openSUSE Recommended Update: Recommended update for crmsh
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:1431-1
Rating: moderate
References: #1191508
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for crmsh fixes the following issues:
- Update to parse lifetime option correctly in ui_resource (bsc#1191508)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1431=1
Package List:
- openSUSE Leap 15.2 (noarch):
crmsh-4.3.1+20211012.52d4086a-lp152.4.71.1
crmsh-scripts-4.3.1+20211012.52d4086a-lp152.4.71.1
crmsh-test-4.3.1+20211012.52d4086a-lp152.4.71.1
References:
https://bugzilla.suse.com/1191508
openSUSE Security Update: Security update for python-Pygments
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1402-1
Rating: important
References: #1183169
Cross-References: CVE-2021-20270
CVSS scores:
CVE-2021-20270 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-20270 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-Pygments fixes the following issues:
- CVE-2021-20270: Fixed an infinite loop in the SML lexer (bsc#1183169).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1402=1
Package List:
- openSUSE Leap 15.2 (noarch):
python3-Pygments-2.6.1-lp152.5.9.1
References:
https://www.suse.com/security/cve/CVE-2021-20270.htmlhttps://bugzilla.suse.com/1183169
openSUSE Recommended Update: Recommended update for dracut
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:1415-1
Rating: moderate
References: #1184970 #1186260 #1187115 #1187470 #1187774
#1190845
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that has 6 recommended fixes can now be installed.
Description:
This update for dracut fixes the following issues:
- Fix usage information for -f parameter. (bsc#1187470)
- Fix obsolete reference to 96insmodpost in manpage. (bsc#1187774)
- Remove references to INITRD_MODULES. (bsc#1187115)
- Multipath FCoE configurations may not boot when using only one path.
(bsc#1186260)
- Adjust path for SUSE: /var/lib/nfs/statd/sm to /var/lib/nfs/sm.
(bsc#1184970)
- Systemd coredump unit files are missing in initrd. (1190845)
- Use $kernel rather than $(uname -r).
- Exclude modules that are built-in.
- Restore INITRD_MODULES in mkinitrd script.
- Call dracut_instmods with hostonly.
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1415=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
dracut-049.1+suse.209.gebcf4f33-lp152.2.33.1
dracut-debuginfo-049.1+suse.209.gebcf4f33-lp152.2.33.1
dracut-debugsource-049.1+suse.209.gebcf4f33-lp152.2.33.1
dracut-extra-049.1+suse.209.gebcf4f33-lp152.2.33.1
dracut-fips-049.1+suse.209.gebcf4f33-lp152.2.33.1
dracut-ima-049.1+suse.209.gebcf4f33-lp152.2.33.1
dracut-tools-049.1+suse.209.gebcf4f33-lp152.2.33.1
References:
https://bugzilla.suse.com/1184970https://bugzilla.suse.com/1186260https://bugzilla.suse.com/1187115https://bugzilla.suse.com/1187470https://bugzilla.suse.com/1187774https://bugzilla.suse.com/1190845
openSUSE Security Update: Security update for go1.16
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1420-1
Rating: moderate
References: #1182345 #1191468
Cross-References: CVE-2021-38297
CVSS scores:
CVE-2021-38297 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for go1.16 fixes the following issues:
Update to go1.16.9
- CVE-2021-38297: misc/wasm, cmd/link: do not let command line args
overwrite global data (bsc#1191468)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1420=1
Package List:
- openSUSE Leap 15.2 (x86_64):
go1.16-1.16.9-lp152.14.1
go1.16-doc-1.16.9-lp152.14.1
go1.16-race-1.16.9-lp152.14.1
References:
https://www.suse.com/security/cve/CVE-2021-38297.htmlhttps://bugzilla.suse.com/1182345https://bugzilla.suse.com/1191468
openSUSE Security Update: Security update for krb5
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1411-1
Rating: moderate
References: #1189929
Cross-References: CVE-2021-37750
CVSS scores:
CVE-2021-37750 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for krb5 fixes the following issues:
- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body
that lacks a server field (bsc#1189929).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1411=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
krb5-1.16.3-lp152.5.22.1
krb5-client-1.16.3-lp152.5.22.1
krb5-client-debuginfo-1.16.3-lp152.5.22.1
krb5-debuginfo-1.16.3-lp152.5.22.1
krb5-debugsource-1.16.3-lp152.5.22.1
krb5-devel-1.16.3-lp152.5.22.1
krb5-mini-1.16.3-lp152.5.22.1
krb5-mini-debuginfo-1.16.3-lp152.5.22.1
krb5-mini-debugsource-1.16.3-lp152.5.22.1
krb5-mini-devel-1.16.3-lp152.5.22.1
krb5-plugin-kdb-ldap-1.16.3-lp152.5.22.1
krb5-plugin-kdb-ldap-debuginfo-1.16.3-lp152.5.22.1
krb5-plugin-preauth-otp-1.16.3-lp152.5.22.1
krb5-plugin-preauth-otp-debuginfo-1.16.3-lp152.5.22.1
krb5-plugin-preauth-pkinit-1.16.3-lp152.5.22.1
krb5-plugin-preauth-pkinit-debuginfo-1.16.3-lp152.5.22.1
krb5-server-1.16.3-lp152.5.22.1
krb5-server-debuginfo-1.16.3-lp152.5.22.1
- openSUSE Leap 15.2 (x86_64):
krb5-32bit-1.16.3-lp152.5.22.1
krb5-32bit-debuginfo-1.16.3-lp152.5.22.1
krb5-devel-32bit-1.16.3-lp152.5.22.1
References:
https://www.suse.com/security/cve/CVE-2021-37750.htmlhttps://bugzilla.suse.com/1189929
openSUSE Security Update: Security update for xstream
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1401-1
Rating: important
References: #1189798
Cross-References: CVE-2021-39139 CVE-2021-39140 CVE-2021-39141
CVE-2021-39144 CVE-2021-39145 CVE-2021-39146
CVE-2021-39147 CVE-2021-39148 CVE-2021-39149
CVE-2021-39150 CVE-2021-39151 CVE-2021-39152
CVE-2021-39153 CVE-2021-39154
CVSS scores:
CVE-2021-39139 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39139 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39140 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-39141 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39141 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39144 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39144 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39145 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39145 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39146 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39146 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39147 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39147 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39148 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39148 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39149 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39149 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39150 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39150 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-39151 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39151 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39152 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39152 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-39153 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39153 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39154 (NVD) : 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-39154 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes 14 vulnerabilities is now available.
Description:
This update for xstream fixes the following issues:
- Upgrade to 1.4.18
- CVE-2021-39139: Fixed an issue that allowed an attacker to execute
arbitrary code execution by manipulating the processed input stream with
type information. (bsc#1189798)
- CVE-2021-39140: Fixed an issue that allowed an attacker to execute a DoS
attack by manipulating the processed input stream. (bsc#1189798)
- CVE-2021-39141: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39144: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39145: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39146: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39147: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39148: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39149: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39150: Fixed an issue that allowed an attacker to access
protected resources hosted within the intranet or in the host itself.
(bsc#1189798)
- CVE-2021-39151: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39152: Fixed an issue that allowed an attacker to access
protected resources hosted within the intranet or in the host itself.
(bsc#1189798)
- CVE-2021-39153: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
- CVE-2021-39154: Fixed an issue that allowed an attacker to achieve
arbitrary code execution. (bsc#1189798)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1401=1
Package List:
- openSUSE Leap 15.2 (noarch):
xstream-1.4.18-lp152.2.12.1
xstream-benchmark-1.4.18-lp152.2.12.1
xstream-javadoc-1.4.18-lp152.2.12.1
xstream-parent-1.4.18-lp152.2.12.1
References:
https://www.suse.com/security/cve/CVE-2021-39139.htmlhttps://www.suse.com/security/cve/CVE-2021-39140.htmlhttps://www.suse.com/security/cve/CVE-2021-39141.htmlhttps://www.suse.com/security/cve/CVE-2021-39144.htmlhttps://www.suse.com/security/cve/CVE-2021-39145.htmlhttps://www.suse.com/security/cve/CVE-2021-39146.htmlhttps://www.suse.com/security/cve/CVE-2021-39147.htmlhttps://www.suse.com/security/cve/CVE-2021-39148.htmlhttps://www.suse.com/security/cve/CVE-2021-39149.htmlhttps://www.suse.com/security/cve/CVE-2021-39150.htmlhttps://www.suse.com/security/cve/CVE-2021-39151.htmlhttps://www.suse.com/security/cve/CVE-2021-39152.htmlhttps://www.suse.com/security/cve/CVE-2021-39153.htmlhttps://www.suse.com/security/cve/CVE-2021-39154.htmlhttps://bugzilla.suse.com/1189798
openSUSE Recommended Update: Recommended update for suse-module-tools
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:1406-1
Rating: important
References: #1191200 #1191260 #1191480 #1191804 #1191922
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that has 5 recommended fixes can now be installed.
Description:
This update for suse-module-tools fixes the following issues:
Update to version 15.2.15:
- Fix bad exit status in openQA. (bsc#1191922)
- Deal with existing certificates that should be de-enrolled. (bsc#1191804)
- Ignore kernel keyring for kernel certificates. (bsc#1191480)
- Print 'mokutil' output in verbose mode.
- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)
- Don't pass existing files to weak-modules2. (bsc#1191200)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1406=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
suse-module-tools-15.2.15-lp152.5.9.1
suse-module-tools-legacy-15.2.15-lp152.5.9.1
References:
https://bugzilla.suse.com/1191200https://bugzilla.suse.com/1191260https://bugzilla.suse.com/1191480https://bugzilla.suse.com/1191804https://bugzilla.suse.com/1191922
openSUSE Security Update: Security update for strongswan
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1399-1
Rating: important
References: #1191367 #1191435 SLE-20151
Cross-References: CVE-2021-41990 CVE-2021-41991
CVSS scores:
CVE-2021-41990 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41991 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes two vulnerabilities, contains one
feature is now available.
Description:
This update for strongswan fixes the following issues:
A feature was added:
- Add auth_els plugin to support Marvell FC-SP encryption (jsc#SLE-20151)
Security issues fixed:
- CVE-2021-41991: Fixed an integer overflow when replacing certificates in
cache. (bsc#1191435)
- CVE-2021-41990: Fixed an integer Overflow in the gmp Plugin.
(bsc#1191367)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1399=1
Package List:
- openSUSE Leap 15.2 (noarch):
strongswan-doc-5.8.2-lp152.2.18.1
- openSUSE Leap 15.2 (x86_64):
strongswan-5.8.2-lp152.2.18.1
strongswan-debuginfo-5.8.2-lp152.2.18.1
strongswan-debugsource-5.8.2-lp152.2.18.1
strongswan-hmac-5.8.2-lp152.2.18.1
strongswan-ipsec-5.8.2-lp152.2.18.1
strongswan-ipsec-debuginfo-5.8.2-lp152.2.18.1
strongswan-libs0-5.8.2-lp152.2.18.1
strongswan-libs0-debuginfo-5.8.2-lp152.2.18.1
strongswan-mysql-5.8.2-lp152.2.18.1
strongswan-mysql-debuginfo-5.8.2-lp152.2.18.1
strongswan-nm-5.8.2-lp152.2.18.1
strongswan-nm-debuginfo-5.8.2-lp152.2.18.1
strongswan-sqlite-5.8.2-lp152.2.18.1
strongswan-sqlite-debuginfo-5.8.2-lp152.2.18.1
References:
https://www.suse.com/security/cve/CVE-2021-41990.htmlhttps://www.suse.com/security/cve/CVE-2021-41991.htmlhttps://bugzilla.suse.com/1191367https://bugzilla.suse.com/1191435
openSUSE Recommended Update: Recommended update for pam
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:1405-1
Rating: important
References: #1190052 #1191987 SLE-20638
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that has two recommended fixes and contains one
feature can now be installed.
Description:
This update for pam fixes the following issues:
- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)
- Fixed a bad directive file which resulted in the "securetty" file to be
installed as "macros.pam". (bsc#1191987)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1405=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
pam-1.3.0-lp152.11.16.1
pam-debuginfo-1.3.0-lp152.11.16.1
pam-debugsource-1.3.0-lp152.11.16.1
pam-devel-1.3.0-lp152.11.16.1
pam-extra-1.3.0-lp152.11.16.1
pam-extra-debuginfo-1.3.0-lp152.11.16.1
- openSUSE Leap 15.2 (noarch):
pam-doc-1.3.0-lp152.11.16.1
- openSUSE Leap 15.2 (x86_64):
pam-32bit-1.3.0-lp152.11.16.1
pam-32bit-debuginfo-1.3.0-lp152.11.16.1
pam-devel-32bit-1.3.0-lp152.11.16.1
pam-extra-32bit-1.3.0-lp152.11.16.1
pam-extra-32bit-debuginfo-1.3.0-lp152.11.16.1
References:
https://bugzilla.suse.com/1190052https://bugzilla.suse.com/1191987