openSUSE Updates March 2022

updates@lists.opensuse.org

2 participants
206 discussions

openSUSE-RU-2022:0099-1: Recommended update for tryton and proteus

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for tryton and proteus ______________________________________________________________________________ Announcement ID: openSUSE-RU-2022:0099-1 Rating: low References: #1193533 Affected Products: openSUSE Backports SLE-15-SP3 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for trytond packages and proteus fixes the following issues: - trytond_account was updated to version 5.0.23 bugfix release - trytond was updated to version 5.0.46 bugfix release - trytond_purchase was updated to version 5.0.11 bugfix release - proteus was updated to version 5.0.12 bugfix release Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-2022-99=1 openSUSE-SLE-15.3-2022-99=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-99=1 Package List: - openSUSE Leap 15.3 (noarch): proteus-5.0.12-lp153.2.3.3 trytond-5.0.46-lp153.2.3.1 trytond_account-5.0.23-lp153.2.3.3 trytond_purchase-5.0.11-lp153.2.3.3 yast2-samba-client-4.3.4-3.6.1 - openSUSE Backports SLE-15-SP3 (noarch): python2-pydot3-1.0.9-bp153.2.2.1 python2-python-sql-1.1.0-bp153.2.2.1 python3-pydot3-1.0.9-bp153.2.2.1 python3-python-sql-1.1.0-bp153.2.2.1 References: https://bugzilla.suse.com/1193533

2 months, 3 weeks

openSUSE-SU-2022:0096-1: important: Security update for fish3

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for fish3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0096-1 Rating: important References: #1197139 Cross-References: CVE-2022-20001 CVSS scores: CVE-2022-20001 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-20001 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for fish3 fixes the following issues: - CVE-2022-20001: Navigating to a compromised git repository may lead to arbitrary code execution (bsc#1197139) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-96=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): fish3-3.3.1-bp153.2.10.1 fish3-devel-3.3.1-bp153.2.10.1 References: https://www.suse.com/security/cve/CVE-2022-20001.html https://bugzilla.suse.com/1197139

2 months, 3 weeks

openSUSE-RU-2022:0101-1: moderate: Recommended update for trivy

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for trivy ______________________________________________________________________________ Announcement ID: openSUSE-RU-2022:0101-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: trivy was updated to fix the following issues: Update to version 0.24.4: * fix(docker): Getting images without a tag (#1852) * docs(gitlab-ci): Use environment variables TRIVY_CACHE_DIR and TRIVY_NO_PROGRESS (#1801) Update to version 0.24.3: * chore(issue labels): added new labels (#1839) * refactor: clarify db update warning messages (#1808) * chore(ci): change trivy vulnerability scan for every day (#1838) * feat(helm): make Trivy service name configurable (#1825) * chore(deps): updated sprig to version v3.2.2. (#1814) * chore(deps): updated testcontainers-go to version v0.12.0 (#1822) * docs: add packages.config for .NET (#1823) * build: sign container image (#1668) * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.4.0 to 0.5.0 (#1778) * docs: fix Installation documentation (#1804) * fix(report): ensure json report got a final new line (#1797) * fix(terraform): resolve panics in defsec (#1811) * feat(docker): Label images based on OCI image spec (#1793) * fix(helm): indentation for ServiceAccount annotations (#1795) * fix(hcl): fix panic in hcl2json (#1791) * chore(helm): remove psp from helm manifest (#1315) * build: Replace `make protoc` with `for loop` to return an error (#1655) * fix: ASFF template to match ASFF schema (#1685) * feat(helm): Add support for server token (#1734) Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-101=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 s390x x86_64): trivy-0.24.4-bp153.5.1 References:

2 months, 3 weeks

openSUSE-SU-2022:1064-1: moderate: Security update for python2-numpy

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for python2-numpy ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:1064-1 Rating: moderate References: #1193907 #1193911 #1193913 Cross-References: CVE-2021-33430 CVE-2021-41495 CVE-2021-41496 CVSS scores: CVE-2021-33430 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33430 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-41495 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-41495 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-41496 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-41496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python2-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). - CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort due to missing return value validation (bsc#1193911). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1064=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python2-numpy-1.16.5-150200.3.5.1 python2-numpy-debuginfo-1.16.5-150200.3.5.1 python2-numpy-debugsource-1.16.5-150200.3.5.1 python2-numpy-devel-1.16.5-150200.3.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): python-numpy_1_16_5-gnu-hpc-debugsource-1.16.5-150200.3.5.1 python2-numpy-gnu-hpc-1.16.5-150200.3.5.1 python2-numpy-gnu-hpc-devel-1.16.5-150200.3.5.1 python2-numpy_1_16_5-gnu-hpc-1.16.5-150200.3.5.1 python2-numpy_1_16_5-gnu-hpc-debuginfo-1.16.5-150200.3.5.1 python2-numpy_1_16_5-gnu-hpc-devel-1.16.5-150200.3.5.1 References: https://www.suse.com/security/cve/CVE-2021-33430.html https://www.suse.com/security/cve/CVE-2021-41495.html https://www.suse.com/security/cve/CVE-2021-41496.html https://bugzilla.suse.com/1193907 https://bugzilla.suse.com/1193911 https://bugzilla.suse.com/1193913

2 months, 3 weeks

openSUSE-SU-2022:1065-1: important: Security update for kernel-firmware

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for kernel-firmware ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:1065-1 Rating: important References: #1186938 #1188662 #1192953 #1195786 #1196333 Cross-References: CVE-2021-0066 CVE-2021-0071 CVE-2021-0072 CVE-2021-0076 CVE-2021-0161 CVE-2021-0164 CVE-2021-0165 CVE-2021-0166 CVE-2021-0168 CVE-2021-0170 CVE-2021-0172 CVE-2021-0173 CVE-2021-0174 CVE-2021-0175 CVE-2021-0176 CVE-2021-0183 CVE-2021-33139 CVE-2021-33155 CVSS scores: CVE-2021-0066 (NVD) : 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0066 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0071 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-0072 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0072 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0076 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-0076 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-0161 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0161 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0164 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0164 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0165 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0165 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0166 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0168 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0168 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0170 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0170 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0172 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0172 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0173 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0173 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0174 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0174 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0175 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0175 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0176 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-0176 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-0183 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-0183 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33139 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33139 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33155 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33155 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 18 vulnerabilities is now available. Description: This update for kernel-firmware fixes the following issues: Update Intel Wireless firmware for 9xxx (INTEL-SA-00539, bsc#1196333): CVE-2021-0161: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0164: Improper access control in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access. CVE-2021-0165: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0066: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access. CVE-2021-0166: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0168: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2021-0170: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an authenticated user to potentially enable information disclosure via local access. CVE-2021-0172: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0173: Improper Validation of Consistency within input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0174: Improper Use of Validation Framework in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0175: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0076: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable denial of service via local access. CVE-2021-0176: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable denial of service via local access. CVE-2021-0183: Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access. CVE-2021-0072: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable information disclosure via local access. CVE-2021-0071: Improper input validation in firmware for some Intel PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Update Intel Bluetooth firmware (INTEL-SA-00604,bsc#1195786): - CVE-2021-33139: Improper conditions check in firmware for some Intel Wireless Bluetooth and Killer Bluetooth products before may allow an authenticated user to potentially enable denial of service via adjacent access. - CVE-2021-33155: Improper input validation in firmware for some Intel Wireless Bluetooth and Killer Bluetooth products before may allow an authenticated user to potentially enable denial of service via adjacent access. Bug fixes: - Updated the AMD SEV firmware (bsc#1186938) - Reduced the LZMA2 dictionary size (bsc#1188662) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1065=1 Package List: - openSUSE Leap 15.3 (noarch): kernel-firmware-20210208-150300.4.7.1 kernel-firmware-all-20210208-150300.4.7.1 kernel-firmware-amdgpu-20210208-150300.4.7.1 kernel-firmware-ath10k-20210208-150300.4.7.1 kernel-firmware-ath11k-20210208-150300.4.7.1 kernel-firmware-atheros-20210208-150300.4.7.1 kernel-firmware-bluetooth-20210208-150300.4.7.1 kernel-firmware-bnx2-20210208-150300.4.7.1 kernel-firmware-brcm-20210208-150300.4.7.1 kernel-firmware-chelsio-20210208-150300.4.7.1 kernel-firmware-dpaa2-20210208-150300.4.7.1 kernel-firmware-i915-20210208-150300.4.7.1 kernel-firmware-intel-20210208-150300.4.7.1 kernel-firmware-iwlwifi-20210208-150300.4.7.1 kernel-firmware-liquidio-20210208-150300.4.7.1 kernel-firmware-marvell-20210208-150300.4.7.1 kernel-firmware-media-20210208-150300.4.7.1 kernel-firmware-mediatek-20210208-150300.4.7.1 kernel-firmware-mellanox-20210208-150300.4.7.1 kernel-firmware-mwifiex-20210208-150300.4.7.1 kernel-firmware-network-20210208-150300.4.7.1 kernel-firmware-nfp-20210208-150300.4.7.1 kernel-firmware-nvidia-20210208-150300.4.7.1 kernel-firmware-platform-20210208-150300.4.7.1 kernel-firmware-prestera-20210208-150300.4.7.1 kernel-firmware-qlogic-20210208-150300.4.7.1 kernel-firmware-radeon-20210208-150300.4.7.1 kernel-firmware-realtek-20210208-150300.4.7.1 kernel-firmware-serial-20210208-150300.4.7.1 kernel-firmware-sound-20210208-150300.4.7.1 kernel-firmware-ti-20210208-150300.4.7.1 kernel-firmware-ueagle-20210208-150300.4.7.1 kernel-firmware-usb-network-20210208-150300.4.7.1 ucode-amd-20210208-150300.4.7.1 References: https://www.suse.com/security/cve/CVE-2021-0066.html https://www.suse.com/security/cve/CVE-2021-0071.html https://www.suse.com/security/cve/CVE-2021-0072.html https://www.suse.com/security/cve/CVE-2021-0076.html https://www.suse.com/security/cve/CVE-2021-0161.html https://www.suse.com/security/cve/CVE-2021-0164.html https://www.suse.com/security/cve/CVE-2021-0165.html https://www.suse.com/security/cve/CVE-2021-0166.html https://www.suse.com/security/cve/CVE-2021-0168.html https://www.suse.com/security/cve/CVE-2021-0170.html https://www.suse.com/security/cve/CVE-2021-0172.html https://www.suse.com/security/cve/CVE-2021-0173.html https://www.suse.com/security/cve/CVE-2021-0174.html https://www.suse.com/security/cve/CVE-2021-0175.html https://www.suse.com/security/cve/CVE-2021-0176.html https://www.suse.com/security/cve/CVE-2021-0183.html https://www.suse.com/security/cve/CVE-2021-33139.html https://www.suse.com/security/cve/CVE-2021-33155.html https://bugzilla.suse.com/1186938 https://bugzilla.suse.com/1188662 https://bugzilla.suse.com/1192953 https://bugzilla.suse.com/1195786 https://bugzilla.suse.com/1196333

2 months, 3 weeks

openSUSE-SU-2022:0097-1: important: Security update for icingaweb2

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for icingaweb2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0097-1 Rating: important References: #1196911 #1196913 Cross-References: CVE-2022-24714 CVE-2022-24715 CVSS scores: CVE-2022-24714 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-24715 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24715 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for icingaweb2 fixes the following issues: icingaweb2 was updated to 2.8.6 This is a security release. * Security Fixes - CVE-2022-24715: SSH resources allow arbitrary code execution for authenticated users (GHSA-v9mv-h52f-7g63 boo#1196911) - CVE-2022-24714: Unwanted disclosure of hosts and related data, linked to decommissioned services (GHSA-qcmg-vr56-x9wf boo#1196913) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-97=1 Package List: - openSUSE Backports SLE-15-SP3 (noarch): icingacli-2.8.6-bp153.2.3.1 icingaweb2-2.8.6-bp153.2.3.1 icingaweb2-common-2.8.6-bp153.2.3.1 icingaweb2-vendor-HTMLPurifier-2.8.6-bp153.2.3.1 icingaweb2-vendor-JShrink-2.8.6-bp153.2.3.1 icingaweb2-vendor-Parsedown-2.8.6-bp153.2.3.1 icingaweb2-vendor-dompdf-2.8.6-bp153.2.3.1 icingaweb2-vendor-lessphp-2.8.6-bp153.2.3.1 icingaweb2-vendor-zf1-2.8.6-bp153.2.3.1 php-Icinga-2.8.6-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-24714.html https://www.suse.com/security/cve/CVE-2022-24715.html https://bugzilla.suse.com/1196911 https://bugzilla.suse.com/1196913

2 months, 3 weeks

openSUSE-RU-2022:1066-1: important: Recommended update for mlocate

by maintenance＠opensuse.org

openSUSE Recommended Update: Recommended update for mlocate ______________________________________________________________________________ Announcement ID: openSUSE-RU-2022:1066-1 Rating: important References: #1195144 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mlocate fixes the following issues: - Require `apparmor-abstractions`, because `apparmor.service` will fail if `mlocate` is installed. (bsc#1195144) Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1066=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): mlocate-0.26-150100.7.3.2 mlocate-debuginfo-0.26-150100.7.3.2 mlocate-debugsource-0.26-150100.7.3.2 - openSUSE Leap 15.3 (noarch): mlocate-lang-0.26-150100.7.3.2 References: https://bugzilla.suse.com/1195144

2 months, 3 weeks

openSUSE-SU-2022:0100-1: moderate: Security update for abcm2ps

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for abcm2ps ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0100-1 Rating: moderate References: #1197355 Cross-References: CVE-2021-32434 CVE-2021-32435 CVE-2021-32436 CVSS scores: CVE-2021-32434 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32435 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-32436 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for abcm2ps fixes the following issues: Update to 8.14.13: * fix: don't start/stop slurs above/below decorations * fix: crash when too many notes in a grace note sequence (#102) * fix: crash when too big value in M: (#103) * fix: loop or crash when too big width of y (space) (#104) * fix: bad font definition with SVG output when spaces in font name * fix: bad check of note length again (#106) * fix: handle %%staffscale at the global level (#108) * fix: bad vertical offset of lyrics when mysic line starts with empty staves Update to 8.14.12: Fixes: * crash when "%%break 1" and no measure bar in the tune * crash when duplicated voice ending on %%staves with repeat variant * crash when voice duplication with symbols without width * crash or bad output when null value in %%scale * problem when only bars in 2 voices followed %%staves of the second voice only * crash when tuplet error in grace note sequence * crash when grace note with empty tuplet * crash when many broken rhythms after a single grace note * access outside the deco array when error in U: * crash when !xstem! with no note in the previous voice * crash on tuplet without any note/rest * crash when grace notes at end of line and voice overlay * crash when !trem2! at start of a grace note sequence * crash when wrong duration in 2 voice overlays and bad ties * crash when accidental without a note at start of line after K: (CVE-2021-32435) * array overflow when wrong duration in voice overlay (CVE-2021-32434, CVE-2021-32436) * loss of left margin after first page since previous commit * no respect of %%leftmargin with -E or -g * bad placement of chord symbols when in a music line with only invisible rests Syntax: * Accept and remove one or two '%'s at start of all %%beginxxx lines Generation: * Move the CSS from XHTML to SVG Update to 8.14.11: * fix: error "'staffwidth' too small" when generating sample3.abc Update to 8.14.10: * fix: bad glyph when defined by SVG containing 'v' in * fix: bad check of note length since commit 191fa55 * fix: memory corruption when error in %%staves/%%score * fix: crash when too big note duration * fix: crash when staff width too small Update to 8.14.9: * fix: bad natural accidental when %%MIDI temperamentequal Update to 8.14.8: * fix: no respect the width in %%staffbreak * fix: don't draw a staff when only %%staffbreak inside * fix: bad repeat bracket when continued on next line, line starting by a bar * fix: bad tuplet bracket again when at end of a voice overlay sequence * fix: bad tuplet bracket when at end of a voice overlay sequence * handle '%%MIDI temperamentequal ' * accept '^1' and '_1' as microtone accidentals Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-100=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): abcm2ps-8.14.13-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2021-32434.html https://www.suse.com/security/cve/CVE-2021-32435.html https://www.suse.com/security/cve/CVE-2021-32436.html https://bugzilla.suse.com/1197355

2 months, 3 weeks

openSUSE-SU-2022:0098-1: moderate: Security update for nextcloud

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for nextcloud ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0098-1 Rating: moderate References: #1196905 #1196908 #1196952 Cross-References: CVE-2021-41239 CVE-2021-41241 CVE-2021-41741 CVSS scores: CVE-2021-41239 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-41239 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-41241 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-41241 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nextcloud fixes the following issues: nextcloud was updated to 21.0.9: - CVE-2021-41239 (CWE-200): user enumeration setting not obeyed in User Status API (boo#1196905) - CVE-2021-41241 (CWE-863): groupfolders advanced permissions is not obeyed for subfolders (boo#1196908) - CVE-2021-41741 (CWE-400): High memory usage for generating preview of broken image (boo#1196952) - For more changes see https://nextcloud.com/changelog/#21-0-9 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-98=1 Package List: - openSUSE Backports SLE-15-SP3 (noarch): nextcloud-21.0.9-bp153.2.12.1 nextcloud-apache-21.0.9-bp153.2.12.1 References: https://www.suse.com/security/cve/CVE-2021-41239.html https://www.suse.com/security/cve/CVE-2021-41241.html https://www.suse.com/security/cve/CVE-2021-41741.html https://bugzilla.suse.com/1196905 https://bugzilla.suse.com/1196908 https://bugzilla.suse.com/1196952

2 months, 3 weeks

openSUSE-SU-2022:0095-1: moderate: Security update for openSUSE-build-key

by opensuse-security＠opensuse.org

openSUSE Security Update: Security update for openSUSE-build-key ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0095-1 Rating: moderate References: #1197293 Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for openSUSE-build-key fixes the following issues: - Disabled the SLE11 build key as SLE11 is EOL now, also key was 1024bit RSA (removed gpg-pubkey-307e3d54-5aaa90a5.asc) Also obsolete old build key. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-2022-95=1 Package List: - openSUSE Leap 15.3 (noarch): openSUSE-build-key-1.0-lp153.4.8.1 References: https://bugzilla.suse.com/1197293

2 months, 3 weeks

Jump to page:

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

openSUSE Updates March 2022