openSUSE Recommended Update: Recommended update for lxc
______________________________________________________________________________
Announcement ID: openSUSE-RU-2022:10037-1
Rating: moderate
References: #1199963
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for lxc fixes the following issue:
- Always build with seccomp support on every architecture. (boo#1199963)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-10037=1
Package List:
- openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64):
liblxc-devel-4.0.12-lp153.2.6.1
liblxc1-4.0.12-lp153.2.6.1
liblxc1-debuginfo-4.0.12-lp153.2.6.1
lxc-4.0.12-lp153.2.6.1
lxc-debuginfo-4.0.12-lp153.2.6.1
lxc-debugsource-4.0.12-lp153.2.6.1
pam_cgfs-4.0.12-lp153.2.6.1
pam_cgfs-debuginfo-4.0.12-lp153.2.6.1
- openSUSE Leap 15.3 (noarch):
lxc-bash-completion-4.0.12-lp153.2.6.1
References:
https://bugzilla.suse.com/1199963
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10035-1
Rating: important
References: #1200783
Cross-References: CVE-2022-2156 CVE-2022-2157 CVE-2022-2158
CVE-2022-2160 CVE-2022-2161 CVE-2022-2162
CVE-2022-2163 CVE-2022-2164 CVE-2022-2165
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 103.0.5060.53 (boo#1200783)
* CVE-2022-2156: Use after free in Base
* CVE-2022-2157: Use after free in Interest groups
* CVE-2022-2158: Type Confusion in V8
* CVE-2022-2160: Insufficient policy enforcement in DevTools
* CVE-2022-2161: Use after free in WebApp Provider
* CVE-2022-2162: Insufficient policy enforcement in File System API
* CVE-2022-2163: Use after free in Cast UI and Toolbar
* CVE-2022-2164: Inappropriate implementation in Extensions API
* CVE-2022-2165: Insufficient data validation in URL formatting
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10035=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 x86_64):
chromedriver-103.0.5060.53-bp154.2.11.1
chromium-103.0.5060.53-bp154.2.11.1
References:
https://www.suse.com/security/cve/CVE-2022-2156.htmlhttps://www.suse.com/security/cve/CVE-2022-2157.htmlhttps://www.suse.com/security/cve/CVE-2022-2158.htmlhttps://www.suse.com/security/cve/CVE-2022-2160.htmlhttps://www.suse.com/security/cve/CVE-2022-2161.htmlhttps://www.suse.com/security/cve/CVE-2022-2162.htmlhttps://www.suse.com/security/cve/CVE-2022-2163.htmlhttps://www.suse.com/security/cve/CVE-2022-2164.htmlhttps://www.suse.com/security/cve/CVE-2022-2165.htmlhttps://bugzilla.suse.com/1200783
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10036-1
Rating: important
References: #1200783
Cross-References: CVE-2022-2156 CVE-2022-2157 CVE-2022-2158
CVE-2022-2160 CVE-2022-2161 CVE-2022-2162
CVE-2022-2163 CVE-2022-2164 CVE-2022-2165
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 103.0.5060.53 (boo#1200783)
* CVE-2022-2156: Use after free in Base
* CVE-2022-2157: Use after free in Interest groups
* CVE-2022-2158: Type Confusion in V8
* CVE-2022-2160: Insufficient policy enforcement in DevTools
* CVE-2022-2161: Use after free in WebApp Provider
* CVE-2022-2162: Insufficient policy enforcement in File System API
* CVE-2022-2163: Use after free in Cast UI and Toolbar
* CVE-2022-2164: Inappropriate implementation in Extensions API
* CVE-2022-2165: Insufficient data validation in URL formatting
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10036=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-103.0.5060.53-bp153.2.104.1
chromium-103.0.5060.53-bp153.2.104.1
References:
https://www.suse.com/security/cve/CVE-2022-2156.htmlhttps://www.suse.com/security/cve/CVE-2022-2157.htmlhttps://www.suse.com/security/cve/CVE-2022-2158.htmlhttps://www.suse.com/security/cve/CVE-2022-2160.htmlhttps://www.suse.com/security/cve/CVE-2022-2161.htmlhttps://www.suse.com/security/cve/CVE-2022-2162.htmlhttps://www.suse.com/security/cve/CVE-2022-2163.htmlhttps://www.suse.com/security/cve/CVE-2022-2164.htmlhttps://www.suse.com/security/cve/CVE-2022-2165.htmlhttps://bugzilla.suse.com/1200783
openSUSE Recommended Update: Recommended update for amarok
______________________________________________________________________________
Announcement ID: openSUSE-RU-2022:10034-1
Rating: moderate
References: #1200767
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for amarok fixes the following issues:
- Add patch to make amarok activatable under GNOME (boo#1200767)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10034=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
amarok-2.9.70git.20201222T022603~89d13c15ad-bp153.2.3.1
- openSUSE Backports SLE-15-SP3 (noarch):
amarok-lang-2.9.70git.20201222T022603~89d13c15ad-bp153.2.3.1
References:
https://bugzilla.suse.com/1200767
openSUSE Recommended Update: Recommended update for elinks
______________________________________________________________________________
Announcement ID: openSUSE-RU-2022:10033-1
Rating: moderate
References: #1082814
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for elinks fixes the following issues:
Update to elinks 20190723 snapshot of version 0.13.
Update to version 0.13:
* parse_header: document parameters and return value
* doxygen: Fix link to bookmark::url
* use draw_text for titles
* iconv: Bail out of the loop when an illegal sequence of bytes occur
* Add support for the CSS list-style-type property
* Fixed problem of converting more than 256 chars
* mem_free_if where aplicable
* ssl: Make RAND_egd optional
* Better handling of content-disposition
* display lua hooks errors
* brotli code updated
* Use blacklist to skip verification of certificates
* various code cleanup
* -VERS-SSL3.0 in gnutls to avoid SSL error.
* 1024: Verify server certificate hostname with OpenSSL (boo#1082814)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-10033=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64):
elinks-0.13~0.20190723-bp153.2.3.1
References:
https://www.suse.com/security/cve/CVE-2012-6709.htmlhttps://bugzilla.suse.com/1082814
SUSE Security Update: Security update for rubygem-rack
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2192-1
Rating: critical
References: #1200748 #1200750
Cross-References: CVE-2022-30122 CVE-2022-30123
CVSS scores:
CVE-2022-30122 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-30123 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Availability 15-SP2
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for rubygem-rack fixes the following issues:
- CVE-2022-30122: Fixed crafted multipart POST request may cause a DoS
(bsc#1200748)
- CVE-2022-30123: Fixed crafted requests can cause shell escape sequences
(bsc#1200750)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2192=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2192=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2192=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2192=1
- SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2192=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2192=1
- SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2022-2192=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1
ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
ruby2.5-rubygem-rack-doc-2.0.8-150000.3.6.1
ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
- SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-30122.htmlhttps://www.suse.com/security/cve/CVE-2022-30123.htmlhttps://bugzilla.suse.com/1200748https://bugzilla.suse.com/1200750
openSUSE Security Update: Security update for wdiff
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10031-1
Rating: moderate
References:
Cross-References: CVE-2012-3386
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for wdiff fixes the following issues:
This update ships wdiff.
Updated to 1.2.2:
* Updated Vietnamese, Swedish, Estonian, Chinese (traditional),
Brazilian Portuguese and Russian translations.
* Updated gnulib.
* Used more recent autotools: autoconf 2.69 and automake 1.14.1.
updated to 1.2.1:
* Added Esperanto translation.
* Updated Czech, German, Spanish, Finnish, Galician, Italian, Dutch,
Polish, Slovenian, Serbian, Swedish, Ukrainian and Vietnamese
translations.
* Updated gnulib.
* Recreated build system using recent versions of autotools. This will
avoid security issues in "make distcheck" target. (CVE-2012-3386)
updated to 1.1.2:
* Backport gnulib change to deal with removal of gets function. This is
a build-time-only fix. (Mentioned in Fedora bug #821791)
* Added Serbian translation.
* Updated Danish and Vietnamese translations.
* Work around a bug in the formatting of the man page. (Debian bug
#669340)
* Updated Czech, German, Spanish, Finnish, Dutch, Polish, Slovenian,
Swedish and Ukrainian translations.
* Fix several issue with the use of screen in the test suite.
* Allow WDIFF_PAGER to override PAGER environment variable.
* Do not autodetect less, so we don't auto-enable less-mode. This should
improve things for UTF8 text. (Savannah bug #34224) Less-mode is
considered deprecated, as it isn't fit for multi-byte encodings.
Nevertheless it can still be enabled on the command line.
* Introduces use of ngettext to allow correct handling of plural forms
updated to 1.0.1:
* Updated Polish, Ukrainian, Slovenian, Dutch, Finnish, Swedish and
Czech translations
* Changed major version to 1 to reflect maturity of the package
* Updated Dutch, French, Danish and Slovenian translations
* Added Ukrainian translation
* Improved error reporting in case a child process has problems
* Added tests to the test suite
* Updated gnulib
updated to 0.6.5:
* Never initialize or deinitialize terminals, as we do no cursor movement
* Deprecated --no-init-term (-K) command line option
* Avoid relative path in man pages
* Updated gnulib, might be particularly important for uClibc users
updated to 0.6.4:
* Updated Catalan translations
* Updated gnulib
update to 0.6.3:
* `wdiff -d' to read input from single unified diff, perhaps stdin.
* Updated texinfo documentation taking experimental switch into account.
* Experimental programs (mdiff & friends) and a configure switch
--enable-experimental to control them.
* Recent imports from gnulib, use of recent autotools.
* Improved autodetection of termcap library like ncurses.
* Reformatted translations, still a number of fuzzy translations.
* Changed from CVS to bzr for source code version control.
* Various bug fixes. See ChangeLog for a more exhaustive list.
* Introduce --with-default-pager=PAGER configure switch.
* Fix missing newline in info dir entry list.
* Fix shell syntax in configure script
* Updated gnulib and gettext, the latter to 0.18
* Updated Dutch translation
* Fixed a number of portability issues reported by maint.mk syntax checks
* Updated Italian and Swedish translations
* Updated gnulib
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10031=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
wdiff-1.2.2-bp154.2.1
- openSUSE Backports SLE-15-SP4 (noarch):
wdiff-lang-1.2.2-bp154.2.1
References:
https://www.suse.com/security/cve/CVE-2012-3386.html
openSUSE Security Update: Security update for dbus-broker
______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:10030-1
Rating: moderate
References: #1200332 #1200333
Cross-References: CVE-2022-31212 CVE-2022-31213
CVSS scores:
CVE-2022-31212 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVE-2022-31213 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for dbus-broker fixes the following issues:
- CVE-2022-31212: Fix a stack buffer over-read in bundled c-shquote
(boo#1200332)
- CVE-2022-31213: Fix a NULL pointer dereferences in bundled c-shquote
(boo#1200333)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10030=1
Package List:
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
dbus-broker-28-bp154.2.3.1
References:
https://www.suse.com/security/cve/CVE-2022-31212.htmlhttps://www.suse.com/security/cve/CVE-2022-31213.htmlhttps://bugzilla.suse.com/1200332https://bugzilla.suse.com/1200333
openSUSE Recommended Update: Recommended update for virtualbox
______________________________________________________________________________
Announcement ID: openSUSE-RU-2022:10029-1
Rating: moderate
References: #1199803 #1200769
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update for virtualbox fixes the following issues:
- Package vboximg-mount correctly. boo#1200769.
- Explicitly BuildRequire pkgconfig(glx) and pkgconfig(glu): This happened
to be pulled in by SDL-devel, but with the switch to sdl12-compat, this
no longer happens. Virtualbox explicitly checks for them though, so it
is our own responsibility to have those deps in place.
- Save and restore FPU status during interrupt. (boo#1199803)
- Replace SDL-devel BuildRequires with pkgconfig(sdl): allow to use
sdl12_compat as an alternative.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-2022-10029=1
Package List:
- openSUSE Leap 15.3 (noarch):
virtualbox-guest-desktop-icons-6.1.34-lp153.2.30.1
virtualbox-guest-source-6.1.34-lp153.2.30.1
virtualbox-host-source-6.1.34-lp153.2.30.1
- openSUSE Leap 15.3 (x86_64):
python3-virtualbox-6.1.34-lp153.2.30.1
python3-virtualbox-debuginfo-6.1.34-lp153.2.30.1
virtualbox-6.1.34-lp153.2.30.1
virtualbox-debuginfo-6.1.34-lp153.2.30.1
virtualbox-debugsource-6.1.34-lp153.2.30.1
virtualbox-devel-6.1.34-lp153.2.30.1
virtualbox-guest-tools-6.1.34-lp153.2.30.1
virtualbox-guest-tools-debuginfo-6.1.34-lp153.2.30.1
virtualbox-guest-x11-6.1.34-lp153.2.30.1
virtualbox-guest-x11-debuginfo-6.1.34-lp153.2.30.1
virtualbox-kmp-debugsource-6.1.34-lp153.2.30.1
virtualbox-kmp-default-6.1.34_k5.3.18_150300.59.76-lp153.2.30.1
virtualbox-kmp-default-debuginfo-6.1.34_k5.3.18_150300.59.76-lp153.2.30.1
virtualbox-kmp-preempt-6.1.34_k5.3.18_150300.59.76-lp153.2.30.1
virtualbox-kmp-preempt-debuginfo-6.1.34_k5.3.18_150300.59.76-lp153.2.30.1
virtualbox-qt-6.1.34-lp153.2.30.1
virtualbox-qt-debuginfo-6.1.34-lp153.2.30.1
virtualbox-vnc-6.1.34-lp153.2.30.1
virtualbox-websrv-6.1.34-lp153.2.30.1
virtualbox-websrv-debuginfo-6.1.34-lp153.2.30.1
References:
https://bugzilla.suse.com/1199803https://bugzilla.suse.com/1200769