openSUSE Recommended Update: Recommended update for tryton and proteus
______________________________________________________________________________
Announcement ID: openSUSE-RU-2022:0099-1
Rating: low
References: #1193533
Affected Products:
openSUSE Backports SLE-15-SP3
openSUSE Leap 15.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for trytond packages and proteus fixes the following issues:
- trytond_account was updated to version 5.0.23 bugfix release
- trytond was updated to version 5.0.46 bugfix release
- trytond_purchase was updated to version 5.0.11 bugfix release
- proteus was updated to version 5.0.12 bugfix release
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-99=1 openSUSE-SLE-15.3-2022-99=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-99=1
Package List:
- openSUSE Leap 15.3 (noarch):
proteus-5.0.12-lp153.2.3.3
trytond-5.0.46-lp153.2.3.1
trytond_account-5.0.23-lp153.2.3.3
trytond_purchase-5.0.11-lp153.2.3.3
yast2-samba-client-4.3.4-3.6.1
- openSUSE Backports SLE-15-SP3 (noarch):
python2-pydot3-1.0.9-bp153.2.2.1
python2-python-sql-1.1.0-bp153.2.2.1
python3-pydot3-1.0.9-bp153.2.2.1
python3-python-sql-1.1.0-bp153.2.2.1
References:
https://bugzilla.suse.com/1193533
openSUSE Security Update: Security update for fish3
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0096-1
Rating: important
References: #1197139
Cross-References: CVE-2022-20001
CVSS scores:
CVE-2022-20001 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-20001 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for fish3 fixes the following issues:
- CVE-2022-20001: Navigating to a compromised git repository may lead to
arbitrary code execution (bsc#1197139)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-96=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
fish3-3.3.1-bp153.2.10.1
fish3-devel-3.3.1-bp153.2.10.1
References:
https://www.suse.com/security/cve/CVE-2022-20001.htmlhttps://bugzilla.suse.com/1197139
openSUSE Recommended Update: Recommended update for trivy
______________________________________________________________________________
Announcement ID: openSUSE-RU-2022:0101-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
trivy was updated to fix the following issues:
Update to version 0.24.4:
* fix(docker): Getting images without a tag (#1852)
* docs(gitlab-ci): Use environment variables TRIVY_CACHE_DIR and
TRIVY_NO_PROGRESS (#1801)
Update to version 0.24.3:
* chore(issue labels): added new labels (#1839)
* refactor: clarify db update warning messages (#1808)
* chore(ci): change trivy vulnerability scan for every day (#1838)
* feat(helm): make Trivy service name configurable (#1825)
* chore(deps): updated sprig to version v3.2.2. (#1814)
* chore(deps): updated testcontainers-go to version v0.12.0 (#1822)
* docs: add packages.config for .NET (#1823)
* build: sign container image (#1668)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.4.0 to 0.5.0
(#1778)
* docs: fix Installation documentation (#1804)
* fix(report): ensure json report got a final new line (#1797)
* fix(terraform): resolve panics in defsec (#1811)
* feat(docker): Label images based on OCI image spec (#1793)
* fix(helm): indentation for ServiceAccount annotations (#1795)
* fix(hcl): fix panic in hcl2json (#1791)
* chore(helm): remove psp from helm manifest (#1315)
* build: Replace `make protoc` with `for loop` to return an error (#1655)
* fix: ASFF template to match ASFF schema (#1685)
* feat(helm): Add support for server token (#1734)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-101=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 s390x x86_64):
trivy-0.24.4-bp153.5.1
References:
openSUSE Security Update: Security update for python2-numpy
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:1064-1
Rating: moderate
References: #1193907 #1193911 #1193913
Cross-References: CVE-2021-33430 CVE-2021-41495 CVE-2021-41496
CVSS scores:
CVE-2021-33430 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33430 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-41495 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41495 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-41496 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for python2-numpy fixes the following issues:
- CVE-2021-33430: Fixed buffer overflow that could lead to DoS in
PyArray_NewFromDescr_int function of ctors.c (bsc#1193913).
- CVE-2021-41496: Fixed buffer overflow that could lead to DoS in
array_from_pyobj function of fortranobject.c (bsc#1193907).
- CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort due to
missing return value validation (bsc#1193911).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1064=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
python2-numpy-1.16.5-150200.3.5.1
python2-numpy-debuginfo-1.16.5-150200.3.5.1
python2-numpy-debugsource-1.16.5-150200.3.5.1
python2-numpy-devel-1.16.5-150200.3.5.1
- openSUSE Leap 15.3 (aarch64 ppc64le x86_64):
python-numpy_1_16_5-gnu-hpc-debugsource-1.16.5-150200.3.5.1
python2-numpy-gnu-hpc-1.16.5-150200.3.5.1
python2-numpy-gnu-hpc-devel-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-debuginfo-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-devel-1.16.5-150200.3.5.1
References:
https://www.suse.com/security/cve/CVE-2021-33430.htmlhttps://www.suse.com/security/cve/CVE-2021-41495.htmlhttps://www.suse.com/security/cve/CVE-2021-41496.htmlhttps://bugzilla.suse.com/1193907https://bugzilla.suse.com/1193911https://bugzilla.suse.com/1193913
openSUSE Security Update: Security update for kernel-firmware
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:1065-1
Rating: important
References: #1186938 #1188662 #1192953 #1195786 #1196333
Cross-References: CVE-2021-0066 CVE-2021-0071 CVE-2021-0072
CVE-2021-0076 CVE-2021-0161 CVE-2021-0164
CVE-2021-0165 CVE-2021-0166 CVE-2021-0168
CVE-2021-0170 CVE-2021-0172 CVE-2021-0173
CVE-2021-0174 CVE-2021-0175 CVE-2021-0176
CVE-2021-0183 CVE-2021-33139 CVE-2021-33155
CVSS scores:
CVE-2021-0066 (NVD) : 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0066 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0071 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0072 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0072 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0076 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0076 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0161 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0161 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0164 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0164 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0165 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0165 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0166 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0168 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0168 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0170 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0170 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0172 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0172 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0173 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0173 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0174 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0174 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0175 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0175 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0176 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0176 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0183 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-0183 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33139 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33139 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33155 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33155 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
Description:
This update for kernel-firmware fixes the following issues:
Update Intel Wireless firmware for 9xxx (INTEL-SA-00539, bsc#1196333):
CVE-2021-0161: Improper input validation in firmware for Intel
PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow a privileged user to
potentially enable escalation of privilege via local access.
CVE-2021-0164: Improper access control in firmware for Intel
PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user
to potentially enable escalation of privilege via local access.
CVE-2021-0165: Improper input validation in firmware for Intel
PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user
to potentially enable denial of service via adjacent access.
CVE-2021-0066: Improper input validation in firmware for Intel
PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user
to potentially enable escalation of privilege via local access.
CVE-2021-0166: Exposure of Sensitive Information to an Unauthorized Actor
in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may
allow a privileged user to potentially enable escalation of privilege via
local access. CVE-2021-0168: Improper input validation in firmware for
some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a
privileged user to potentially enable escalation of privilege via local
access. CVE-2021-0170: Exposure of Sensitive Information to an
Unauthorized Actor in firmware for some Intel PROSet/Wireless Wi-Fi and
some Killer Wi-Fi may allow an authenticated user to potentially enable
information disclosure via local access. CVE-2021-0172: Improper input
validation in firmware for some Intel PROSet/Wireless Wi-Fi and some
Killer Wi-Fi may allow an unauthenticated user to potentially enable
denial of service via adjacent access. CVE-2021-0173: Improper Validation
of Consistency within input in firmware for some Intel PROSet/Wireless
Wi-Fi and some Killer Wi-Fi may allow a unauthenticated user to
potentially enable denial of service via adjacent access. CVE-2021-0174:
Improper Use of Validation Framework in firmware for some Intel
PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a unauthenticated
user to potentially enable denial of service via adjacent access.
CVE-2021-0175: Improper Validation of Specified Index, Position, or Offset
in Input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer
Wi-Fi may allow an unauthenticated user to potentially enable denial of
service via adjacent access. CVE-2021-0076: Improper Validation of
Specified Index, Position, or Offset in Input in firmware for some Intel
PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to
potentially enable denial of service via local access. CVE-2021-0176:
Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi
and some Killer Wi-Fi may allow a privileged user to potentially enable
denial of service via local access. CVE-2021-0183: Improper Validation of
Specified Index, Position, or Offset in Input in software for some Intel
PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated
user to potentially enable denial of service via adjacent access.
CVE-2021-0072: Improper input validation in firmware for some Intel
PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to
potentially enable information disclosure via local access. CVE-2021-0071:
Improper input validation in firmware for some Intel PROSet/Wireless WiFi
in UEFI may allow an unauthenticated user to potentially enable escalation
of privilege via adjacent access.
Update Intel Bluetooth firmware (INTEL-SA-00604,bsc#1195786):
- CVE-2021-33139: Improper conditions check in firmware for some Intel
Wireless Bluetooth and Killer Bluetooth products before may allow an
authenticated user to potentially enable denial of service via adjacent
access.
- CVE-2021-33155: Improper input validation in firmware for some Intel
Wireless Bluetooth and Killer Bluetooth products before may allow an
authenticated user to potentially enable denial of service via adjacent
access.
Bug fixes:
- Updated the AMD SEV firmware (bsc#1186938)
- Reduced the LZMA2 dictionary size (bsc#1188662)
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1065=1
Package List:
- openSUSE Leap 15.3 (noarch):
kernel-firmware-20210208-150300.4.7.1
kernel-firmware-all-20210208-150300.4.7.1
kernel-firmware-amdgpu-20210208-150300.4.7.1
kernel-firmware-ath10k-20210208-150300.4.7.1
kernel-firmware-ath11k-20210208-150300.4.7.1
kernel-firmware-atheros-20210208-150300.4.7.1
kernel-firmware-bluetooth-20210208-150300.4.7.1
kernel-firmware-bnx2-20210208-150300.4.7.1
kernel-firmware-brcm-20210208-150300.4.7.1
kernel-firmware-chelsio-20210208-150300.4.7.1
kernel-firmware-dpaa2-20210208-150300.4.7.1
kernel-firmware-i915-20210208-150300.4.7.1
kernel-firmware-intel-20210208-150300.4.7.1
kernel-firmware-iwlwifi-20210208-150300.4.7.1
kernel-firmware-liquidio-20210208-150300.4.7.1
kernel-firmware-marvell-20210208-150300.4.7.1
kernel-firmware-media-20210208-150300.4.7.1
kernel-firmware-mediatek-20210208-150300.4.7.1
kernel-firmware-mellanox-20210208-150300.4.7.1
kernel-firmware-mwifiex-20210208-150300.4.7.1
kernel-firmware-network-20210208-150300.4.7.1
kernel-firmware-nfp-20210208-150300.4.7.1
kernel-firmware-nvidia-20210208-150300.4.7.1
kernel-firmware-platform-20210208-150300.4.7.1
kernel-firmware-prestera-20210208-150300.4.7.1
kernel-firmware-qlogic-20210208-150300.4.7.1
kernel-firmware-radeon-20210208-150300.4.7.1
kernel-firmware-realtek-20210208-150300.4.7.1
kernel-firmware-serial-20210208-150300.4.7.1
kernel-firmware-sound-20210208-150300.4.7.1
kernel-firmware-ti-20210208-150300.4.7.1
kernel-firmware-ueagle-20210208-150300.4.7.1
kernel-firmware-usb-network-20210208-150300.4.7.1
ucode-amd-20210208-150300.4.7.1
References:
https://www.suse.com/security/cve/CVE-2021-0066.htmlhttps://www.suse.com/security/cve/CVE-2021-0071.htmlhttps://www.suse.com/security/cve/CVE-2021-0072.htmlhttps://www.suse.com/security/cve/CVE-2021-0076.htmlhttps://www.suse.com/security/cve/CVE-2021-0161.htmlhttps://www.suse.com/security/cve/CVE-2021-0164.htmlhttps://www.suse.com/security/cve/CVE-2021-0165.htmlhttps://www.suse.com/security/cve/CVE-2021-0166.htmlhttps://www.suse.com/security/cve/CVE-2021-0168.htmlhttps://www.suse.com/security/cve/CVE-2021-0170.htmlhttps://www.suse.com/security/cve/CVE-2021-0172.htmlhttps://www.suse.com/security/cve/CVE-2021-0173.htmlhttps://www.suse.com/security/cve/CVE-2021-0174.htmlhttps://www.suse.com/security/cve/CVE-2021-0175.htmlhttps://www.suse.com/security/cve/CVE-2021-0176.htmlhttps://www.suse.com/security/cve/CVE-2021-0183.htmlhttps://www.suse.com/security/cve/CVE-2021-33139.htmlhttps://www.suse.com/security/cve/CVE-2021-33155.htmlhttps://bugzilla.suse.com/1186938https://bugzilla.suse.com/1188662https://bugzilla.suse.com/1192953https://bugzilla.suse.com/1195786https://bugzilla.suse.com/1196333
openSUSE Security Update: Security update for icingaweb2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0097-1
Rating: important
References: #1196911 #1196913
Cross-References: CVE-2022-24714 CVE-2022-24715
CVSS scores:
CVE-2022-24714 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-24715 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24715 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for icingaweb2 fixes the following issues:
icingaweb2 was updated to 2.8.6
This is a security release.
* Security Fixes
- CVE-2022-24715: SSH resources allow arbitrary code execution for
authenticated users (GHSA-v9mv-h52f-7g63 boo#1196911)
- CVE-2022-24714: Unwanted disclosure of hosts and related data, linked to
decommissioned services (GHSA-qcmg-vr56-x9wf boo#1196913)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-97=1
Package List:
- openSUSE Backports SLE-15-SP3 (noarch):
icingacli-2.8.6-bp153.2.3.1
icingaweb2-2.8.6-bp153.2.3.1
icingaweb2-common-2.8.6-bp153.2.3.1
icingaweb2-vendor-HTMLPurifier-2.8.6-bp153.2.3.1
icingaweb2-vendor-JShrink-2.8.6-bp153.2.3.1
icingaweb2-vendor-Parsedown-2.8.6-bp153.2.3.1
icingaweb2-vendor-dompdf-2.8.6-bp153.2.3.1
icingaweb2-vendor-lessphp-2.8.6-bp153.2.3.1
icingaweb2-vendor-zf1-2.8.6-bp153.2.3.1
php-Icinga-2.8.6-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-24714.htmlhttps://www.suse.com/security/cve/CVE-2022-24715.htmlhttps://bugzilla.suse.com/1196911https://bugzilla.suse.com/1196913
openSUSE Recommended Update: Recommended update for mlocate
______________________________________________________________________________
Announcement ID: openSUSE-RU-2022:1066-1
Rating: important
References: #1195144
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for mlocate fixes the following issues:
- Require `apparmor-abstractions`, because `apparmor.service` will fail if
`mlocate` is installed. (bsc#1195144)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-1066=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
mlocate-0.26-150100.7.3.2
mlocate-debuginfo-0.26-150100.7.3.2
mlocate-debugsource-0.26-150100.7.3.2
- openSUSE Leap 15.3 (noarch):
mlocate-lang-0.26-150100.7.3.2
References:
https://bugzilla.suse.com/1195144
openSUSE Security Update: Security update for abcm2ps
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0100-1
Rating: moderate
References: #1197355
Cross-References: CVE-2021-32434 CVE-2021-32435 CVE-2021-32436
CVSS scores:
CVE-2021-32434 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-32435 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-32436 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for abcm2ps fixes the following issues:
Update to 8.14.13:
* fix: don't start/stop slurs above/below decorations
* fix: crash when too many notes in a grace note sequence (#102)
* fix: crash when too big value in M: (#103)
* fix: loop or crash when too big width of y (space) (#104)
* fix: bad font definition with SVG output when spaces in font name
* fix: bad check of note length again (#106)
* fix: handle %%staffscale at the global level (#108)
* fix: bad vertical offset of lyrics when mysic line starts with empty
staves
Update to 8.14.12:
Fixes:
* crash when "%%break 1" and no measure bar in the tune
* crash when duplicated voice ending on %%staves with repeat variant
* crash when voice duplication with symbols without width
* crash or bad output when null value in %%scale
* problem when only bars in 2 voices followed %%staves of the second voice
only
* crash when tuplet error in grace note sequence
* crash when grace note with empty tuplet
* crash when many broken rhythms after a single grace note
* access outside the deco array when error in U:
* crash when !xstem! with no note in the previous voice
* crash on tuplet without any note/rest
* crash when grace notes at end of line and voice overlay
* crash when !trem2! at start of a grace note sequence
* crash when wrong duration in 2 voice overlays and bad ties
* crash when accidental without a note at start of line after K:
(CVE-2021-32435)
* array overflow when wrong duration in voice overlay (CVE-2021-32434,
CVE-2021-32436)
* loss of left margin after first page since previous commit
* no respect of %%leftmargin with -E or -g
* bad placement of chord symbols when in a music line with only invisible
rests
Syntax:
* Accept and remove one or two '%'s at start of all %%beginxxx lines
Generation:
* Move the CSS from XHTML to SVG
Update to 8.14.11:
* fix: error "'staffwidth' too small" when generating sample3.abc
Update to 8.14.10:
* fix: bad glyph when defined by SVG containing 'v' in
* fix: bad check of note length since commit 191fa55
* fix: memory corruption when error in %%staves/%%score
* fix: crash when too big note duration
* fix: crash when staff width too small
Update to 8.14.9:
* fix: bad natural accidental when %%MIDI temperamentequal
Update to 8.14.8:
* fix: no respect the width in %%staffbreak
* fix: don't draw a staff when only %%staffbreak inside
* fix: bad repeat bracket when continued on next line, line starting by a
bar
* fix: bad tuplet bracket again when at end of a voice overlay sequence
* fix: bad tuplet bracket when at end of a voice overlay sequence
* handle '%%MIDI temperamentequal '
* accept '^1' and '_1' as microtone accidentals
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-100=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):
abcm2ps-8.14.13-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2021-32434.htmlhttps://www.suse.com/security/cve/CVE-2021-32435.htmlhttps://www.suse.com/security/cve/CVE-2021-32436.htmlhttps://bugzilla.suse.com/1197355
openSUSE Security Update: Security update for nextcloud
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0098-1
Rating: moderate
References: #1196905 #1196908 #1196952
Cross-References: CVE-2021-41239 CVE-2021-41241 CVE-2021-41741
CVSS scores:
CVE-2021-41239 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-41239 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-41241 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-41241 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for nextcloud fixes the following issues:
nextcloud was updated to 21.0.9:
- CVE-2021-41239 (CWE-200): user enumeration setting not obeyed in User
Status API (boo#1196905)
- CVE-2021-41241 (CWE-863): groupfolders advanced permissions is not
obeyed for subfolders (boo#1196908)
- CVE-2021-41741 (CWE-400): High memory usage for generating preview of
broken image (boo#1196952)
- For more changes see https://nextcloud.com/changelog/#21-0-9
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-98=1
Package List:
- openSUSE Backports SLE-15-SP3 (noarch):
nextcloud-21.0.9-bp153.2.12.1
nextcloud-apache-21.0.9-bp153.2.12.1
References:
https://www.suse.com/security/cve/CVE-2021-41239.htmlhttps://www.suse.com/security/cve/CVE-2021-41241.htmlhttps://www.suse.com/security/cve/CVE-2021-41741.htmlhttps://bugzilla.suse.com/1196905https://bugzilla.suse.com/1196908https://bugzilla.suse.com/1196952
openSUSE Security Update: Security update for openSUSE-build-key
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0095-1
Rating: moderate
References: #1197293
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for openSUSE-build-key fixes the following issues:
- Disabled the SLE11 build key as SLE11 is EOL now, also key was 1024bit
RSA (removed gpg-pubkey-307e3d54-5aaa90a5.asc) Also obsolete old build
key.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-95=1
Package List:
- openSUSE Leap 15.3 (noarch):
openSUSE-build-key-1.0-lp153.4.8.1
References:
https://bugzilla.suse.com/1197293