2021-47198.html * https://www.suse.com/security/cve/CVE-2021-47199.html * https://www.suse.com/security/cve/CVE-2021-47200.html * https://www.suse.com/security/cve/CVE-2021-47201.html * https://www.suse.com/security/cve/CVE-2021-47202.html * https://www.suse.com/security/cve/CVE-2021-47203.html * https://www.suse.com/security/cve/CVE-2021-47204.html * https://www.suse.com/security/cve/CVE-2021-47205.html * https://www.suse.com/security/cve/CVE-2021-47206.html * https://www.suse.com/security/cve/CVE-2021-47207.html * https://www.suse.com/security/cve/CVE-2021-47209.html * https://www.suse.com/security/cve/CVE-2021-47210.html * https://www.suse.com/security/cve/CVE-2021-47211.html * https://www.suse.com/security/cve/CVE-2021-47212.html * https://www.suse.com/security/cve/CVE-2021-47214.html * https://www.suse.com/security/cve/CVE-2021-47215.html * https://www.suse.com/security/cve/CVE-2021-47216.html * https://www.suse.com/security/cve/CVE-2021-47217.html * https://www.suse.com/security/cve/CVE-2021-47218.html * https://www.suse.com/security/cve/CVE-2021-47219.html * https://www.suse.com/security/cve/CVE-2022-48631.html * https://www.suse.com/security/cve/CVE-2022-48632.html * https://www.suse.com/security/cve/CVE-2022-48634.html * https://www.suse.com/security/cve/CVE-2022-48636.html * https://www.suse.com/security/cve/CVE-2022-48637.html * https://www.suse.com/security/cve/CVE-2022-48638.html * https://www.suse.com/security/cve/CVE-2022-48639.html * https://www.suse.com/security/cve/CVE-2022-48640.html * https://www.suse.com/security/cve/CVE-2022-48642.html * https://www.suse.com/security/cve/CVE-2022-48644.html * https://www.suse.com/security/cve/CVE-2022-48646.html * https://www.suse.com/security/cve/CVE-2022-48647.html * https://www.suse.com/security/cve/CVE-2022-48648.html * https://www.suse.com/security/cve/CVE-2022-48650.html * https://www.suse.com/security/cve/CVE-2022-48651.html * https://www.suse.com/security/cve/CVE-2022-48652.html * https://www.suse.com/security/cve/CVE-2022-48653.html * https://www.suse.com/security/cve/CVE-2022-48654.html * https://www.suse.com/security/cve/CVE-2022-48655.html * https://www.suse.com/security/cve/CVE-2022-48656.html * https://www.suse.com/security/cve/CVE-2022-48657.html * https://www.suse.com/security/cve/CVE-2022-48658.html * https://www.suse.com/security/cve/CVE-2022-48659.html * https://www.suse.com/security/cve/CVE-2022-48660.html * https://www.suse.com/security/cve/CVE-2022-48662.html * https://www.suse.com/security/cve/CVE-2022-48663.html * https://www.suse.com/security/cve/CVE-2022-48667.html * https://www.suse.com/security/cve/CVE-2022-48668.html * https://www.suse.com/security/cve/CVE-2022-48671.html * https://www.suse.com/security/cve/CVE-2022-48672.html * https://www.suse.com/security/cve/CVE-2022-48673.html * https://www.suse.com/security/cve/CVE-2022-48675.html * https://www.suse.com/security/cve/CVE-2022-48686.html * https://www.suse.com/security/cve/CVE-2022-48687.html * https://www.suse.com/security/cve/CVE-2022-48688.html * https://www.suse.com/security/cve/CVE-2022-48690.html * https://www.suse.com/security/cve/CVE-2022-48692.html * https://www.suse.com/security/cve/CVE-2022-48693.html * https://www.suse.com/security/cve/CVE-2022-48694.html * https://www.suse.com/security/cve/CVE-2022-48695.html * https://www.suse.com/security/cve/CVE-2022-48697.html * https://www.suse.com/security/cve/CVE-2022-48698.html * https://www.suse.com/security/cve/CVE-2022-48700.html * https://www.suse.com/security/cve/CVE-2022-48701.html * https://www.suse.com/security/cve/CVE-2022-48702.html * https://www.suse.com/security/cve/CVE-2022-48703.html * https://www.suse.com/security/cve/CVE-2022-48704.html * https://www.suse.com/security/cve/CVE-2023-2860.html * https://www.suse.com/security/cve/CVE-2023-52488.html * https://www.suse.com/security/cve/CVE-2023-52503.html * https://www.suse.com/security/cve/CVE-2023-52561.html * https://www.suse.com/security/cve/CVE-2023-52585.html * https://www.suse.com/security/cve/CVE-2023-52589.html * https://www.suse.com/security/cve/CVE-2023-52590.html * https://www.suse.com/security/cve/CVE-2023-52591.html * https://www.suse.com/security/cve/CVE-2023-52593.html * https://www.suse.com/security/cve/CVE-2023-52614.html * https://www.suse.com/security/cve/CVE-2023-52616.html * https://www.suse.com/security/cve/CVE-2023-52620.html * https://www.suse.com/security/cve/CVE-2023-52627.html * https://www.suse.com/security/cve/CVE-2023-52635.html * https://www.suse.com/security/cve/CVE-2023-52636.html * https://www.suse.com/security/cve/CVE-2023-52645.html * https://www.suse.com/security/cve/CVE-2023-52652.html * https://www.suse.com/security/cve/CVE-2023-6270.html * https://www.suse.com/security/cve/CVE-2024-0639.html * https://www.suse.com/security/cve/CVE-2024-0841.html * https://www.suse.com/security/cve/CVE-2024-22099.html * https://www.suse.com/security/cve/CVE-2024-23307.html * https://www.suse.com/security/cve/CVE-2024-23848.html * https://www.suse.com/security/cve/CVE-2024-23850.html * https://www.suse.com/security/cve/CVE-2024-26601.html * https://www.suse.com/security/cve/CVE-2024-26610.html * https://www.suse.com/security/cve/CVE-2024-26656.html * https://www.suse.com/security/cve/CVE-2024-26660.html * https://www.suse.com/security/cve/CVE-2024-26671.html * https://www.suse.com/security/cve/CVE-2024-26673.html * https://www.suse.com/security/cve/CVE-2024-26675.html * https://www.suse.com/security/cve/CVE-2024-26680.html * https://www.suse.com/security/cve/CVE-2024-26681.html * https://www.suse.com/security/cve/CVE-2024-26684.html * https://www.suse.com/security/cve/CVE-2024-26685.html * https://www.suse.com/security/cve/CVE-2024-26687.html * https://www.suse.com/security/cve/CVE-2024-26688.html * https://www.suse.com/security/cve/CVE-2024-26689.html * https://www.suse.com/security/cve/CVE-2024-26696.html * https://www.suse.com/security/cve/CVE-2024-26697.html * https://www.suse.com/security/cve/CVE-2024-26702.html * https://www.suse.com/security/cve/CVE-2024-26704.html * https://www.suse.com/security/cve/CVE-2024-26718.html * https://www.suse.com/security/cve/CVE-2024-26722.html * https://www.suse.com/security/cve/CVE-2024-26727.html * https://www.suse.com/security/cve/CVE-2024-26733.html * https://www.suse.com/security/cve/CVE-2024-26736.html * https://www.suse.com/security/cve/CVE-2024-26737.html * https://www.suse.com/security/cve/CVE-2024-26739.html * https://www.suse.com/security/cve/CVE-2024-26743.html * https://www.suse.com/security/cve/CVE-2024-26744.html * https://www.suse.com/security/cve/CVE-2024-26745.html * https://www.suse.com/security/cve/CVE-2024-26747.html * https://www.suse.com/security/cve/CVE-2024-26749.html * https://www.suse.com/security/cve/CVE-2024-26751.html * https://www.suse.com/security/cve/CVE-2024-26754.html * https://www.suse.com/security/cve/CVE-2024-26760.html * https://www.suse.com/security/cve/CVE-2024-267600.html * https://www.suse.com/security/cve/CVE-2024-26763.html * https://www.suse.com/security/cve/CVE-2024-26764.html * https://www.suse.com/security/cve/CVE-2024-26766.html * https://www.suse.com/security/cve/CVE-2024-26769.html * https://www.suse.com/security/cve/CVE-2024-26771.html * https://www.suse.com/security/cve/CVE-2024-26772.html * https://www.suse.com/security/cve/CVE-2024-26773.html * https://www.suse.com/security/cve/CVE-2024-26776.html * https://www.suse.com/security/cve/CVE-2024-26779.html * https://www.suse.com/security/cve/CVE-2024-26783.html * https://www.suse.com/security/cve/CVE-2024-26787.html * https://www.suse.com/security/cve/CVE-2024-26790.html * https://www.suse.com/security/cve/CVE-2024-26792.html * https://www.suse.com/security/cve/CVE-2024-26793.html * https://www.suse.com/security/cve/CVE-2024-26798.html * https://www.suse.com/security/cve/CVE-2024-26805.html * https://www.suse.com/security/cve/CVE-2024-26807.html * https://www.suse.com/security/cve/CVE-2024-26816.html * https://www.suse.com/security/cve/CVE-2024-26817.html * https://www.suse.com/security/cve/CVE-2024-26820.html * https://www.suse.com/security/cve/CVE-2024-26825.html * https://www.suse.com/security/cve/CVE-2024-26830.html * https://www.suse.com/security/cve/CVE-2024-26833.html * https://www.suse.com/security/cve/CVE-2024-26836.html * https://www.suse.com/security/cve/CVE-2024-26843.html * https://www.suse.com/security/cve/CVE-2024-26848.html * https://www.suse.com/security/cve/CVE-2024-26852.html * https://www.suse.com/security/cve/CVE-2024-26853.html * https://www.suse.com/security/cve/CVE-2024-26855.html * https://www.suse.com/security/cve/CVE-2024-26856.html * https://www.suse.com/security/cve/CVE-2024-26857.html * https://www.suse.com/security/cve/CVE-2024-26861.html * https://www.suse.com/security/cve/CVE-2024-26862.html * https://www.suse.com/security/cve/CVE-2024-26866.html * https://www.suse.com/security/cve/CVE-2024-26872.html * https://www.suse.com/security/cve/CVE-2024-26875.html * https://www.suse.com/security/cve/CVE-2024-26878.html * https://www.suse.com/security/cve/CVE-2024-26879.html * https://www.suse.com/security/cve/CVE-2024-26881.html * https://www.suse.com/security/cve/CVE-2024-26882.html * https://www.suse.com/security/cve/CVE-2024-26883.html * https://www.suse.com/security/cve/CVE-2024-26884.html * https://www.suse.com/security/cve/CVE-2024-26885.html * https://www.suse.com/security/cve/CVE-2024-26891.html * https://www.suse.com/security/cve/CVE-2024-26893.html * https://www.suse.com/security/cve/CVE-2024-26895.html * https://www.suse.com/security/cve/CVE-2024-26896.html * https://www.suse.com/security/cve/CVE-2024-26897.html * https://www.suse.com/security/cve/CVE-2024-26898.html * https://www.suse.com/security/cve/CVE-2024-26901.html * https://www.suse.com/security/cve/CVE-2024-26903.html * https://www.suse.com/security/cve/CVE-2024-26917.html * https://www.suse.com/security/cve/CVE-2024-26927.html * https://www.suse.com/security/cve/CVE-2024-26948.html * https://www.suse.com/security/cve/CVE-2024-26950.html * https://www.suse.com/security/cve/CVE-2024-26951.html * https://www.suse.com/security/cve/CVE-2024-26955.html * https://www.suse.com/security/cve/CVE-2024-26956.html * https://www.suse.com/security/cve/CVE-2024-26960.html * https://www.suse.com/security/cve/CVE-2024-26965.html * https://www.suse.com/security/cve/CVE-2024-26966.html * https://www.suse.com/security/cve/CVE-2024-26969.html * https://www.suse.com/security/cve/CVE-2024-26970.html * https://www.suse.com/security/cve/CVE-2024-26972.html * https://www.suse.com/security/cve/CVE-2024-26981.html * https://www.suse.com/security/cve/CVE-2024-26982.html * https://www.suse.com/security/cve/CVE-2024-26993.html * https://www.suse.com/security/cve/CVE-2024-27013.html * https://www.suse.com/security/cve/CVE-2024-27014.html * https://www.suse.com/security/cve/CVE-2024-27030.html * https://www.suse.com/security/cve/CVE-2024-27038.html * https://www.suse.com/security/cve/CVE-2024-27039.html * https://www.suse.com/security/cve/CVE-2024-27041.html * https://www.suse.com/security/cve/CVE-2024-27043.html * https://www.suse.com/security/cve/CVE-2024-27046.html * https://www.suse.com/security/cve/CVE-2024-27056.html * https://www.suse.com/security/cve/CVE-2024-27062.html * https://www.suse.com/security/cve/CVE-2024-27389.html * https://bugzilla.suse.com/show_bug.cgi?id=1141539 * https://bugzilla.suse.com/show_bug.cgi?id=1177529 * https://bugzilla.suse.com/show_bug.cgi?id=1190576 * https://bugzilla.suse.com/show_bug.cgi?id=1192145 * https://bugzilla.suse.com/show_bug.cgi?id=1192837 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1196869 * https://bugzilla.suse.com/show_bug.cgi?id=1200313 * https://bugzilla.suse.com/show_bug.cgi?id=1201308 * https://bugzilla.suse.com/show_bug.cgi?id=1201489 * https://bugzilla.suse.com/show_bug.cgi?id=1203906 * https://bugzilla.suse.com/show_bug.cgi?id=1203935 * https://bugzilla.suse.com/show_bug.cgi?id=1204614 * https://bugzilla.suse.com/show_bug.cgi?id=1207361 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1213573 * https://bugzilla.suse.com/show_bug.cgi?id=1217408 * https://bugzilla.suse.com/show_bug.cgi?id=1218562 * https://bugzilla.suse.com/show_bug.cgi?id=1218917 * https://bugzilla.suse.com/show_bug.cgi?id=1219104 * https://bugzilla.suse.com/show_bug.cgi?id=1219126 * https://bugzilla.suse.com/show_bug.cgi?id=1219141 * https://bugzilla.suse.com/show_bug.cgi?id=1219169 * https://bugzilla.suse.com/show_bug.cgi?id=1219170 * https://bugzilla.suse.com/show_bug.cgi?id=1219264 * https://bugzilla.suse.com/show_bug.cgi?id=1220342 * https://bugzilla.suse.com/show_bug.cgi?id=1220492 * https://bugzilla.suse.com/show_bug.cgi?id=1220569 * https://bugzilla.suse.com/show_bug.cgi?id=1220761 * https://bugzilla.suse.com/show_bug.cgi?id=1220901 * https://bugzilla.suse.com/show_bug.cgi?id=1220915 * https://bugzilla.suse.com/show_bug.cgi?id=1220935 * https://bugzilla.suse.com/show_bug.cgi?id=1221042 * https://bugzilla.suse.com/show_bug.cgi?id=1221044 * https://bugzilla.suse.com/show_bug.cgi?id=1221080 * https://bugzilla.suse.com/show_bug.cgi?id=1221084 * https://bugzilla.suse.com/show_bug.cgi?id=1221088 * https://bugzilla.suse.com/show_bug.cgi?id=1221162 * https://bugzilla.suse.com/show_bug.cgi?id=1221299 * https://bugzilla.suse.com/show_bug.cgi?id=1221612 * https://bugzilla.suse.com/show_bug.cgi?id=1221617 * https://bugzilla.suse.com/show_bug.cgi?id=1221645 * https://bugzilla.suse.com/show_bug.cgi?id=1221791 * https://bugzilla.suse.com/show_bug.cgi?id=1221825 * https://bugzilla.suse.com/show_bug.cgi?id=1222011 * https://bugzilla.suse.com/show_bug.cgi?id=1222051 * https://bugzilla.suse.com/show_bug.cgi?id=1222247 * https://bugzilla.suse.com/show_bug.cgi?id=1222266 * https://bugzilla.suse.com/show_bug.cgi?id=1222294 * https://bugzilla.suse.com/show_bug.cgi?id=1222307 * https://bugzilla.suse.com/show_bug.cgi?id=1222357 * https://bugzilla.suse.com/show_bug.cgi?id=1222368 * https://bugzilla.suse.com/show_bug.cgi?id=1222379 * https://bugzilla.suse.com/show_bug.cgi?id=1222416 * https://bugzilla.suse.com/show_bug.cgi?id=1222422 * https://bugzilla.suse.com/show_bug.cgi?id=1222424 * https://bugzilla.suse.com/show_bug.cgi?id=1222427 * https://bugzilla.suse.com/show_bug.cgi?id=1222428 * https://bugzilla.suse.com/show_bug.cgi?id=1222430 * https://bugzilla.suse.com/show_bug.cgi?id=1222431 * https://bugzilla.suse.com/show_bug.cgi?id=1222435 * https://bugzilla.suse.com/show_bug.cgi?id=1222437 * https://bugzilla.suse.com/show_bug.cgi?id=1222445 * https://bugzilla.suse.com/show_bug.cgi?id=1222449 * https://bugzilla.suse.com/show_bug.cgi?id=1222482 * https://bugzilla.suse.com/show_bug.cgi?id=1222503 * https://bugzilla.suse.com/show_bug.cgi?id=1222520 * https://bugzilla.suse.com/show_bug.cgi?id=1222536 * https://bugzilla.suse.com/show_bug.cgi?id=1222549 * https://bugzilla.suse.com/show_bug.cgi?id=1222550 * https://bugzilla.suse.com/show_bug.cgi?id=1222557 * https://bugzilla.suse.com/show_bug.cgi?id=1222559 * https://bugzilla.suse.com/show_bug.cgi?id=1222585 * https://bugzilla.suse.com/show_bug.cgi?id=1222586 * https://bugzilla.suse.com/show_bug.cgi?id=1222596 * https://bugzilla.suse.com/show_bug.cgi?id=1222609 * https://bugzilla.suse.com/show_bug.cgi?id=1222610 * https://bugzilla.suse.com/show_bug.cgi?id=1222613 * https://bugzilla.suse.com/show_bug.cgi?id=1222615 * https://bugzilla.suse.com/show_bug.cgi?id=1222618 * https://bugzilla.suse.com/show_bug.cgi?id=1222624 * https://bugzilla.suse.com/show_bug.cgi?id=1222630 * https://bugzilla.suse.com/show_bug.cgi?id=1222632 * https://bugzilla.suse.com/show_bug.cgi?id=1222660 * https://bugzilla.suse.com/show_bug.cgi?id=1222662 * https://bugzilla.suse.com/show_bug.cgi?id=1222664 * https://bugzilla.suse.com/show_bug.cgi?id=1222666 * https://bugzilla.suse.com/show_bug.cgi?id=1222669 * https://bugzilla.suse.com/show_bug.cgi?id=1222671 * https://bugzilla.suse.com/show_bug.cgi?id=1222677 * https://bugzilla.suse.com/show_bug.cgi?id=1222678 * https://bugzilla.suse.com/show_bug.cgi?id=1222680 * https://bugzilla.suse.com/show_bug.cgi?id=1222703 * https://bugzilla.suse.com/show_bug.cgi?id=1222704 * https://bugzilla.suse.com/show_bug.cgi?id=1222706 * https://bugzilla.suse.com/show_bug.cgi?id=1222709 * https://bugzilla.suse.com/show_bug.cgi?id=1222710 * https://bugzilla.suse.com/show_bug.cgi?id=1222720 * https://bugzilla.suse.com/show_bug.cgi?id=1222721 * https://bugzilla.suse.com/show_bug.cgi?id=1222724 * https://bugzilla.suse.com/show_bug.cgi?id=1222726 * https://bugzilla.suse.com/show_bug.cgi?id=1222727 * https://bugzilla.suse.com/show_bug.cgi?id=1222764 * https://bugzilla.suse.com/show_bug.cgi?id=1222772 * https://bugzilla.suse.com/show_bug.cgi?id=1222773 * https://bugzilla.suse.com/show_bug.cgi?id=1222776 * https://bugzilla.suse.com/show_bug.cgi?id=1222781 * https://bugzilla.suse.com/show_bug.cgi?id=1222784 * https://bugzilla.suse.com/show_bug.cgi?id=1222785 * https://bugzilla.suse.com/show_bug.cgi?id=1222787 * https://bugzilla.suse.com/show_bug.cgi?id=1222790 * https://bugzilla.suse.com/show_bug.cgi?id=1222791 * https://bugzilla.suse.com/show_bug.cgi?id=1222792 * https://bugzilla.suse.com/show_bug.cgi?id=1222796 * https://bugzilla.suse.com/show_bug.cgi?id=1222798 * https://bugzilla.suse.com/show_bug.cgi?id=1222801 * https://bugzilla.suse.com/show_bug.cgi?id=1222812 * https://bugzilla.suse.com/show_bug.cgi?id=1222824 * https://bugzilla.suse.com/show_bug.cgi?id=1222829 * https://bugzilla.suse.com/show_bug.cgi?id=1222832 * https://bugzilla.suse.com/show_bug.cgi?id=1222836 * https://bugzilla.suse.com/show_bug.cgi?id=1222838 * https://bugzilla.suse.com/show_bug.cgi?id=1222866 * https://bugzilla.suse.com/show_bug.cgi?id=1222867 * https://bugzilla.suse.com/show_bug.cgi?id=1222869 * https://bugzilla.suse.com/show_bug.cgi?id=1222876 * https://bugzilla.suse.com/show_bug.cgi?id=1222878 * https://bugzilla.suse.com/show_bug.cgi?id=1222879 * https://bugzilla.suse.com/show_bug.cgi?id=1222881 * https://bugzilla.suse.com/show_bug.cgi?id=1222883 * https://bugzilla.suse.com/show_bug.cgi?id=1222888 * https://bugzilla.suse.com/show_bug.cgi?id=1222894 * https://bugzilla.suse.com/show_bug.cgi?id=1222901 * https://bugzilla.suse.com/show_bug.cgi?id=1222968 * https://bugzilla.suse.com/show_bug.cgi?id=1223012 * https://bugzilla.suse.com/show_bug.cgi?id=1223014 * https://bugzilla.suse.com/show_bug.cgi?id=1223016 * https://bugzilla.suse.com/show_bug.cgi?id=1223024 * https://bugzilla.suse.com/show_bug.cgi?id=1223030 * https://bugzilla.suse.com/show_bug.cgi?id=1223033 * https://bugzilla.suse.com/show_bug.cgi?id=1223034 * https://bugzilla.suse.com/show_bug.cgi?id=1223035 * https://bugzilla.suse.com/show_bug.cgi?id=1223036 * https://bugzilla.suse.com/show_bug.cgi?id=1223037 * https://bugzilla.suse.com/show_bug.cgi?id=1223041 * https://bugzilla.suse.com/show_bug.cgi?id=1223042 * https://bugzilla.suse.com/show_bug.cgi?id=1223051 * https://bugzilla.suse.com/show_bug.cgi?id=1223052 * https://bugzilla.suse.com/show_bug.cgi?id=1223056 * https://bugzilla.suse.com/show_bug.cgi?id=1223057 * https://bugzilla.suse.com/show_bug.cgi?id=1223058 * https://bugzilla.suse.com/show_bug.cgi?id=1223060 * https://bugzilla.suse.com/show_bug.cgi?id=1223061 * https://bugzilla.suse.com/show_bug.cgi?id=1223065 * https://bugzilla.suse.com/show_bug.cgi?id=1223066 * https://bugzilla.suse.com/show_bug.cgi?id=1223067 * https://bugzilla.suse.com/show_bug.cgi?id=1223068 * https://bugzilla.suse.com/show_bug.cgi?id=1223076 * https://bugzilla.suse.com/show_bug.cgi?id=1223078 * https://bugzilla.suse.com/show_bug.cgi?id=1223111 * https://bugzilla.suse.com/show_bug.cgi?id=1223115 * https://bugzilla.suse.com/show_bug.cgi?id=1223118 * https://bugzilla.suse.com/show_bug.cgi?id=1223187 * https://bugzilla.suse.com/show_bug.cgi?id=1223189 * https://bugzilla.suse.com/show_bug.cgi?id=1223190 * https://bugzilla.suse.com/show_bug.cgi?id=1223191 * https://bugzilla.suse.com/show_bug.cgi?id=1223196 * https://bugzilla.suse.com/show_bug.cgi?id=1223197 * https://bugzilla.suse.com/show_bug.cgi?id=1223198 * https://bugzilla.suse.com/show_bug.cgi?id=1223275 * https://bugzilla.suse.com/show_bug.cgi?id=1223323 * https://bugzilla.suse.com/show_bug.cgi?id=1223369 * https://bugzilla.suse.com/show_bug.cgi?id=1223380 * https://bugzilla.suse.com/show_bug.cgi?id=1223473 * https://bugzilla.suse.com/show_bug.cgi?id=1223474 * https://bugzilla.suse.com/show_bug.cgi?id=1223475 * https://bugzilla.suse.com/show_bug.cgi?id=1223477 * https://bugzilla.suse.com/show_bug.cgi?id=1223478 * https://bugzilla.suse.com/show_bug.cgi?id=1223479 * https://bugzilla.suse.com/show_bug.cgi?id=1223481 * https://bugzilla.suse.com/show_bug.cgi?id=1223482 * https://bugzilla.suse.com/show_bug.cgi?id=1223484 * https://bugzilla.suse.com/show_bug.cgi?id=1223487 * https://bugzilla.suse.com/show_bug.cgi?id=1223490 * https://bugzilla.suse.com/show_bug.cgi?id=1223496 * https://bugzilla.suse.com/show_bug.cgi?id=1223498 * https://bugzilla.suse.com/show_bug.cgi?id=1223499 * https://bugzilla.suse.com/show_bug.cgi?id=1223501 * https://bugzilla.suse.com/show_bug.cgi?id=1223502 * https://bugzilla.suse.com/show_bug.cgi?id=1223503 * https://bugzilla.suse.com/show_bug.cgi?id=1223505 * https://bugzilla.suse.com/show_bug.cgi?id=1223509 * https://bugzilla.suse.com/show_bug.cgi?id=1223511 * https://bugzilla.suse.com/show_bug.cgi?id=1223512 * https://bugzilla.suse.com/show_bug.cgi?id=1223513 * https://bugzilla.suse.com/show_bug.cgi?id=1223516 * https://bugzilla.suse.com/show_bug.cgi?id=1223517 * https://bugzilla.suse.com/show_bug.cgi?id=1223518 * https://bugzilla.suse.com/show_bug.cgi?id=1223519 * https://bugzilla.suse.com/show_bug.cgi?id=1223520 * https://bugzilla.suse.com/show_bug.cgi?id=1223522 * https://bugzilla.suse.com/show_bug.cgi?id=1223523 * https://bugzilla.suse.com/show_bug.cgi?id=1223525 * https://bugzilla.suse.com/show_bug.cgi?id=1223536 * https://bugzilla.suse.com/show_bug.cgi?id=1223539 * https://bugzilla.suse.com/show_bug.cgi?id=1223574 * https://bugzilla.suse.com/show_bug.cgi?id=1223595 * https://bugzilla.suse.com/show_bug.cgi?id=1223598 * https://bugzilla.suse.com/show_bug.cgi?id=1223634 * https://bugzilla.suse.com/show_bug.cgi?id=1223640 * https://bugzilla.suse.com/show_bug.cgi?id=1223643 * https://bugzilla.suse.com/show_bug.cgi?id=1223644 * https://bugzilla.suse.com/show_bug.cgi?id=1223645 * https://bugzilla.suse.com/show_bug.cgi?id=1223646 * https://bugzilla.suse.com/show_bug.cgi?id=1223648 * https://bugzilla.suse.com/show_bug.cgi?id=1223655 * https://bugzilla.suse.com/show_bug.cgi?id=1223657 * https://bugzilla.suse.com/show_bug.cgi?id=1223660 * https://bugzilla.suse.com/show_bug.cgi?id=1223661 * https://bugzilla.suse.com/show_bug.cgi?id=1223663 * https://bugzilla.suse.com/show_bug.cgi?id=1223664 * https://bugzilla.suse.com/show_bug.cgi?id=1223668 * https://bugzilla.suse.com/show_bug.cgi?id=1223686 * https://bugzilla.suse.com/show_bug.cgi?id=1223693 * https://bugzilla.suse.com/show_bug.cgi?id=1223705 * https://bugzilla.suse.com/show_bug.cgi?id=1223714 * https://bugzilla.suse.com/show_bug.cgi?id=1223735 * https://bugzilla.suse.com/show_bug.cgi?id=1223745 * https://bugzilla.suse.com/show_bug.cgi?id=1223784 * https://bugzilla.suse.com/show_bug.cgi?id=1223785 * https://bugzilla.suse.com/show_bug.cgi?id=1223790 * https://bugzilla.suse.com/show_bug.cgi?id=1223816 * https://bugzilla.suse.com/show_bug.cgi?id=1223821 * https://bugzilla.suse.com/show_bug.cgi?id=1223822 * https://bugzilla.suse.com/show_bug.cgi?id=1223824 * https://bugzilla.suse.com/show_bug.cgi?id=1223827 * https://bugzilla.suse.com/show_bug.cgi?id=1223834 * https://bugzilla.suse.com/show_bug.cgi?id=1223875 * https://bugzilla.suse.com/show_bug.cgi?id=1223876 * https://bugzilla.suse.com/show_bug.cgi?id=1223877 * https://bugzilla.suse.com/show_bug.cgi?id=1223878 * https://bugzilla.suse.com/show_bug.cgi?id=1223879 * https://bugzilla.suse.com/show_bug.cgi?id=1223894 * https://bugzilla.suse.com/show_bug.cgi?id=1223921 * https://bugzilla.suse.com/show_bug.cgi?id=1223922 * https://bugzilla.suse.com/show_bug.cgi?id=1223923 * https://bugzilla.suse.com/show_bug.cgi?id=1223924 * https://bugzilla.suse.com/show_bug.cgi?id=1223929 * https://bugzilla.suse.com/show_bug.cgi?id=1223931 * https://bugzilla.suse.com/show_bug.cgi?id=1223932 * https://bugzilla.suse.com/show_bug.cgi?id=1223934 * https://bugzilla.suse.com/show_bug.cgi?id=1223941 * https://bugzilla.suse.com/show_bug.cgi?id=1223948 * https://bugzilla.suse.com/show_bug.cgi?id=1223949 * https://bugzilla.suse.com/show_bug.cgi?id=1223950 * https://bugzilla.suse.com/show_bug.cgi?id=1223951 * https://bugzilla.suse.com/show_bug.cgi?id=1223952 * https://bugzilla.suse.com/show_bug.cgi?id=1223953 * https://bugzilla.suse.com/show_bug.cgi?id=1223956 * https://bugzilla.suse.com/show_bug.cgi?id=1223957 * https://bugzilla.suse.com/show_bug.cgi?id=1223960 * https://bugzilla.suse.com/show_bug.cgi?id=1223962 * https://bugzilla.suse.com/show_bug.cgi?id=1223963 * https://bugzilla.suse.com/show_bug.cgi?id=1223964 * https://jira.suse.com/browse/PED-1166 * https://jira.suse.com/browse/PED-1168 * https://jira.suse.com/browse/PED-1170 * https://jira.suse.com/browse/PED-1218 * https://jira.suse.com/browse/PED-1220 * https://jira.suse.com/browse/PED-1222 * https://jira.suse.com/browse/PED-1223 * https://jira.suse.com/browse/PED-1225 * https://jira.suse.com/browse/PED-1565 * https://jira.suse.com/browse/PED-2849 * https://jira.suse.com/browse/PED-376 * https://jira.suse.com/browse/PED-542 * https://jira.suse.com/browse/PED-7167 * https://jira.suse.com/browse/PED-7619 * https://jira.suse.com/browse/SLE-18378 * https://jira.suse.com/browse/SLE-18383 * https://jira.suse.com/browse/SLE-18385 * https://jira.suse.com/browse/SLE-18978 * https://jira.suse.com/browse/SLE-19249 * https://jira.suse.com/browse/SLE-19253

1 0

SUSE-SU-2024:1855-1: important: Security update for python-PyMySQL
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-PyMySQL Announcement ID: SUSE-SU-2024:1855-1 Rating: important References: * bsc#1225070 Cross-References: * CVE-2024-36039 CVSS scores: * CVE-2024-36039 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves one vulnerability can now be installed. ## Description: This update for python-PyMySQL fixes the following issues: * CVE-2024-36039: Fixed SQL injection if used with untrusted JSON input (bsc#1225070). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1855=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1855=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1855=1 ## Package List: * openSUSE Leap 15.5 (noarch) * python3-PyMySQL-0.7.11-150000.3.3.1 * SUSE Package Hub 15 15-SP5 (noarch) * python3-PyMySQL-0.7.11-150000.3.3.1 * SUSE Package Hub 15 15-SP6 (noarch) * python3-PyMySQL-0.7.11-150000.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36039.html * https://bugzilla.suse.com/show_bug.cgi?id=1225070

1 0

SUSE-SU-2024:1856-1: important: Security update for freerdp
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for freerdp Announcement ID: SUSE-SU-2024:1856-1 Rating: important References: * bsc#1223346 * bsc#1223347 * bsc#1223348 * bsc#1223353 Cross-References: * CVE-2024-32658 * CVE-2024-32659 * CVE-2024-32660 * CVE-2024-32661 CVSS scores: * CVE-2024-32658 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-32659 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H * CVE-2024-32660 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-32661 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Package Hub 15 15-SP5 * SUSE Package Hub 15 15-SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for freerdp fixes the following issues: * CVE-2024-32658: Fixed out-of-bounds read in Interleaved RLE Bitmap Codec (bsc#1223353). * CVE-2024-32659: Fixed out-of-bounds read if `((nWidth == 0) and (nHeight == 0))` (bsc#1223346) * CVE-2024-32660: Fixed client crash via invalid huge allocation size (bsc#1223347) * CVE-2024-32661: Fixed client NULL pointer dereference (bsc#1223348) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1856=1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1856=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-1856=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1856=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1856=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1856=1 ## Package List: * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64) * freerdp-proxy-debuginfo-2.4.0-150400.3.32.1 * freerdp-2.4.0-150400.3.32.1 * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * freerdp-devel-2.4.0-150400.3.32.1 * freerdp-proxy-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * freerdp-proxy-debuginfo-2.4.0-150400.3.32.1 * freerdp-2.4.0-150400.3.32.1 * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * freerdp-devel-2.4.0-150400.3.32.1 * freerdp-proxy-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * freerdp-wayland-2.4.0-150400.3.32.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.32.1 * freerdp-2.4.0-150400.3.32.1 * freerdp-server-2.4.0-150400.3.32.1 * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * freerdp-devel-2.4.0-150400.3.32.1 * freerdp-proxy-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * uwac0-0-devel-2.4.0-150400.3.32.1 * freerdp-server-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * freerdp-wayland-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-2.4.0-150400.3.32.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * freerdp-wayland-2.4.0-150400.3.32.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.32.1 * freerdp-2.4.0-150400.3.32.1 * freerdp-server-2.4.0-150400.3.32.1 * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * freerdp-devel-2.4.0-150400.3.32.1 * freerdp-proxy-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * uwac0-0-devel-2.4.0-150400.3.32.1 * freerdp-server-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * freerdp-wayland-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-2.4.0-150400.3.32.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x) * freerdp-wayland-2.4.0-150400.3.32.1 * freerdp-proxy-debuginfo-2.4.0-150400.3.32.1 * freerdp-2.4.0-150400.3.32.1 * freerdp-server-2.4.0-150400.3.32.1 * libwinpr2-debuginfo-2.4.0-150400.3.32.1 * winpr2-devel-2.4.0-150400.3.32.1 * freerdp-debugsource-2.4.0-150400.3.32.1 * libwinpr2-2.4.0-150400.3.32.1 * freerdp-devel-2.4.0-150400.3.32.1 * freerdp-proxy-2.4.0-150400.3.32.1 * libfreerdp2-debuginfo-2.4.0-150400.3.32.1 * uwac0-0-devel-2.4.0-150400.3.32.1 * freerdp-server-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-debuginfo-2.4.0-150400.3.32.1 * freerdp-debuginfo-2.4.0-150400.3.32.1 * libfreerdp2-2.4.0-150400.3.32.1 * freerdp-wayland-debuginfo-2.4.0-150400.3.32.1 * libuwac0-0-2.4.0-150400.3.32.1 ## References: * https://www.suse.com/security/cve/CVE-2024-32658.html * https://www.suse.com/security/cve/CVE-2024-32659.html * https://www.suse.com/security/cve/CVE-2024-32660.html * https://www.suse.com/security/cve/CVE-2024-32661.html * https://bugzilla.suse.com/show_bug.cgi?id=1223346 * https://bugzilla.suse.com/show_bug.cgi?id=1223347 * https://bugzilla.suse.com/show_bug.cgi?id=1223348 * https://bugzilla.suse.com/show_bug.cgi?id=1223353

1 0

SUSE-SU-2024:1857-1: moderate: Security update for python-requests
by OPENSUSE-SECURITY-UPDATES 19 Aug '24

19 Aug '24

# Security update for python-requests Announcement ID: SUSE-SU-2024:1857-1 Rating: moderate References: * bsc#1224788 Cross-References: * CVE-2024-35195 CVSS scores: * CVE-2024-35195 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * Public Cloud Module 15-SP4 * Python 3 Module 15-SP5 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-requests fixes the following issues: * CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-1857=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-1857=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1857=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-1857=1 * Python 3 Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Python3-15-SP5-2024-1857=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-1857=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python311-requests-2.31.0-150400.6.12.1 * openSUSE Leap 15.5 (noarch) * python311-requests-2.31.0-150400.6.12.1 * openSUSE Leap 15.6 (noarch) * python311-requests-2.31.0-150400.6.12.1 * Public Cloud Module 15-SP4 (noarch) * python311-requests-2.31.0-150400.6.12.1 * Python 3 Module 15-SP5 (noarch) * python311-requests-2.31.0-150400.6.12.1 * Python 3 Module 15-SP6 (noarch) * python311-requests-2.31.0-150400.6.12.1 ## References: * https://www.suse.com/security/cve/CVE-2024-35195.html * https://bugzilla.suse.com/show_bug.cgi?id=1224788

1 0