openSUSE Updates August 2021

updates@lists.opensuse.org

2 participants
225 discussions

openSUSE-SU-2021:1212-1: moderate: Security update for spectre-meltdown-checker

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for spectre-meltdown-checker ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1212-1 Rating: moderate References: #1189477 Cross-References: CVE-2017-5753 CVSS scores: CVE-2017-5753 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 (SUSE): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spectre-meltdown-checker fixes the following issues: spectre-meltdown-checker was updated to version 0.44 (bsc#1189477) - feat: add support for SRBDS related vulnerabilities - feat: add zstd kernel decompression (#370) - enh: arm: add experimental support for binary arm images - enh: rsb filling: no longer need the 'strings' tool to check for kernel support in live mode - fix: fwdb: remove Intel extract tempdir on exit - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes #278) - fix: fwdb: use the commit date as the intel fwdb version - fix: fwdb: update Intel's repository URL - fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro - fix: on CPU parse info under FreeBSD - chore: github: add check run on pull requests - chore: fwdb: update to v165.20201021+i20200616 This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1212=1 Package List: - openSUSE Leap 15.2 (x86_64): spectre-meltdown-checker-0.44-lp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2017-5753.html https://bugzilla.suse.com/1189477

10 months

openSUSE-SU-2021:2875-1: important: Security update for nodejs12

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:2875-1 Rating: important References: #1188881 #1188917 #1189368 #1189369 #1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 CVSS scores: CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22931 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-22939 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-22940 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: Update to 12.22.5: - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (bsc#1189370, bsc#1188881) - CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) - CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - CVE-2021-22930: http2: fixes use after free on close http2 on stream canceling (bsc#1188917) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2875=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.5-4.19.1 nodejs12-debuginfo-12.22.5-4.19.1 nodejs12-debugsource-12.22.5-4.19.1 nodejs12-devel-12.22.5-4.19.1 npm12-12.22.5-4.19.1 - openSUSE Leap 15.3 (noarch): nodejs12-docs-12.22.5-4.19.1 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://www.suse.com/security/cve/CVE-2021-22931.html https://www.suse.com/security/cve/CVE-2021-22939.html https://www.suse.com/security/cve/CVE-2021-22940.html https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 https://bugzilla.suse.com/1188917 https://bugzilla.suse.com/1189368 https://bugzilla.suse.com/1189369 https://bugzilla.suse.com/1189370

10 months

openSUSE-SU-2021:2874-1: important: Security update for MozillaThunderbird

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:2874-1 Rating: important References: #1188891 Cross-References: CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 CVSS scores: CVE-2021-29980 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29984 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29985 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-29986 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29988 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-29989 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Update to version 78.13 (MFSA 2021-35, bsc#1188891) - CVE-2021-29986: Race condition when resolving DNS names could have led to memory corruption - CVE-2021-29988: Memory corruption as a result of incorrect style treatment - CVE-2021-29984: Incorrect instruction reordering during JIT optimization - CVE-2021-29980: Uninitialized memory in a canvas object could have led to memory corruption - CVE-2021-29985: Use-after-free media channels - CVE-2021-29989: Memory safety bugs fixed in Thunderbird 78.13 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2874=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-78.13.0-8.36.1 MozillaThunderbird-debuginfo-78.13.0-8.36.1 MozillaThunderbird-debugsource-78.13.0-8.36.1 MozillaThunderbird-translations-common-78.13.0-8.36.1 MozillaThunderbird-translations-other-78.13.0-8.36.1 References: https://www.suse.com/security/cve/CVE-2021-29980.html https://www.suse.com/security/cve/CVE-2021-29984.html https://www.suse.com/security/cve/CVE-2021-29985.html https://www.suse.com/security/cve/CVE-2021-29986.html https://www.suse.com/security/cve/CVE-2021-29988.html https://www.suse.com/security/cve/CVE-2021-29989.html https://bugzilla.suse.com/1188891

10 months

openSUSE-RU-2021:2878-1: moderate: Recommended update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container ______________________________________________________________________________ Announcement ID: openSUSE-RU-2021:2878-1 Rating: moderate References: #1185714 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container contains the following fixes: Changes in kubevirt: - Generate meta info for containers during rpm build. - Add REGISTRY variable. - Use registry.suse.com as the default fallback for sle. - Rename macro registry_path to kubevirt_registry_path. - Do not package OLM manifests. - Install virt-launcher SELinux policy. (bsc#1185714) - Include release number into docker tag. - Add kubevirt_containers_meta build service. - Set default reg_path='registry.opensuse.org/kubevirt'. - Add _constraints file with disk requirements. - Fix virt-launcher VirDomain double free crash. Changes on the containers: - Include the registry in org.opensuse.reference. - Tag the image with <version>-<release>. - run zypper clean after installation. Changes specific to virt-launcher-container: - Create symlinks for OVMF binaries in expected location. - Sort installed packages alphabetically. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2878=1 Package List: - openSUSE Leap 15.3 (x86_64): kubevirt-container-disk-0.40.0-5.14.3 kubevirt-container-disk-debuginfo-0.40.0-5.14.3 kubevirt-manifests-0.40.0-5.14.3 kubevirt-tests-0.40.0-5.14.3 kubevirt-tests-debuginfo-0.40.0-5.14.3 kubevirt-virt-api-0.40.0-5.14.3 kubevirt-virt-api-debuginfo-0.40.0-5.14.3 kubevirt-virt-controller-0.40.0-5.14.3 kubevirt-virt-controller-debuginfo-0.40.0-5.14.3 kubevirt-virt-handler-0.40.0-5.14.3 kubevirt-virt-handler-debuginfo-0.40.0-5.14.3 kubevirt-virt-launcher-0.40.0-5.14.3 kubevirt-virt-launcher-debuginfo-0.40.0-5.14.3 kubevirt-virt-operator-0.40.0-5.14.3 kubevirt-virt-operator-debuginfo-0.40.0-5.14.3 kubevirt-virtctl-0.40.0-5.14.3 kubevirt-virtctl-debuginfo-0.40.0-5.14.3 References: https://bugzilla.suse.com/1185714

10 months

openSUSE-RU-2021:2869-1: moderate: Recommended update for yast2-update

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for yast2-update ______________________________________________________________________________ Announcement ID: openSUSE-RU-2021:2869-1 Rating: moderate References: #1181066 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-update fixes the following issues: - Avoid to bind-mount /run twice. (bsc#1181066) Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2869=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): yast2-update-4.3.3-3.3.1 yast2-update-FACTORY-4.3.3-3.3.1 References: https://bugzilla.suse.com/1181066

10 months

openSUSE-RU-2021:2870-1: moderate: Recommended update for yast2-packager

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: openSUSE-RU-2021:2870-1 Rating: moderate References: #1183795 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-packager fixes the following issues: - Corrects package selection when on "armv7l" (bsc#1183795) Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2870=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): yast2-packager-4.3.22-3.3.6 References: https://bugzilla.suse.com/1183795

10 months

openSUSE-SU-2021:2872-1: important: Security update for php7

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:2872-1 Rating: important References: #1189591 Cross-References: CVE-2020-36193 CVSS scores: CVE-2020-36193 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-36193 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2020-36193: Fixed Archive_Tar directory traversal due to inadequate checking of symbolic links (bsc#1189591). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2872=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): php7-wddx-7.2.5-4.82.1 php7-wddx-debuginfo-7.2.5-4.82.1 References: https://www.suse.com/security/cve/CVE-2020-36193.html https://bugzilla.suse.com/1189591

10 months

openSUSE-RU-2021:2871-1: moderate: Recommended update for bind

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for bind ______________________________________________________________________________ Announcement ID: openSUSE-RU-2021:2871-1 Rating: moderate References: #1187921 #1188763 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for bind fixes the following issues: - Fix an assertion failure in the 'rehash()' function (bsc#1188763) When calculating the new hashtable bitsize, there was an off-by-one error that would allow the new bitsize to be larger than maximum allowed. - tsig-keygen is now used to generate DDNS keys (bsc#1187921) Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2871=1 Package List: - openSUSE Leap 15.3 (x86_64): bind-devel-32bit-9.16.6-12.54.2 libbind9-1600-32bit-9.16.6-12.54.2 libbind9-1600-32bit-debuginfo-9.16.6-12.54.2 libdns1605-32bit-9.16.6-12.54.2 libdns1605-32bit-debuginfo-9.16.6-12.54.2 libirs1601-32bit-9.16.6-12.54.2 libirs1601-32bit-debuginfo-9.16.6-12.54.2 libisc1606-32bit-9.16.6-12.54.2 libisc1606-32bit-debuginfo-9.16.6-12.54.2 libisccc1600-32bit-9.16.6-12.54.2 libisccc1600-32bit-debuginfo-9.16.6-12.54.2 libisccfg1600-32bit-9.16.6-12.54.2 libisccfg1600-32bit-debuginfo-9.16.6-12.54.2 libns1604-32bit-9.16.6-12.54.2 libns1604-32bit-debuginfo-9.16.6-12.54.2 References: https://bugzilla.suse.com/1187921 https://bugzilla.suse.com/1188763

10 months

openSUSE-SU-2021:1211-1: moderate: Security update for 389-ds

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1211-1 Rating: moderate References: #1188455 Cross-References: CVE-2021-3652 CVSS scores: CVE-2021-3652 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for 389-ds fixes the following issues: - Update to version 1.4.3.24 - CVE-2021-3652: Fixed crypt handling of locked accounts. (bsc#1188455) This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1211=1 Package List: - openSUSE Leap 15.2 (x86_64): 389-ds-1.4.3.24~git13.7b705e743-lp152.2.18.1 389-ds-debuginfo-1.4.3.24~git13.7b705e743-lp152.2.18.1 389-ds-debugsource-1.4.3.24~git13.7b705e743-lp152.2.18.1 389-ds-devel-1.4.3.24~git13.7b705e743-lp152.2.18.1 389-ds-snmp-1.4.3.24~git13.7b705e743-lp152.2.18.1 389-ds-snmp-debuginfo-1.4.3.24~git13.7b705e743-lp152.2.18.1 lib389-1.4.3.24~git13.7b705e743-lp152.2.18.1 libsvrcore0-1.4.3.24~git13.7b705e743-lp152.2.18.1 libsvrcore0-debuginfo-1.4.3.24~git13.7b705e743-lp152.2.18.1 References: https://www.suse.com/security/cve/CVE-2021-3652.html https://bugzilla.suse.com/1188455

10 months

openSUSE-RU-2021:2863-1: moderate: Recommended update for python-dbus-python

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for python-dbus-python ______________________________________________________________________________ Announcement ID: openSUSE-RU-2021:2863-1 Rating: moderate References: #1183818 ECO-3589 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for python-dbus-python fixes the following issues: - Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818) - update to 1.2.16: * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present. - Support builds with more than one python3 flavor - Clean duplicate python flavor variables for configure - Version update to version 1.2.14: * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions. * Disable -Winline. * Add clearer license information using SPDX-License-Identifier. * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx. * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag * Silence '-Wcast-function-type' with gcc 8. * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall. * Consistently save and restore the exception indicator when called from C code. - Add missing dependency for pkg-config files - Version update to version 1.2.8: * Python 2.7 required or 3.4 respectively * Upstream dropped epydoc completely - Add dbus-1-python3 package - Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to - When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon - New package: dbus-1-python-devel Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-2863=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-dbus-python-common-devel-1.2.16-6.3.1 python-dbus-python-debuginfo-1.2.16-6.3.1 python-dbus-python-debugsource-1.2.16-6.3.1 python2-dbus-python-1.2.16-6.3.1 python2-dbus-python-debuginfo-1.2.16-6.3.1 python2-dbus-python-devel-1.2.16-6.3.1 python3-dbus-python-1.2.16-6.3.1 python3-dbus-python-debuginfo-1.2.16-6.3.1 python3-dbus-python-devel-1.2.16-6.3.1 References: https://bugzilla.suse.com/1183818

10 months

Jump to page:

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates August 2021