- openSUSE Security Announce

openSUSE-SU-2024:0223-1: important: Security update for opera
by opensuse-security＠opensuse.org 26 Jul '24

26 Jul '24

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0223-1 Rating: important References: Cross-References: CVE-2024-5493 CVE-2024-5494 CVE-2024-5495 CVE-2024-5496 CVE-2024-5497 CVE-2024-5498 CVE-2024-5499 CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833 CVE-2024-5834 CVE-2024-5835 CVE-2024-5836 CVE-2024-5837 CVE-2024-5838 CVE-2024-5839 CVE-2024-5840 CVE-2024-5841 CVE-2024-5842 CVE-2024-5843 CVE-2024-5844 CVE-2024-5845 CVE-2024-5846 CVE-2024-5847 CVE-2024-6290 CVE-2024-6291 CVE-2024-6292 CVE-2024-6293 CVSS scores: CVE-2024-5830 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5831 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5832 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5833 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5834 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5835 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5836 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5837 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5838 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5839 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2024-5840 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2024-5841 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5842 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5843 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2024-5844 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5845 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5846 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2024-5847 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.6:NonFree ______________________________________________________________________________ An update that fixes 29 vulnerabilities is now available. Description: This update for opera fixes the following issues: - Update to 112.0.5197.25 * CHR-9787 Update Chromium on desktop-stable-126-5197 to 126.0.6478.127 - The update to chromium 126.0.6478.127 fixes following issues: CVE-2024-6290, CVE-2024-6291, CVE-2024-6292, CVE-2024-6293 - Update to 112.0.5197.24 * CHR-9762 Update Chromium on desktop-stable-126-5197 to 126.0.6478.62 * DNA-117001 Crash at base::internal::check_is_test_impl (base::NotFatalUntil) * DNA-117050 [Settings][Sync] Synchronization options aren't visible * DNA-117076 [Player] Background of the icons has changed and the Tidal icon is now missing * DNA-117109 Browser freezes when trying to remove a tab * DNA-117181 Translations for O112 * DNA-117202 Crash at syncer::SyncServiceImpl::NotifyObservers() * DNA-117295 Remove emoji names field in picker * DNA-117347 Start page is not rendered on first switch to workspace after its creation * DNA-117431 Promote 112 to stable - Complete Opera 112 changelog at: https://blogs.opera.com/desktop/changelog-for-112 - The update to chromium >= 126.0.6478.54 fixes following issues: CVE-2024-5830, CVE-2024-5831, CVE-2024-5832, CVE-2024-5833, CVE-2024-5834, CVE-2024-5835, CVE-2024-5836, CVE-2024-5837, CVE-2024-5838, CVE-2024-5839, CVE-2024-5840, CVE-2024-5841, CVE-2024-5842, CVE-2024-5843, CVE-2024-5844, CVE-2024-5845, CVE-2024-5846, CVE-2024-5847 - Update to 111.0.5168.55 * DNA-116749 Unnecessary icons in the advanced sync settings * DNA-116961 Evaluate #vtvd-as-platform-sw-decoder in the field * DNA-117003 #vtvd-as-platform-sw-decoder is not registered in media unittests Update to 111.0.5168.43 * DNA-115228 Adblocker is blocking ads when turned off * DNA-116605 Crash at opera::BrowserContentsView:: NonClientHitTestPoint(gfx::Point const&) * DNA-116855 Cannot close tab island’s tab when popup was hovered * DNA-116885 Add chrome.cookies api permission to Rich Hints * DNA-116948 [Linux] Theme toggle in settings is not working Update to 111.0.5168.25 * CHR-9754 Update Chromium on desktop-stable-125-5168 to 125.0.6422.142 * DNA-116089 [Win/Lin] Fullscreen view has rounded corners * DNA-116208 The red dot on the Aria’s icon is misaligned * DNA-116693 X (twitter) logo is not available on opera:about page * DNA-116737 [Bookmarks] Bookmarks bar favicon have light theme color in new window * DNA-116769 Extension popup – pin icon is replaced * DNA-116850 Fix full package installer link * DNA-116852 Promote 111 to stable * DNA-116491 Site info popup is cut with dropdown opened * DNA-116661 [opera:settings] IPFS/IPNS Gateway box has the wrong design * DNA-116789 Translations for O111 * DNA-116813 [React emoji picker] Flag emojis are not load correctly * DNA-116893 Put 'Show emojis in tab tooltip' in Settings * DNA-116918 Translations for 'Show emojis in tab tooltip' - Complete Opera 111 changelog at: https://blogs.opera.com/desktop/changelog-for-111 - The update to chromium 125.0.6422.142 fixes following issues: CVE-2024-5493, CVE-2024-5494, CVE-2024-5495, CVE-2024-5496, CVE-2024-5497, CVE-2024-5498, CVE-2024-5499 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.6:NonFree: zypper in -t patch openSUSE-2024-223=1 Package List: - openSUSE Leap 15.6:NonFree (x86_64): opera-112.0.5197.25-lp156.2.11.1 References: https://www.suse.com/security/cve/CVE-2024-5493.html https://www.suse.com/security/cve/CVE-2024-5494.html https://www.suse.com/security/cve/CVE-2024-5495.html https://www.suse.com/security/cve/CVE-2024-5496.html https://www.suse.com/security/cve/CVE-2024-5497.html https://www.suse.com/security/cve/CVE-2024-5498.html https://www.suse.com/security/cve/CVE-2024-5499.html https://www.suse.com/security/cve/CVE-2024-5830.html https://www.suse.com/security/cve/CVE-2024-5831.html https://www.suse.com/security/cve/CVE-2024-5832.html https://www.suse.com/security/cve/CVE-2024-5833.html https://www.suse.com/security/cve/CVE-2024-5834.html https://www.suse.com/security/cve/CVE-2024-5835.html https://www.suse.com/security/cve/CVE-2024-5836.html https://www.suse.com/security/cve/CVE-2024-5837.html https://www.suse.com/security/cve/CVE-2024-5838.html https://www.suse.com/security/cve/CVE-2024-5839.html https://www.suse.com/security/cve/CVE-2024-5840.html https://www.suse.com/security/cve/CVE-2024-5841.html https://www.suse.com/security/cve/CVE-2024-5842.html https://www.suse.com/security/cve/CVE-2024-5843.html https://www.suse.com/security/cve/CVE-2024-5844.html https://www.suse.com/security/cve/CVE-2024-5845.html https://www.suse.com/security/cve/CVE-2024-5846.html https://www.suse.com/security/cve/CVE-2024-5847.html https://www.suse.com/security/cve/CVE-2024-6290.html https://www.suse.com/security/cve/CVE-2024-6291.html https://www.suse.com/security/cve/CVE-2024-6292.html https://www.suse.com/security/cve/CVE-2024-6293.html

1 0

openSUSE-SU-2024:0222-1: important: Security update for python-nltk
by opensuse-security＠opensuse.org 26 Jul '24

26 Jul '24

openSUSE Security Update: Security update for python-nltk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0222-1 Rating: important References: #1227174 Cross-References: CVE-2024-39705 Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-nltk fixes the following issues: - CVE-2024-39705: Fixed remote code execution through unsafe pickle usage (boo#1227174). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-222=1 Package List: - openSUSE Backports SLE-15-SP5 (noarch): python3-nltk-3.7-bp155.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-39705.html https://bugzilla.suse.com/1227174

1 0

openSUSE-SU-2024:0218-1: important: Security update for exim
by opensuse-security＠opensuse.org 25 Jul '24

25 Jul '24

openSUSE Security Update: Security update for exim ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0218-1 Rating: important References: #1227423 Cross-References: CVE-2024-39929 Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for exim fixes the following issues: - CVE-2024-39929: Fixed incorrect parsing of multiline rfc2231 header filename (boo#1227423). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-218=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 ppc64le s390x x86_64): exim-4.97.1-bp155.5.12.1 eximon-4.97.1-bp155.5.12.1 eximstats-html-4.97.1-bp155.5.12.1 References: https://www.suse.com/security/cve/CVE-2024-39929.html https://bugzilla.suse.com/1227423

1 0

openSUSE-SU-2024:0214-1: moderate: Security update for python-sentry-sdk
by opensuse-security＠opensuse.org 23 Jul '24

23 Jul '24

openSUSE Security Update: Security update for python-sentry-sdk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0214-1 Rating: moderate References: #1228128 Cross-References: CVE-2024-40647 Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-sentry-sdk fixes the following issues: - CVE-2024-40647: Do not leak environment variables to child processes. (bsc#1228128) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-214=1 Package List: - openSUSE Backports SLE-15-SP5 (noarch): python3-sentry-sdk-0.14.4-bp155.3.3.1 References: https://www.suse.com/security/cve/CVE-2024-40647.html https://bugzilla.suse.com/1228128

1 0

SUSE-SU-2024:2597-1: important: Security update for apache2
by OPENSUSE-SECURITY-UPDATES 23 Jul '24

23 Jul '24

# Security update for apache2 Announcement ID: SUSE-SU-2024:2597-1 Rating: important References: * bsc#1227268 * bsc#1227269 * bsc#1227272 Cross-References: * CVE-2024-36387 * CVE-2024-38475 * CVE-2024-38476 CVSS scores: * CVE-2024-36387 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38475 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N * CVE-2024-38476 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6 An update that solves three vulnerabilities can now be installed. ## Description: This update for apache2 fixes the following issues: * CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 (bsc#1227272) * CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268) * CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2597=1 openSUSE-SLE-15.6-2024-2597=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2597=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2597=1 * Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2024-2597=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * apache2-event-2.4.58-150600.5.18.1 * apache2-worker-debuginfo-2.4.58-150600.5.18.1 * apache2-utils-2.4.58-150600.5.18.1 * apache2-worker-2.4.58-150600.5.18.1 * apache2-event-debuginfo-2.4.58-150600.5.18.1 * apache2-debuginfo-2.4.58-150600.5.18.1 * apache2-event-debugsource-2.4.58-150600.5.18.1 * apache2-prefork-2.4.58-150600.5.18.1 * apache2-worker-debugsource-2.4.58-150600.5.18.1 * apache2-prefork-debuginfo-2.4.58-150600.5.18.1 * apache2-2.4.58-150600.5.18.1 * apache2-prefork-debugsource-2.4.58-150600.5.18.1 * apache2-utils-debuginfo-2.4.58-150600.5.18.1 * apache2-utils-debugsource-2.4.58-150600.5.18.1 * apache2-debugsource-2.4.58-150600.5.18.1 * apache2-devel-2.4.58-150600.5.18.1 * openSUSE Leap 15.6 (noarch) * apache2-manual-2.4.58-150600.5.18.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * apache2-prefork-2.4.58-150600.5.18.1 * apache2-debuginfo-2.4.58-150600.5.18.1 * apache2-prefork-debuginfo-2.4.58-150600.5.18.1 * apache2-2.4.58-150600.5.18.1 * apache2-prefork-debugsource-2.4.58-150600.5.18.1 * apache2-debugsource-2.4.58-150600.5.18.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * apache2-event-2.4.58-150600.5.18.1 * apache2-event-debugsource-2.4.58-150600.5.18.1 * apache2-debuginfo-2.4.58-150600.5.18.1 * apache2-debugsource-2.4.58-150600.5.18.1 * apache2-event-debuginfo-2.4.58-150600.5.18.1 * Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * apache2-worker-debuginfo-2.4.58-150600.5.18.1 * apache2-utils-2.4.58-150600.5.18.1 * apache2-worker-2.4.58-150600.5.18.1 * apache2-worker-debugsource-2.4.58-150600.5.18.1 * apache2-utils-debuginfo-2.4.58-150600.5.18.1 * apache2-utils-debugsource-2.4.58-150600.5.18.1 * apache2-devel-2.4.58-150600.5.18.1 ## References: * https://www.suse.com/security/cve/CVE-2024-36387.html * https://www.suse.com/security/cve/CVE-2024-38475.html * https://www.suse.com/security/cve/CVE-2024-38476.html * https://bugzilla.suse.com/show_bug.cgi?id=1227268 * https://bugzilla.suse.com/show_bug.cgi?id=1227269 * https://bugzilla.suse.com/show_bug.cgi?id=1227272

1 0

SUSE-SU-2024:2572-1: moderate: Security update for python312
by OPENSUSE-SECURITY-UPDATES 22 Jul '24

22 Jul '24

# Security update for python312 Announcement ID: SUSE-SU-2024:2572-1 Rating: moderate References: * bsc#1225660 * bsc#1226447 * bsc#1226448 * bsc#1227152 * bsc#1227378 Cross-References: * CVE-2024-0397 * CVE-2024-4030 * CVE-2024-4032 CVSS scores: * CVE-2024-0397 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2024-4030 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2024-4032 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.6 * Python 3 Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves three vulnerabilities and has two security fixes can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2024-4032: Corrected information about public and private IPv4 and IPv6 address ranges (bsc#1226448). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2572=1 SUSE-2024-2572=1 * Python 3 Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2024-2572=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-dbm-debuginfo-3.12.4-150600.3.3.1 * libpython3_12-1_0-debuginfo-3.12.4-150600.3.3.1 * python312-base-3.12.4-150600.3.3.1 * python312-idle-3.12.4-150600.3.3.1 * python312-tools-3.12.4-150600.3.3.1 * python312-dbm-3.12.4-150600.3.3.1 * python312-debuginfo-3.12.4-150600.3.3.1 * python312-3.12.4-150600.3.3.1 * python312-devel-3.12.4-150600.3.3.1 * python312-testsuite-3.12.4-150600.3.3.1 * libpython3_12-1_0-3.12.4-150600.3.3.1 * python312-testsuite-debuginfo-3.12.4-150600.3.3.1 * python312-debugsource-3.12.4-150600.3.3.1 * python312-doc-3.12.4-150600.3.3.1 * python312-tk-3.12.4-150600.3.3.1 * python312-curses-3.12.4-150600.3.3.1 * python312-core-debugsource-3.12.4-150600.3.3.1 * python312-curses-debuginfo-3.12.4-150600.3.3.1 * python312-base-debuginfo-3.12.4-150600.3.3.1 * python312-doc-devhelp-3.12.4-150600.3.3.1 * python312-tk-debuginfo-3.12.4-150600.3.3.1 * openSUSE Leap 15.6 (x86_64) * libpython3_12-1_0-32bit-3.12.4-150600.3.3.1 * python312-32bit-3.12.4-150600.3.3.1 * python312-32bit-debuginfo-3.12.4-150600.3.3.1 * python312-base-32bit-debuginfo-3.12.4-150600.3.3.1 * python312-base-32bit-3.12.4-150600.3.3.1 * libpython3_12-1_0-32bit-debuginfo-3.12.4-150600.3.3.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-base-64bit-debuginfo-3.12.4-150600.3.3.1 * libpython3_12-1_0-64bit-debuginfo-3.12.4-150600.3.3.1 * python312-base-64bit-3.12.4-150600.3.3.1 * python312-64bit-3.12.4-150600.3.3.1 * python312-64bit-debuginfo-3.12.4-150600.3.3.1 * libpython3_12-1_0-64bit-3.12.4-150600.3.3.1 * Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64) * python312-debuginfo-3.12.4-150600.3.3.1 * python312-dbm-debuginfo-3.12.4-150600.3.3.1 * python312-3.12.4-150600.3.3.1 * python312-devel-3.12.4-150600.3.3.1 * python312-core-debugsource-3.12.4-150600.3.3.1 * libpython3_12-1_0-debuginfo-3.12.4-150600.3.3.1 * python312-dbm-3.12.4-150600.3.3.1 * python312-tk-debuginfo-3.12.4-150600.3.3.1 * python312-base-3.12.4-150600.3.3.1 * python312-curses-debuginfo-3.12.4-150600.3.3.1 * libpython3_12-1_0-3.12.4-150600.3.3.1 * python312-idle-3.12.4-150600.3.3.1 * python312-base-debuginfo-3.12.4-150600.3.3.1 * python312-tk-3.12.4-150600.3.3.1 * python312-tools-3.12.4-150600.3.3.1 * python312-debugsource-3.12.4-150600.3.3.1 * python312-curses-3.12.4-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-0397.html * https://www.suse.com/security/cve/CVE-2024-4030.html * https://www.suse.com/security/cve/CVE-2024-4032.html * https://bugzilla.suse.com/show_bug.cgi?id=1225660 * https://bugzilla.suse.com/show_bug.cgi?id=1226447 * https://bugzilla.suse.com/show_bug.cgi?id=1226448 * https://bugzilla.suse.com/show_bug.cgi?id=1227152 * https://bugzilla.suse.com/show_bug.cgi?id=1227378

1 0

SUSE-SU-2024:2575-1: moderate: Security update for kernel-firmware
by OPENSUSE-SECURITY-UPDATES 22 Jul '24

22 Jul '24

# Security update for kernel-firmware Announcement ID: SUSE-SU-2024:2575-1 Rating: moderate References: * bsc#1219458 * bsc#1222319 * bsc#1225600 * bsc#1225601 Cross-References: * CVE-2023-38417 * CVE-2023-47210 CVSS scores: * CVE-2023-38417 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-47210 ( SUSE ): 4.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities and has two security fixes can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * CVE-2023-38417: Fixed improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 (bsc#1225600) * CVE-2023-47210: Fixed improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 (bsc#1225601) * Update to version 20240712 (git commit ed874ed83cac): * amdgpu: update DMCUB to v0.0.225.0 for Various AMDGPU Asics * qcom: add gpu firmwares for x1e80100 chipset (bsc#1219458) * linux-firmware: add firmware for qat_402xx devices * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update vega20 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VPE 6.1.1 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update SDMA 6.1.1 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update SDMA 6.1.0 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SMU 13.0.7 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update raven2 firmware * amdgpu: update aldebaran firmware * linux-firmware: Update AMD cpu microcode * linux-firmware: Add ISH firmware file for Intel Lunar Lake platform * amdgpu: update DMCUB to v0.0.224.0 for Various AMDGPU Asics * cirrus: cs35l41: Update various firmware for ASUS laptops using CS35L41 * amdgpu: Update ISP FW for isp v4.1.1 * Update to version 20240622 (git commit 7d931f8afa51): * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.2.0 * qcom: Add AIC100 firmware files * Update to version 20240618 (git commit 7d931f8afa51): * amlogic: Update bluetooth firmware binary * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core * linux-firmware: Update firmware file for Intel Bluetooth Solar core * linux-firmware: Update firmware file for Intel Bluetooth Pulsar core * rtl_bt: Update RTL8822C BT UART firmware to 0xB5D6_6DCB * rtl_bt: Update RTL8822C BT USB firmware to 0xAED6_6DCB * amdgpu: update DMCUB to v0.0.222.0 for DCN314 * iwlwifi: add ty/So/Ma firmwares for core88-87 release * iwlwifi: update cc/Qu/QuZ firmwares for core88-87 release * linux-firmware: add new cc33xx firmware for cc33xx chips * cirrus: cs35l56: Update firmware for Cirrus CS35L56 for ASUS UM5606 laptop * cirrus: cs35l56: Update firmware for Cirrus CS35L56 for various ASUS laptops * linux-firmware: Add firmware for Lenovo Thinkbooks * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update raven2 firmware * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update psp 13.0.8 firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update smu 13.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update green sardine firmware * amdgpu: update navy flounder firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update SMU 13.0.6 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update aldebaran firmware * amdgpu: add support for PSP 14.0.1 * amdgpu: add support for VPE 6.1.1 * amdgpu: add support for VCN 4.0.6 * amdgpu: add support for SDMA 6.1.1 * amdgpu: add support for GC 11.5.1 * amdgpu: Add support for DCN 3.5.1 * QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00639 * cnm: update chips&media wave521c firmware. * linux-firmware: Add ordinary firmware for RTL8821AU device * Update to version 20240519 (git commit aae8224390e2): * amdgpu: add new ISP 4.1.1 firmware * Update to version 20240510 (git commit 7c2303328d8e): * linux-firmware: Amphion: Update vpu firmware * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core * linux-firmware: Update firmware file for Intel Bluetooth Solar core * linux-firmware: Update firmware file for Intel Bluetooth Solar core * i915: Add BMG DMC v2.06 * linux-firmware: Add CS35L41 HDA Firmware for Asus HN7306 * linux-firmware: Update firmware tuning for HP Consumer Laptop * amdgpu: DMCUB updates for various AMDGPU ASICs * rtl_bt: Update RTL8822C BT UART firmware to 0x0FD6_407B * rtl_bt: Update RTL8822C BT USB firmware to 0x0ED6_407B * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various ASUS laptops * linux-firmware: Add firmware and tuning for Lenovo Y770S * Update to version 20240426 (git commit 2398d264f953): * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: Add firmware for Cirrus CS35L56 for various HP laptops * i915: Update Xe2LPD DMC to v2.20 * linux-firmware: Remove Calibration Firmware and Tuning for CS35L41 * linux-firmware: Add firmware for Lenovo Thinkbook 13X * ASoC: tas2781: Add dsp firmware for Thinkpad ICE-1 laptop * amdgpu: add DMCUB 3.5 firmware * amdgpu: add VPE 6.1.0 firmware * amdgpu: add VCN 4.0.5 firmware * amdgpu: add UMSCH 4.0.0 firmware * amdgpu: add SDMA 6.1.0 firmware * amdgpu: add PSP 14.0.0 firmware * amdgpu: add GC 11.5.0 firmware * amdgpu: update license date * Update to version 20240419 (git commit 7eab37522984): * Montage: update firmware for Mont-TSSE * linux-firmware: Add tuning parameter configs for CS35L41 Firmware * linux-firmware: Fix firmware names for Laptop SSID 104316a3 * linux-firmware: Add CS35L41 HDA Firmware for Lenovo Legion Slim 7 16ARHA7 * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for MT7922 WiFi device * iwlwifi: add gl FW for core87-44 release * iwlwifi: add ty/So/Ma firmwares for core87-44 release * iwlwifi: update cc/Qu/QuZ firmwares for core87-44 release * nvidia: Update Tegra210 XUSB firmware to v50.29 * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update psp 13.0.11 firmware * amdgpu: update gc 11.0.4 firmware * amdgpu: update navy flounder firmware * amdgpu: update renoir firmware * amdgpu: update vcn 4.0.2 firmware * amdgpu: update sdma 6.0.1 firmware * amdgpu: update psp 13.0.4 firmware * amdgpu: update gc 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vega20 firmware * amdgpu: update yellow carp firmware * amdgpu: update green sardine firmware * amdgpu: update vega12 firmware * amdgpu: update raven2 firmware * amdgpu: update vcn 4.0.4 firmware * amdgpu: update smu 13.0.7 firmware * amdgpu: update sdma 6.0.2 firmware * amdgpu: update ipsp 13.0.7 firmware * amdgpu: update gc 11.0.2 firmware * amdgpu: update vega10 firmware * amdgpu: update raven firmware * amdgpu: update navi14 firmware * amdgpu: update smu 13.0.10 firmware * amdgpu: update sdma 6.0.3 firmware * amdgpu: update psp 13.0.10 firmware * amdgpu: update gc 11.0.3 firmware * amdgpu: update vcn 3.1.2 firmware * amdgpu: update psp 13.0.5 firmware * amdgpu: update gc 10.3.6 firmware * amdgpu: update navi12 firmware * amdgpu: update arcturus firmware * amdgpu: update vangogh firmware * amdgpu: update navi10 firmware * amdgpu: update vcn 4.0.3 firmware * amdgpu: update smu 13.0.6 firmware * amdgpu: update psp 13.0.6 firmware * amdgpu: update gc 9.4.3 firmware * amdgpu: update vcn 4.0.0 firmware * amdgpu: update smu 13.0.0 firmware * amdgpu: update sdma 6.0.0 firmware * amdgpu: update psp 13.0.0 firmware * amdgpu: update gc 11.0.0 firmware * amdgpu: update firmware * amdgpu: update aldebaran firmware * amdgpu: update psp 13.0.8 firmware * amdgpu: update gc 10.3.7 firmware * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.9 * ath10k: WCN3990: hw1.0: add qcm2290 firmware API file * ath10k: WCN3990: hw1.0: move firmware back from qcom/ location * i915: Add DG2 HuC 7.10.15 * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: update firmware for en8811h 2.5G ethernet phy * rtw89: 8852c: update fw to v0.27.56.14 * rtw89: 8922a: add firmware v0.35.18.0 * rtw88: Add RTL8703B firmware v11.0.0 * Drop duplicated WHENCE from kernel-firmware-* subpackages (bsc#1222319) * Update to version 20240322 (git commit 9a6a0cc195c1): * mekdiatek: Update mt8186 SOF firmware to v2.0.1 * linux-firmware: Add firmware for Cirrus CS35L56 for Dell laptops * Montage: update firmware for Mont-TSSE * WHENCE: Link the Raspberry Pi CM4 and 5B to the 4B * Intel Bluetooth: Update firmware file for Intel Bluetooth BE200 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX210 * Intel Bluetooth: Update firmware file for Intel Bluetooth AX200 * Intel Bluetooth: Update firmware file for Intel Bluetooth AX201 * Intel Bluetooth: Update firmware file for Intel Bluetooth 9560 * Intel Bluetooth: Update firmware file for Intel Bluetooth 9260 * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.8 * imx: sdma: update firmware to v3.6/v4.6 * Update to version 20240312 (git commit 4a404b5bfdb9): * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * iwlwifi: update 9000-family firmwares to core85-89 * rtl_bt: Update RTL8852A BT USB firmware to 0xD9D6_17DA * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: Add CS35L41 HDA Firmware for Lenovo Thinkbook 16P Laptops * Update to version 20240229 (git commit 977332782302): * amdgpu: Update VCN firmware binaries * Intel IPU2: Add firmware files * brcm: Add nvram for the Acer Iconia One 7 B1-750 tablet * i915: Add Xe2LPD DMC v2.18 * i915: Update MTL DMC v2.21 * Update to version 20240220 (git commit 73b4429fae36): * linux-firmware: update firmware for en8811h 2.5G ethernet phy * linux-firmware: add firmware for MT7996 * xe: First GuC release for LNL and Xe * i915: Add GuC v70.20.0 for ADL-P, DG1, DG2, MTL and TGL * linux-firmware: Add CS35L41 firmware for Lenovo Legion 7i gen7 laptop (16IAX7) * brcm: Add nvram for the Asus Memo Pad 7 ME176C tablet * ice: update ice DDP package to 1.3.36.0 * Intel IPU3 ImgU: Move firmware file under intel/ipu * Intel IPU6: Move firmware binaries under ipu/ * check_whence: Add a check for duplicate link entries * WHENCE: Clean up section separators * linux-firmware: Add CS35L41 firmware for additional ASUS Zenbook 2023 models * panthor: Add initial firmware for Gen10 Arm Mali GPUs * amdgpu: DMCUB Updates for DCN321: 7.0.38.0 * amdgpu: DMCUB updates for Yellow Carp: 4.0.68.0 * qcom: update venus firmware file for v5.4 * Montage: add firmware for Mont-TSSE * amdgpu: update DMCUB to v0.0.203.0 for DCN314 and DCN32 * linux-firmware: Remove 2 HP laptops using CS35L41 Audio Firmware * linux-firmware: Fix filenames for some CS35L41 firmwares for HP ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2575=1 openSUSE-SLE-15.6-2024-2575=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2575=1 ## Package List: * openSUSE Leap 15.6 (noarch) * kernel-firmware-ath12k-20240712-150600.3.3.1 * kernel-firmware-marvell-20240712-150600.3.3.1 * kernel-firmware-nfp-20240712-150600.3.3.1 * kernel-firmware-dpaa2-20240712-150600.3.3.1 * kernel-firmware-chelsio-20240712-150600.3.3.1 * kernel-firmware-prestera-20240712-150600.3.3.1 * kernel-firmware-realtek-20240712-150600.3.3.1 * kernel-firmware-bnx2-20240712-150600.3.3.1 * kernel-firmware-bluetooth-20240712-150600.3.3.1 * kernel-firmware-mellanox-20240712-150600.3.3.1 * kernel-firmware-liquidio-20240712-150600.3.3.1 * kernel-firmware-ath10k-20240712-150600.3.3.1 * ucode-amd-20240712-150600.3.3.1 * kernel-firmware-ueagle-20240712-150600.3.3.1 * kernel-firmware-mediatek-20240712-150600.3.3.1 * kernel-firmware-mwifiex-20240712-150600.3.3.1 * kernel-firmware-atheros-20240712-150600.3.3.1 * kernel-firmware-qcom-20240712-150600.3.3.1 * kernel-firmware-network-20240712-150600.3.3.1 * kernel-firmware-radeon-20240712-150600.3.3.1 * kernel-firmware-i915-20240712-150600.3.3.1 * kernel-firmware-iwlwifi-20240712-150600.3.3.1 * kernel-firmware-serial-20240712-150600.3.3.1 * kernel-firmware-usb-network-20240712-150600.3.3.1 * kernel-firmware-amdgpu-20240712-150600.3.3.1 * kernel-firmware-nvidia-20240712-150600.3.3.1 * kernel-firmware-intel-20240712-150600.3.3.1 * kernel-firmware-ti-20240712-150600.3.3.1 * kernel-firmware-ath11k-20240712-150600.3.3.1 * kernel-firmware-media-20240712-150600.3.3.1 * kernel-firmware-qlogic-20240712-150600.3.3.1 * kernel-firmware-all-20240712-150600.3.3.1 * kernel-firmware-20240712-150600.3.3.1 * kernel-firmware-sound-20240712-150600.3.3.1 * kernel-firmware-platform-20240712-150600.3.3.1 * kernel-firmware-brcm-20240712-150600.3.3.1 * Basesystem Module 15-SP6 (noarch) * kernel-firmware-ath12k-20240712-150600.3.3.1 * kernel-firmware-marvell-20240712-150600.3.3.1 * kernel-firmware-nfp-20240712-150600.3.3.1 * kernel-firmware-dpaa2-20240712-150600.3.3.1 * kernel-firmware-chelsio-20240712-150600.3.3.1 * kernel-firmware-prestera-20240712-150600.3.3.1 * kernel-firmware-realtek-20240712-150600.3.3.1 * kernel-firmware-bnx2-20240712-150600.3.3.1 * kernel-firmware-bluetooth-20240712-150600.3.3.1 * kernel-firmware-mellanox-20240712-150600.3.3.1 * kernel-firmware-liquidio-20240712-150600.3.3.1 * kernel-firmware-ath10k-20240712-150600.3.3.1 * ucode-amd-20240712-150600.3.3.1 * kernel-firmware-ueagle-20240712-150600.3.3.1 * kernel-firmware-mediatek-20240712-150600.3.3.1 * kernel-firmware-mwifiex-20240712-150600.3.3.1 * kernel-firmware-atheros-20240712-150600.3.3.1 * kernel-firmware-qcom-20240712-150600.3.3.1 * kernel-firmware-network-20240712-150600.3.3.1 * kernel-firmware-radeon-20240712-150600.3.3.1 * kernel-firmware-i915-20240712-150600.3.3.1 * kernel-firmware-iwlwifi-20240712-150600.3.3.1 * kernel-firmware-serial-20240712-150600.3.3.1 * kernel-firmware-usb-network-20240712-150600.3.3.1 * kernel-firmware-amdgpu-20240712-150600.3.3.1 * kernel-firmware-nvidia-20240712-150600.3.3.1 * kernel-firmware-intel-20240712-150600.3.3.1 * kernel-firmware-ti-20240712-150600.3.3.1 * kernel-firmware-ath11k-20240712-150600.3.3.1 * kernel-firmware-media-20240712-150600.3.3.1 * kernel-firmware-qlogic-20240712-150600.3.3.1 * kernel-firmware-all-20240712-150600.3.3.1 * kernel-firmware-sound-20240712-150600.3.3.1 * kernel-firmware-platform-20240712-150600.3.3.1 * kernel-firmware-brcm-20240712-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38417.html * https://www.suse.com/security/cve/CVE-2023-47210.html * https://bugzilla.suse.com/show_bug.cgi?id=1219458 * https://bugzilla.suse.com/show_bug.cgi?id=1222319 * https://bugzilla.suse.com/show_bug.cgi?id=1225600 * https://bugzilla.suse.com/show_bug.cgi?id=1225601

1 0

SUSE-SU-2024:2576-1: moderate: Security update for gnome-shell
by OPENSUSE-SECURITY-UPDATES 22 Jul '24

22 Jul '24

# Security update for gnome-shell Announcement ID: SUSE-SU-2024:2576-1 Rating: moderate References: * bsc#1215485 * bsc#1225567 Cross-References: * CVE-2023-43090 * CVE-2024-36472 CVSS scores: * CVE-2023-43090 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-43090 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2024-36472 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L Affected Products: * Desktop Applications Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Workstation Extension 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for gnome-shell fixes the following issues: * CVE-2024-36472: Fixed portal helper automatically launched without user confirmation (bsc#1225567) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2576=1 openSUSE-SLE-15.6-2024-2576=1 * Desktop Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2024-2576=1 * SUSE Linux Enterprise Workstation Extension 15 SP6 zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2024-2576=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * gnome-extensions-45.3-150600.5.6.1 * gnome-shell-45.3-150600.5.6.1 * gnome-shell-debugsource-45.3-150600.5.6.1 * gnome-shell-calendar-debuginfo-45.3-150600.5.6.1 * gnome-shell-debuginfo-45.3-150600.5.6.1 * gnome-shell-devel-45.3-150600.5.6.1 * gnome-shell-calendar-45.3-150600.5.6.1 * openSUSE Leap 15.6 (noarch) * gnome-shell-lang-45.3-150600.5.6.1 * Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64) * gnome-extensions-45.3-150600.5.6.1 * gnome-shell-45.3-150600.5.6.1 * gnome-shell-debugsource-45.3-150600.5.6.1 * gnome-shell-debuginfo-45.3-150600.5.6.1 * gnome-shell-devel-45.3-150600.5.6.1 * Desktop Applications Module 15-SP6 (noarch) * gnome-shell-lang-45.3-150600.5.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64) * gnome-shell-calendar-debuginfo-45.3-150600.5.6.1 * gnome-shell-debuginfo-45.3-150600.5.6.1 * gnome-shell-debugsource-45.3-150600.5.6.1 * gnome-shell-calendar-45.3-150600.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-43090.html * https://www.suse.com/security/cve/CVE-2024-36472.html * https://bugzilla.suse.com/show_bug.cgi?id=1215485 * https://bugzilla.suse.com/show_bug.cgi?id=1225567

1 0

SUSE-SU-2024:2578-1: important: Security update for java-21-openjdk
by OPENSUSE-SECURITY-UPDATES 22 Jul '24

22 Jul '24

# Security update for java-21-openjdk Announcement ID: SUSE-SU-2024:2578-1 Rating: important References: * bsc#1227298 * bsc#1228046 * bsc#1228047 * bsc#1228048 * bsc#1228051 * bsc#1228052 Cross-References: * CVE-2024-21131 * CVE-2024-21138 * CVE-2024-21140 * CVE-2024-21145 * CVE-2024-21147 CVSS scores: * CVE-2024-21131 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21138 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21140 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21147 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves five vulnerabilities and has one security fix can now be installed. ## Description: This update for java-21-openjdk fixes the following issues: Updated to version 21.0.4+7 (July 2024 CPU): * CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). * CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). * CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). * CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). * CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2578=1 openSUSE-SLE-15.6-2024-2578=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-2578=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * java-21-openjdk-21.0.4.0-150600.3.3.1 * java-21-openjdk-headless-debuginfo-21.0.4.0-150600.3.3.1 * java-21-openjdk-jmods-21.0.4.0-150600.3.3.1 * java-21-openjdk-debugsource-21.0.4.0-150600.3.3.1 * java-21-openjdk-headless-21.0.4.0-150600.3.3.1 * java-21-openjdk-src-21.0.4.0-150600.3.3.1 * java-21-openjdk-debuginfo-21.0.4.0-150600.3.3.1 * java-21-openjdk-devel-21.0.4.0-150600.3.3.1 * java-21-openjdk-devel-debuginfo-21.0.4.0-150600.3.3.1 * java-21-openjdk-demo-21.0.4.0-150600.3.3.1 * openSUSE Leap 15.6 (noarch) * java-21-openjdk-javadoc-21.0.4.0-150600.3.3.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-21-openjdk-21.0.4.0-150600.3.3.1 * java-21-openjdk-headless-debuginfo-21.0.4.0-150600.3.3.1 * java-21-openjdk-debugsource-21.0.4.0-150600.3.3.1 * java-21-openjdk-headless-21.0.4.0-150600.3.3.1 * java-21-openjdk-debuginfo-21.0.4.0-150600.3.3.1 * java-21-openjdk-devel-21.0.4.0-150600.3.3.1 * java-21-openjdk-devel-debuginfo-21.0.4.0-150600.3.3.1 * java-21-openjdk-demo-21.0.4.0-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21131.html * https://www.suse.com/security/cve/CVE-2024-21138.html * https://www.suse.com/security/cve/CVE-2024-21140.html * https://www.suse.com/security/cve/CVE-2024-21145.html * https://www.suse.com/security/cve/CVE-2024-21147.html * https://bugzilla.suse.com/show_bug.cgi?id=1227298 * https://bugzilla.suse.com/show_bug.cgi?id=1228046 * https://bugzilla.suse.com/show_bug.cgi?id=1228047 * https://bugzilla.suse.com/show_bug.cgi?id=1228048 * https://bugzilla.suse.com/show_bug.cgi?id=1228051 * https://bugzilla.suse.com/show_bug.cgi?id=1228052

1 0

SUSE-SU-2024:2584-1: important: Security update for libgit2
by OPENSUSE-SECURITY-UPDATES 22 Jul '24

22 Jul '24

# Security update for libgit2 Announcement ID: SUSE-SU-2024:2584-1 Rating: important References: * bsc#1219660 * bsc#1219664 Cross-References: * CVE-2024-24575 * CVE-2024-24577 CVSS scores: * CVE-2024-24575 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24575 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24577 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2024-24577 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves two vulnerabilities can now be installed. ## Description: This update for libgit2 fixes the following issues: Update to 1.7.2: Security fixes: * CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) * CVE-2024-24575: Fixed potential infinite loop condition in git_revparse_single() (bsc#1219664) Other fixes: \- A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2024-2584=1 openSUSE-SLE-15.6-2024-2584=1 * Development Tools Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2024-2584=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libgit2-tools-1.7.2-150600.3.3.1 * libgit2-devel-1.7.2-150600.3.3.1 * libgit2-1_7-debuginfo-1.7.2-150600.3.3.1 * libgit2-debuginfo-1.7.2-150600.3.3.1 * libgit2-debugsource-1.7.2-150600.3.3.1 * libgit2-tools-debuginfo-1.7.2-150600.3.3.1 * libgit2-1_7-1.7.2-150600.3.3.1 * Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libgit2-tools-1.7.2-150600.3.3.1 * libgit2-devel-1.7.2-150600.3.3.1 * libgit2-1_7-debuginfo-1.7.2-150600.3.3.1 * libgit2-debuginfo-1.7.2-150600.3.3.1 * libgit2-debugsource-1.7.2-150600.3.3.1 * libgit2-tools-debuginfo-1.7.2-150600.3.3.1 * libgit2-1_7-1.7.2-150600.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2024-24575.html * https://www.suse.com/security/cve/CVE-2024-24577.html * https://bugzilla.suse.com/show_bug.cgi?id=1219660 * https://bugzilla.suse.com/show_bug.cgi?id=1219664

1 0