openSUSE Security Update: Security update for grafana-piechart-panel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1308-1
Rating: moderate
References: #1172125
Cross-References: CVE-2020-13429
CVSS scores:
CVE-2020-13429 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2020-13429 (SUSE): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for grafana-piechart-panel fixes the following issues:
- CVE-2020-13429: Fixed XSS via the Values Header option in the
piechart-panel (bsc#1172125).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1308=1
Package List:
- openSUSE Leap 15.2 (noarch):
grafana-piechart-panel-1.6.1-lp152.2.6.1
References:
https://www.suse.com/security/cve/CVE-2020-13429.htmlhttps://bugzilla.suse.com/1172125
openSUSE Recommended Update: Recommended update for file
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:1307-1
Rating: moderate
References: #1189996
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for file fixes the following issues:
- Fixes exception thrown by memory allocation problem (bsc#1189996)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1307=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
file-5.32-lp152.10.6.1
file-debuginfo-5.32-lp152.10.6.1
file-debugsource-5.32-lp152.10.6.1
file-devel-5.32-lp152.10.6.1
libmagic1-5.32-lp152.10.6.1
libmagic1-debuginfo-5.32-lp152.10.6.1
python2-magic-5.32-lp152.10.6.1
python3-magic-5.32-lp152.10.6.1
- openSUSE Leap 15.2 (x86_64):
file-devel-32bit-5.32-lp152.10.6.1
libmagic1-32bit-5.32-lp152.10.6.1
libmagic1-32bit-debuginfo-5.32-lp152.10.6.1
- openSUSE Leap 15.2 (noarch):
file-magic-5.32-lp152.10.6.1
References:
https://bugzilla.suse.com/1189996
openSUSE Recommended Update: Recommended update for crmsh
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:3226-1
Rating: moderate
References: #1188971 #1189641
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for crmsh fixes the following issues:
- Fix for 'hb_report': Using python way to collect ra trace files.
(bsc#1189641)
- Fix for 'bootstrap': Adjust host list for parallax to get and copy
'known_hosts' file. (bsc#1188971)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3226=1
Package List:
- openSUSE Leap 15.3 (noarch):
crmsh-4.3.1+20210827.4fb174c4-5.65.1
crmsh-scripts-4.3.1+20210827.4fb174c4-5.65.1
crmsh-test-4.3.1+20210827.4fb174c4-5.65.1
References:
https://bugzilla.suse.com/1188971https://bugzilla.suse.com/1189641
openSUSE Recommended Update: Recommended update for apache2-mod_wsgi
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:3221-1
Rating: moderate
References: #1189467
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for apache2-mod_wsgi fixes the following issue:
- Enable installation of Python 'sitelib' wrapper. (bsc#1189467)
- This update will solve a 'DistributionNotFound' error providing the
Python metadata and wrapper for 'mod_wsgi'.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3221=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
apache2-mod_wsgi-4.5.18-4.3.1
apache2-mod_wsgi-debuginfo-4.5.18-4.3.1
apache2-mod_wsgi-debugsource-4.5.18-4.3.1
apache2-mod_wsgi-python3-4.5.18-4.3.1
apache2-mod_wsgi-python3-debuginfo-4.5.18-4.3.1
apache2-mod_wsgi-python3-debugsource-4.5.18-4.3.1
References:
https://bugzilla.suse.com/1189467
openSUSE Recommended Update: Recommended update for shim-susesigned
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:3224-1
Rating: moderate
References: #1177315 #1177789 #1182057 #1184454 #1185232
#1185261 #1185441 #1185464 #1185621 #1185961
#1187260 #1187696
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that has 12 recommended fixes can now be
installed.
Description:
This update for shim-susesigned fixes the following issues:
Sync with Microsoft signed shim to Thu Jul 15 08:13:26 UTC 2021.
This update addresses the "susesigned" shim component.
shim was updated to 15.4 (bsc#1182057)
- console: Move the countdown function to console.c
- fallback: show a countdown menu before reset
- MOK: Fix the missing vendor cert in MokListRT
- mok: fix the mirroring of RT variables
- Add the license change statement for errlog.c and mok.c
- Remove a couple of incorrect license claims.
- MokManager: Use CompareMem on MokListNode.Type instead of CompareGuid
- Make EFI variable copying fatal only on secureboot enabled systems
- Remove call to TPM2 get_event_log
- tpm: Fix off-by-one error when calculating event size
- tpm: Define EFI_VARIABLE_DATA_TREE as packed
- tpm: Don't log duplicate identical events
- VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls
- OpenSSL: always provide OBJ_create() with name strings.
- translate_slashes(): don't write to string literals
- Fix a use of strlen() instead of Strlen()
- shim: Update EFI_LOADED_IMAGE with the second stage loader file path
- tpm: Include information about PE/COFF images in the TPM Event Log
- Fix a broken tpm type
- All newly released openSUSE kernels enable kernel lockdown and signature
verification, so there is no need to add the prompt anymore.
- Fix the NULL pointer dereference in AuthenticodeVerify()
- Remove the build ID to make the binary reproducible when building with
AArch64 container
- Prevent the build id being added to the binary. That can cause issues
with the signature
- Allocate MOK config table as BootServicesData to avoid the error message
from linux kernel
- Handle ignore_db and user_insecure_mode correctly (bsc#1185441)
- Relax the maximum variable size check for u-boot
- Relax the check for import_mok_state() when Secure Boot is off
- Relax the check for the LoadOptions length
- Fix the size of rela* sections for AArch64
- Disable exporting vendor-dbx to MokListXRT
- Don't call QueryVariableInfo() on EFI 1.10 machines
- Avoid buffer overflow when copying the MOK config table
- Avoid deleting the mirrored RT variables
- Update to 15.3 for SBAT support (bsc#1182057)
- Generate vender-specific SBAT metadata
- Rename the SBAT variable and fix the self-check of SBAT
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size
of MokListXRT (bsc#1185261)
- shim-install: reset def_shim_efi to "shim.efi" if the given file doesn't
exist
- shim-install: instead of assuming "removable" for Azure, remove
fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot to make
\EFI\Boot bootable and keep the boot option created by efibootmgr
(bsc#1185464, bsc#1185961)
- shim-install: always assume "removable" for Azure to avoid the endless
reset loop (bsc#1185464)
- shim-install: Support changing default shim efi binary in
/usr/etc/default/shim and /etc/default/shim (bsc#1177315)
- Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign
keys:
+ SLES-UEFI-SIGN-Certificate-2020-07.crt
+ openSUSE-UEFI-SIGN-Certificate-2020-07.crt
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3224=1
Package List:
- openSUSE Leap 15.3 (x86_64):
shim-susesigned-15.4-3.10.1
References:
https://bugzilla.suse.com/1177315https://bugzilla.suse.com/1177789https://bugzilla.suse.com/1182057https://bugzilla.suse.com/1184454https://bugzilla.suse.com/1185232https://bugzilla.suse.com/1185261https://bugzilla.suse.com/1185441https://bugzilla.suse.com/1185464https://bugzilla.suse.com/1185621https://bugzilla.suse.com/1185961https://bugzilla.suse.com/1187260https://bugzilla.suse.com/1187696
openSUSE Recommended Update: Recommended update for gnome-shell-extensions
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:3223-1
Rating: moderate
References: #1190016 SLE-20311
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that has one recommended fix and contains one
feature can now be installed.
Description:
This update for gnome-shell-extensions fixes the following issues:
- Add gnome-shell-extensions-common as dependency (bsc#1190016
jsc#SLE-20311).
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3223=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
gnome-shell-classic-session-3.34.2-5.12.1
gnome-shell-extension-user-theme-3.34.2-5.12.1
- openSUSE Leap 15.3 (noarch):
gnome-shell-classic-3.34.2-5.12.1
gnome-shell-extensions-common-3.34.2-5.12.1
gnome-shell-extensions-common-lang-3.34.2-5.12.1
References:
https://bugzilla.suse.com/1190016
openSUSE Recommended Update: Recommended update for kglobalaccel
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:3220-1
Rating: moderate
References: #1178488
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for kglobalaccel fixes the following issues:
- Refuse app. to start with wrong uid (bsc#1178488).
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3220=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
kglobalaccel-debugsource-5.76.0-3.6.1
kglobalaccel-devel-5.76.0-3.6.1
kglobalaccel5-5.76.0-3.6.1
kglobalaccel5-debuginfo-5.76.0-3.6.1
libKF5GlobalAccel5-5.76.0-3.6.1
libKF5GlobalAccel5-debuginfo-5.76.0-3.6.1
libKF5GlobalAccelPrivate5-5.76.0-3.6.1
libKF5GlobalAccelPrivate5-debuginfo-5.76.0-3.6.1
- openSUSE Leap 15.3 (x86_64):
kglobalaccel-devel-32bit-5.76.0-3.6.1
libKF5GlobalAccel5-32bit-5.76.0-3.6.1
libKF5GlobalAccel5-32bit-debuginfo-5.76.0-3.6.1
- openSUSE Leap 15.3 (noarch):
libKF5GlobalAccel5-lang-5.76.0-3.6.1
References:
https://bugzilla.suse.com/1178488
openSUSE Recommended Update: Recommended update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:1304-1
Rating: moderate
References: #1170823 #1181223 #1188042 #1188846
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that has four recommended fixes can now be
installed.
Description:
This update fixes the following issues:
dracut-saltboot:
- Fix dependencies of python libs (bsc#1188846)
koan:
- Only recommend 'virt-install' to unbreak scenarios where it is not
available in the enabled modules of the system
- The xend functionality is not expected to work since this the underlying
tool was removed
- Python 2 compatibility was fully removed
- Add support for EFI reinstallation of a client (bsc#1170823)
mgr-daemon:
- Update translation strings
spacecmd:
- Update translation strings
- Make schedule_deletearchived to get all actions without display limit
- Allow passing a date limit for 'schedule_deletearchived' on 'spacecmd'
(bsc#1181223)
- Use correct API endpoint in 'list_proxies' (bsc#1188042)
- Add schedule_deletearchived to bulk delete archived actions (bsc#1181223)
spacewalk-client-tools:
- Update translation strings
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1304=1
Package List:
- openSUSE Leap 15.2 (noarch):
dracut-saltboot-0.1.1628156312.dbd0dec-lp152.2.29.1
References:
https://bugzilla.suse.com/1170823https://bugzilla.suse.com/1181223https://bugzilla.suse.com/1188042https://bugzilla.suse.com/1188846