openSUSE Updates
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
November 2023
- 2 participants
- 210 discussions
10 Nov '23
# Security update for clamav
Announcement ID: SUSE-SU-2023:4415-1
Rating: important
References:
* bsc#1216625
Cross-References:
* CVE-2023-40477
CVSS scores:
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE CaaS Platform 4.0
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.2
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.2
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.2
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for clamav fixes the following issues:
* Updated to version 0.103.11:
* CVE-2023-40477: Updated libclamunrar dependency to version 6.2.12
(bsc#1216625).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4415=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4415=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4415=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4415=1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4415=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4415=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4415=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4415=1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4415=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4415=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4415=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4415=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4415=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4415=1
* SUSE Manager Proxy 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-4415=1
* SUSE Manager Retail Branch Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.2-2023-4415=1
* SUSE Manager Server 4.2
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4415=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4415=1
* SUSE CaaS Platform 4.0
To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform
you if it detects new updates and let you then trigger updating of the complete
cluster in a controlled way.
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Manager Proxy 4.2 (x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Manager Retail Branch Server 4.2 (x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Manager Server 4.2 (ppc64le s390x x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
* SUSE CaaS Platform 4.0 (x86_64)
* clamav-0.103.11-150000.3.50.1
* clamav-debuginfo-0.103.11-150000.3.50.1
* libclamav9-debuginfo-0.103.11-150000.3.50.1
* libfreshclam2-debuginfo-0.103.11-150000.3.50.1
* clamav-debugsource-0.103.11-150000.3.50.1
* libclamav9-0.103.11-150000.3.50.1
* libfreshclam2-0.103.11-150000.3.50.1
* clamav-devel-0.103.11-150000.3.50.1
## References:
* https://www.suse.com/security/cve/CVE-2023-40477.html
* https://bugzilla.suse.com/show_bug.cgi?id=1216625
1
0
openSUSE-RU-2023:0362-1: moderate: Recommended update for perl-Mojo-IOLoop-ReadWriteProcess
by maintenance@opensuse.org 10 Nov '23
by maintenance@opensuse.org 10 Nov '23
10 Nov '23
openSUSE Recommended Update: Recommended update for perl-Mojo-IOLoop-ReadWriteProcess
______________________________________________________________________________
Announcement ID: openSUSE-RU-2023:0362-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP4
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for perl-Mojo-IOLoop-ReadWriteProcess fixes the following
issues:
Updated to 0.34:
see /usr/share/doc/packages/perl-Mojo-IOLoop-ReadWriteProcess/Changes
+ 0.34 2023-09-18T15:47:18Z
- Adapt to deprecation of spurt in upstream Mojolicious
- Make git work in github workflow
- Turn warnings "Sleeping inside locked section" into notes
- Avoid warnings about using undefined value as file handle
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-362=1
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-362=1
Package List:
- openSUSE Backports SLE-15-SP5 (noarch):
perl-Mojo-IOLoop-ReadWriteProcess-0.340.0-bp155.2.6.1
- openSUSE Backports SLE-15-SP4 (noarch):
perl-Mojo-IOLoop-ReadWriteProcess-0.340.0-bp154.2.9.1
References:
1
0
openSUSE-SU-2023:0361-1: moderate: Security update for tor
by opensuse-security@opensuse.org 10 Nov '23
by opensuse-security@opensuse.org 10 Nov '23
10 Nov '23
openSUSE Security Update: Security update for tor
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0361-1
Rating: moderate
References: #1216873
Affected Products:
openSUSE Backports SLE-15-SP4
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for tor fixes the following issues:
- tor 0.4.8.8:
* Mitigate an issue when Tor compiled with OpenSSL can crash during
handshake with a remote relay. (TROVE-2023-004, boo#1216873)
* Regenerate fallback directories generated on November 03, 2023.
* Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/11/03
* directory authority: Look at the network parameter "maxunmeasuredbw"
with the correct spelling
* vanguards addon support: Count the conflux linked cell as valid when
it is successfully processed. This will quiet a spurious warn in the
vanguards addon
- tor 0.4.8.7:
* Fix an issue that prevented us from pre-building more conflux sets
after existing sets had been used
- tor 0.4.8.6:
* onion service: Fix a reliability issue where services were expiring
their introduction points every consensus update. This caused
connectivity issues for clients caching the old descriptor and intro
points
* Log the input and output buffer sizes when we detect a potential
compression bomb
* Disable multiple BUG warnings of a missing relay identity key when
starting an instance of Tor compiled without relay support
* When reporting a pseudo-networkstatus as a bridge authority, or
answering "ns/purpose/*" controller requests, include accurate
published-on dates from our list of router descriptors
* Use less frightening language and lower the log-level of our run-time
ABI compatibility check message in our Zstd compression subsystem
- tor 0.4.8.5:
* bugfixes creating log BUG stacktrace
- tor 0.4.8.4:
* Extend DoS protection to partially opened channels and known relays
* Dynamic Proof-Of-Work protocol to thwart flooding DoS attacks against
hidden services. Disabled by default, enable via "HiddenServicePoW" in
torrc
* Implement conflux traffic splitting
* Directory authorities and relays now interact properly with directory
authorities if they change addresses
- tor 0.4.7.14:
* bugfix affecting vanguards (onion service), and minor fixes
- Enable support for scrypt()
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2023-361=1
- openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2023-361=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
tor-0.4.8.8-bp155.2.3.1
tor-debuginfo-0.4.8.8-bp155.2.3.1
tor-debugsource-0.4.8.8-bp155.2.3.1
- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):
tor-0.4.8.8-bp154.2.15.1
References:
https://bugzilla.suse.com/1216873
1
0
openSUSE-SU-2023:0360-1: moderate: Security update for go1.21
by opensuse-security@opensuse.org 09 Nov '23
by opensuse-security@opensuse.org 09 Nov '23
09 Nov '23
openSUSE Security Update: Security update for go1.21
______________________________________________________________________________
Announcement ID: openSUSE-SU-2023:0360-1
Rating: moderate
References: #1212475 #1212667 #1212669 #1215084 #1215085
#1215086 #1215087 #1215090 #1215985 #1216109
Cross-References: CVE-2023-39318 CVE-2023-39319 CVE-2023-39320
CVE-2023-39321 CVE-2023-39322 CVE-2023-39323
CVE-2023-39325 CVE-2023-44487
CVSS scores:
CVE-2023-39318 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2023-39318 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2023-39319 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2023-39319 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2023-39320 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-39320 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2023-39321 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-39321 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-39322 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-39322 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-39323 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-39323 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-39325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-39325 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-44487 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2023-44487 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that solves 8 vulnerabilities and has two fixes
is now available.
Description:
This update introduces go1.21, including fixes for the following issues:
- go1.21.3 (released 2023-10-10) includes a security fix to the net/http
package. Refs boo#1212475 go1.21 release tracking CVE-2023-39325
CVE-2023-44487
* go#63427 go#63417 boo#1216109 security: fix CVE-2023-39325
CVE-2023-44487 net/http: rapid stream resets can cause excessive work
- go1.21.2 (released 2023-10-05) includes one security fixes to the cmd/go
package, as well as bug fixes to the compiler, the go command, the
linker, the runtime, and the runtime/metrics package. Refs boo#1212475
go1.21 release tracking CVE-2023-39323
* go#63214 go#63211 boo#1215985 security: fix CVE-2023-39323 cmd/go:
line directives allows arbitrary execution during build
* go#62464 runtime: "traceback did not unwind completely"
* go#62478 runtime/metrics: /gc/scan* metrics return zero
* go#62505 plugin: variable not initialized properly
* go#62506 cmd/compile: internal compiler error: InvertFlags should
never make it to codegen v100 = InvertFlags v123
* go#62509 runtime: scheduler change causes Delve's function call
injection to fail intermittently
* go#62537 runtime: "fatal: morestack on g0" with PGO enabled on arm64
* go#62598 cmd/link: issues with Apple's new linker in Xcode 15 beta
* go#62668 cmd/compile: slow to compile 17,000 line switch statement?
* go#62711 cmd/go: TestScript/gotoolchain_path fails if
golang.org/dl/go1.21.1 is installed in the user's $PATH
- go1.21.1 (released 2023-09-06) includes four security fixes to the
cmd/go, crypto/tls, and html/template packages, as well as bug fixes to
the compiler, the go command, the linker, the runtime, and the context,
crypto/tls, encoding/gob, encoding/xml, go/types, net/http, os, and
path/filepath packages. Refs boo#1212475 go1.21 release tracking
CVE-2023-39318 CVE-2023-39319 CVE-2023-39320 CVE-2023-39321
CVE-2023-39322
* go#62290 go#62266 boo#1215087 security: fix CVE-2023-39321
CVE-2023-39322 crypto/tls: panic when processing partial
post-handshake message in QUICConn.HandleData
* go#62394 go#62198 boo#1215086 security: fix CVE-2023-39320 cmd/go:
go.mod toolchain directive allows arbitrary execution
* go#62396 go#62196 boo#1215084 security: fix CVE-2023-39318
html/template: improper handling of HTML-like comments within script
contexts
* go#62398 go#62197 boo#1215085 security: fix CVE-2023-39319
html/template: improper handling of special tags within script contexts
* go#61743 go/types: interface.Complete panics for interfaces with
duplicate methods
* go#61781 cmd/compile: internal compiler error: 'f': value .autotmp_1
(nil) incorrectly live at entry
* go#61818 cmd/go: panic: runtime error: index out of range [-1] in
collectDepsErrors
* go#61821 runtime/internal/wasitest: TestTCPEcho is racy
* go#61868 path/filepath: Clean on some invalid Windows paths can lose
.. components
* go#61904 net/http: go 1.20.6 host validation breaks setting Host to a
unix socket address
* go#61905 cmd/go: go get/mod tidy panics with internal error: net token
acquired but not released
* go#61909 cmd/compile: internal compiler error: missed typecheck
* go#61910 os: ReadDir fails on file systems without File ID support on
Windows
* go#61927 cmd/distpack: release archives don't include directory members
* go#61930 spec, go/types, types2: restore Go 1.20 unification when
compiling for Go 1.20
* go#61932 go/types, types2: index out of range panic in
Checker.arguments
* go#61958 cmd/compile: write barrier code is sometimes preemptible when
compiled with -N
* go#61959 go/types, types2: panic: infinite recursion in unification
with go1.21.0
* go#61964 os: ReadDir(\\.\pipe\) fails with go1.21 on Windows
* go#61967 crypto/tls: add GODEBUG to control max RSA key size
* go#61987 runtime: simple programs crash on linux/386 with go1.21 when
build with -gcflags='all=-N -l'
* go#62019 runtime: execution halts with goroutines stuck in
runtime.gopark (protocol error E08 during memory read for packet)
* go#62046 runtime/trace: segfault in runtime.fpTracebackPCs during
deferred call after recovering from panic
* go#62051 encoding/xml: incompatible changes in the Go 1.21.0
* go#62057 cmd/compile: internal compiler error: 'F': func F,
startMem[b1] has different values
* go#62071 cmd/api: make non-importable
* go#62140 cmd/link: slice bounds out of range
* go#62143 hash/crc32: panic on arm64 with go1.21.0 when indexing slice
* go#62144 cmd/go: locating GOROOT fails when the go command is run from
the cross-compiled bin subdirectory
* go#62154 encoding/gob: panic decoding into local type, received remote
type
* go#62189 context: misuse of sync.Cond in ExampleAfterFunc_cond
* go#62204 maps: segfault in Clone
* go#62205 cmd/compile: backward incompatible change in Go 1.21 type
inference with channels
* go#62222 cmd/go: 'go test -o' may fail with ETXTBSY when running the
compiled test
* go#62328 net/http: http client regression building with js/wasm and
running on Chrome: net::ERR_H2_OR_QUIC_REQUIRED
* go#62329 runtime: MADV_HUGEPAGE causes stalls when allocating memory
- go1.21 (released 2023-08-08) is a major release of Go. go1.21.x minor
releases will be provided through August 2024.
https://github.com/golang/go/wiki/Go-Release-Cycle go1.21 arrives six
months after go1.20. Most of its changes are in the implementation of
the toolchain, runtime, and libraries. As always, the release maintains
the Go 1 promise of compatibility. We expect almost all Go programs to
continue to compile and run as before. Refs boo#1212475 go1.21 release
tracking
* Go 1.21 introduces a small change to the numbering of releases. In the
past, we used Go 1.N to refer to both the
overall Go language version and release family as well as the first
release in that family. Starting in Go 1.21, the first release is now
Go 1.N.0. Today we are releasing both the Go 1.21 language and its
initial implementation, the Go 1.21.0 release. These notes refer to
"Go 1.21"; tools like go version will report "go1.21.0" (until you
upgrade to Go 1.21.1). See "Go versions" in the "Go Toolchains"
documentation for details about the new version numbering.
* Language change: Go 1.21 adds three new built-ins to the language.
* Language change: The new functions min and max compute the smallest
(or largest, for max) value of a fixed number of given arguments. See
the language spec for details.
* Language change: The new function clear deletes all elements from a
map or zeroes all elements of a slice. See the language spec for
details.
* Package initialization order is now specified more precisely. This may
change the behavior of some programs that rely on a specific
initialization ordering that was not expressed by explicit imports.
The behavior of such programs was not well defined by the spec in past
releases. The new rule provides an unambiguous definition.
* Multiple improvements that increase the power and precision of type
inference have been made.
* A (possibly partially instantiated generic) function may now be called
with arguments that are themselves (possibly partially instantiated)
generic functions.
* Type inference now also considers methods when a value is assigned to
an interface: type arguments for type parameters used in method
signatures may be inferred from the corresponding parameter types of
matching methods.
* Similarly, since a type argument must implement all the methods
of its corresponding constraint, the methods of the type argument and
constraint are matched which may lead to the inference of additional
type arguments.
* If multiple untyped constant arguments of different kinds (such as an
untyped int and an untyped floating-point constant) are passed to
parameters with the same (not otherwise specified) type parameter
type, instead of an error, now type inference determines the type
using the same approach as an operator with untyped constant operands.
This change brings the types inferred from untyped constant arguments
in line with the types
of constant expressions.
* Type inference is now precise when matching corresponding types in
assignments
* The description of type inference in the language spec has been
clarified.
* Go 1.21 includes a preview of a language change we are considering for
a future version of Go: making for loop variables per-iteration
instead of per-loop, to avoid accidental sharing bugs. For details
about how to try that language change, see the LoopvarExperiment wiki
page.
* Go 1.21 now defines that if a goroutine is panicking and recover was
called directly by a deferred function, the return value of recover is
guaranteed not to be nil. To ensure this, calling panic with a nil
interface value (or an untyped nil) causes a run-time panic of type
*runtime.PanicNilError. To support programs written for older versions
of Go, nil panics can be re-enabled by setting GODEBUG=panicnil=1.
This setting is enabled automatically when compiling a program whose
main package is in a module with that declares go 1.20 or earlier.
* Go 1.21 adds improved support for backwards compatibility and forwards
compatibility in the Go toolchain.
* To improve backwards compatibility, Go 1.21 formalizes Go's use
of the GODEBUG environment variable to control the default behavior
for changes that are non-breaking according to the compatibility
policy but nonetheless may cause existing programs to break. (For
example, programs that depend on buggy behavior may break when a bug
is fixed, but bug fixes are not considered breaking changes.) When Go
must make this kind of behavior change, it now chooses between the
old and new behavior based on the go line in the workspace's go.work
file
or else the main module's go.mod file. Upgrading to a new Go toolchain
but leaving the go line set to its original (older) Go version
preserves the behavior of the older toolchain. With this
compatibility support, the latest Go toolchain should always be the
best, most secure, implementation of an older version of Go. See "Go,
Backwards Compatibility, and GODEBUG" for details.
* To improve forwards compatibility, Go 1.21 now reads the go line in a
go.work or go.mod file as a strict minimum requirement: go 1.21.0
means that the workspace or module cannot be used with Go 1.20 or with
Go 1.21rc1. This allows projects that depend on fixes made in later
versions of Go to ensure that they are not used with earlier versions.
It also gives better error reporting for projects that make use of new
Go features: when the problem is that a newer Go version is needed,
that problem is reported clearly, instead of attempting to build the
code and instead printing errors about unresolved imports or syntax
errors.
* To make these new stricter version requirements easier to manage, the
go command can now invoke not just the toolchain bundled in its own
release but also other Go toolchain versions found in the PATH or
downloaded on demand. If a go.mod or go.work go line declares a
minimum requirement on a newer version of Go, the go command will find
and run that version automatically. The new toolchain directive sets a
suggested minimum toolchain to use, which may be newer than the strict
go minimum. See "Go Toolchains" for details.
* go command: The -pgo build flag now defaults to -pgo=auto, and the
restriction of specifying a single main package on the command line is
now removed. If a file named default.pgo is present in the main
package's directory, the go command will use it to enable
profile-guided optimization for building the corresponding program.
* go command: The -C dir flag must now be the first flag on the
command-line when used.
* go command: The new go test option -fullpath prints full path names in
test log messages, rather than just base names.
* go command: The go test -c flag now supports writing test binaries for
multiple packages, each to pkg.test where pkg is the package name. It
is an error if more than one test package being compiled has a given
package name.]
* go command: The go test -o flag now accepts a directory argument, in
which case test binaries are written to that directory instead of the
current directory.
* cgo: In files that import "C", the Go toolchain now correctly reports
errors for attempts to declare Go methods on C types.
* runtime: When printing very deep stacks, the runtime now prints the
first 50 (innermost) frames followed by the bottom 50 (outermost)
frames, rather than just printing the first 100 frames. This makes it
easier to see how deeply recursive stacks started, and is especially
valuable for debugging stack
overflows.
* runtime: On Linux platforms that support transparent huge pages, the
Go runtime now manages which parts of the heap may be backed by huge
pages more explicitly. This leads to better utilization of memory:
small heaps should see less memory used (up to 50% in pathological
cases) while large heaps should see fewer broken huge pages for dense
parts of the heap, improving CPU usage and latency by up to 1%.
* runtime: As a result of runtime-internal garbage collection tuning,
applications may see up to a 40% reduction in application tail latency
and a small decrease in memory use. Some applications may also observe
a small loss in throughput. The memory use decrease should be
proportional to the loss in throughput, such that the previous
release's throughput/memory tradeoff may be recovered (with little
change to latency) by increasing GOGC and/or GOMEMLIMIT slightly.
* runtime: Calls from C to Go on threads created in C require some setup
to prepare for Go execution. On Unix platforms, this setup is now
preserved across multiple calls from the same thread. This
significantly reduces the overhead of subsequent C to Go calls from
~1-3 microseconds per call to ~100-200 nanoseconds per call.
* compiler: Profile-guide optimization (PGO), added as a preview in Go
1.20, is now ready for general use. PGO enables additional
optimizations on code identified as hot by profiles
of production workloads. As mentioned in the Go command section, PGO
is enabled by default for binaries that contain a default.pgo profile
in the main package directory. Performance improvements vary
depending on application behavior, with most programs from a
representative set of Go programs seeing between 2 and 7% improvement
from enabling PGO. See the PGO user guide for detailed documentation.
* compiler: PGO builds can now devirtualize some interface method calls,
adding a concrete call to the most common callee. This enables further
optimization, such as inlining the callee.
* compiler: Go 1.21 improves build speed by up to 6%, largely thanks to
building the compiler itself with PGO.
* assembler: On amd64, frameless nosplit assembly functions are no
longer automatically marked as NOFRAME. Instead, the NOFRAME attribute
must be explicitly specified if desired, which is already the behavior
on other architectures supporting frame pointers. With this, the
runtime now maintains the frame pointers for stack transitions.
* assembler: The verifier that checks for incorrect uses of R15 when
dynamic linking on amd64 has been improved.
* linker: On windows/amd64, the linker (with help from the compiler) now
emits SEH unwinding data by default, which improves the integration of
Go applications with Windows debuggers and other tools.
* linker: In Go 1.21 the linker (with help from the compiler) is now
capable of deleting dead (unreferenced) global map variables, if the
number of entries in the variable initializer is sufficiently large,
and if the initializer expressions are side-effect free.
* core library: The new log/slog package provides structured logging
with levels. Structured logging emits key-value pairs to enable fast,
accurate processing of large amounts of log data. The package supports
integration with popular log analysis tools and services.
* core library: The new testing/slogtest package can help to validate
slog.Handler implementations.
* core library: The new slices package provides many common
operations on slices, using generic functions that work with slices of
any element type.
* core library: The new maps package provides several common
operations on maps, using generic functions that work with maps
of any key or element type.
* core library: The new cmp package defines the type constraint Ordered
and two new generic functions Less and Compare that are useful with
ordered types.
* Minor changes to the library: As always, there are various minor
changes and updates to the library, made with the Go 1 promise of
compatibility in mind. There are also various performance
improvements, not enumerated here.
* archive/tar: The implementation of the io/fs.FileInfo interface
returned by Header.FileInfo now implements a String method that calls
io/fs.FormatFileInfo.
* archive/zip: The implementation of the io/fs.FileInfo interface
returned by FileHeader.FileInfo now implements a String method that
calls io/fs.FormatFileInfo.
* archive/zip: The implementation of the io/fs.DirEntry interface
returned by the io/fs.ReadDirFile.ReadDir method of the io/fs.File
returned by Reader.Open now implements a String method that calls
io/fs.FormatDirEntry.
* bytes: The Buffer type has two new methods: Available and
AvailableBuffer. These may be used along with the Write method to
append directly to the Buffer.
* context: The new WithoutCancel function returns a copy of a context
that is not canceled when the original context is canceled.
* context: The new WithDeadlineCause and WithTimeoutCause functions
provide a way to set a context cancellation cause when a deadline or
timer expires. The cause may be retrieved with the Cause function.
* context: The new AfterFunc function registers a function to run after
a context has been cancelled.
* context: An optimization means that the results of calling Background
and TODO and converting them to a shared type can be considered equal.
In previous releases they were always different. Comparing Context
values for equality has never been well-defined, so this is not
considered to be an incompatible change.
* crypto/ecdsa: PublicKey.Equal and PrivateKey.Equal now execute in
constant time.
* crypto/elliptic: All of the Curve methods have been deprecated, along
with GenerateKey, Marshal, and Unmarshal. For ECDH
operations, the new crypto/ecdh package should be used instead. For
lower-level operations, use third-party modules such as
filippo.io/nistec.
* crypto/rand: The crypto/rand package now uses the getrandom system
call on NetBSD 10.0 and later.
* crypto/rsa: The performance of private RSA operations (decryption and
signing) is now better than Go 1.19 for GOARCH=amd64 and GOARCH=arm64.
It had regressed in Go 1.20.
* crypto/rsa: Due to the addition of private fields to
PrecomputedValues, PrivateKey.Precompute must be called for
optimal performance even if deserializing (for example from JSON) a
previously-precomputed private key.
* crypto/rsa: PublicKey.Equal and PrivateKey.Equal now execute in
constant time.
* crypto/rsa: The GenerateMultiPrimeKey function and the
PrecomputedValues.CRTValues field have been deprecated.
PrecomputedValues.CRTValues will still be populated when
PrivateKey.Precompute is called, but the values will not be used
during decryption operations.
* crypto/sha256: SHA-224 and SHA-256 operations now use native
instructions when available when GOARCH=amd64, providing a performance
improvement on the order of 3-4x.
* crypto/tls: Servers now skip verifying client certificates (including
not running Config.VerifyPeerCertificate) for resumed connections,
besides checking the expiration time. This makes session tickets
larger when client certificates are in use. Clients were already
skipping verification on resumption, but now check the expiration time
even if Config.InsecureSkipVerify is set.
* crypto/tls: Applications can now control the content of session
tickets.
* crypto/tls: The new SessionState type describes a resumable session.
* crypto/tls: The SessionState.Bytes method and ParseSessionState
function serialize and deserialize a SessionState.
* crypto/tls: The Config.WrapSession and Config.UnwrapSession hooks
convert a SessionState to and from a ticket on the server side.
* crypto/tls: The Config.EncryptTicket and Config.DecryptTicket methods
provide a default implementation of WrapSession and UnwrapSession.
* crypto/tls: The ClientSessionState.ResumptionState method and
NewResumptionState function may be used by a ClientSessionCache
implementation to store and resume sessions on the client side.
* crypto/tls: To reduce the potential for session tickets to be used as
a tracking mechanism across connections, the server now issues new
tickets on every resumption (if they are supported and not disabled)
and tickets don't bear an identifier for the key that encrypted them
anymore. If passing a large number of keys to
Conn.SetSessionTicketKeys, this might lead to a noticeable performance
cost.
* crypto/tls: Both clients and servers now implement the Extended Master
Secret extension (RFC 7627). The deprecation of
ConnectionState.TLSUnique has been reverted, and is now set for
resumed connections that support Extended Master Secret.
* crypto/tls: The new QUICConn type provides support for QUIC
implementations, including 0-RTT support. Note that this is not itself
a QUIC implementation, and 0-RTT is still not supported in TLS.
* crypto/tls: The new VersionName function returns the name for a TLS
version number.
* crypto/tls: The TLS alert codes sent from the server for client
authentication failures have been improved. Previously, these failures
always resulted in a "bad certificate" alert. Now, certain failures
will result in more appropriate alert codes, as defined by RFC 5246
and RFC 8446:
* crypto/tls: For TLS 1.3 connections, if the server is configured to
require client authentication using RequireAnyClientCert or
RequireAndVerifyClientCert, and the client does not provide any
certificate, the server will now return the "certificate required"
alert.
* crypto/tls: If the client provides a certificate that is not signed by
the set of trusted certificate authorities configured
on the server, the server will return the "unknown certificate
authority" alert.
* crypto/tls: If the client provides a certificate that is either
expired or not yet valid, the server will return the "expired
certificate" alert.
* crypto/tls: In all other scenarios related to client authentication
failures, the server still returns "bad certificate".
* crypto/x509: RevocationList.RevokedCertificates has been deprecated
and replaced with the new RevokedCertificateEntries field, which is a
slice of RevocationListEntry. RevocationListEntry contains all of the
fields in pkix.RevokedCertificate, as well as the revocation reason
code.
* crypto/x509: Name constraints are now correctly enforced on non-leaf
certificates, and not on the certificates where they are expressed.
* debug/elf: The new File.DynValue method may be used to retrieve the
numeric values listed with a given dynamic tag.
* debug/elf: The constant flags permitted in a DT_FLAGS_1 dynamic tag
are now defined with type DynFlag1. These tags have names starting
with DF_1.
* debug/elf: The package now defines the constant COMPRESS_ZSTD.
* debug/elf: The package now defines the constant R_PPC64_REL24_P9NOTOC.
* debug/pe: Attempts to read from a section containing uninitialized
data using Section.Data or the reader returned by Section.Open now
return an error.
* embed: The io/fs.File returned by FS.Open now has a ReadAt method that
implements io.ReaderAt.
* embed: Calling FS.Open.Stat will return a type that now implements a
String method that calls io/fs.FormatFileInfo.
* errors: The new ErrUnsupported error provides a standardized way to
indicate that a requested operation may not be performed because it is
unsupported. For example, a call to os.Link when using a file system
that does not support hard links.
* flag: The new BoolFunc function and FlagSet.BoolFunc method define a
flag that does not require an argument and calls a function when the
flag is used. This is similar to Func but for a boolean flag.
* flag: A flag definition (via Bool, BoolVar, Int, IntVar, etc.) will
panic if Set has already been called on a flag with the same name.
This change is intended to detect cases where changes in
initialization order cause flag operations to occur in a different
order than expected. In many cases the fix to this problem is to
introduce a explicit package dependence to correctly order the
definition before any Set operations.
* go/ast: The new IsGenerated predicate reports whether a file syntax
tree contains the special comment that conventionally indicates that
the file was generated by a tool.
* go/ast: The new File.GoVersion field records the minimum Go version
required by any //go:build or // +build directives.
* go/build: The package now parses build directives (comments that start
with //go:) in file headers (before the package declaration). These
directives are available in the new Package fields Directives,
TestDirectives, and XTestDirectives.
* go/build/constraint: The new GoVersion function returns the minimum Go
version implied by a build expression.
* go/token: The new File.Lines method returns the file's line-number
table in the same form as accepted by File.SetLines.
* go/types: The new Package.GoVersion method returns the Go language
version used to check the package.
* hash/maphash: The hash/maphash package now has a pure Go
implementation, selectable with the purego build tag.
* html/template: The new error ErrJSTemplate is returned when an action
appears in a JavaScript template literal. Previously an unexported
error was returned.
* io/fs: The new FormatFileInfo function returns a formatted version of
a FileInfo. The new FormatDirEntry function returns a formatted
version of a DirEntry. The implementation of DirEntry returned by
ReadDir now implements a String method that calls FormatDirEntry, and
the same is true for the DirEntry value passed to WalkDirFunc.
* math/big: The new Int.Float64 method returns the nearest
floating-point value to a multi-precision integer, along with an
indication of any rounding that occurred.
* net: On Linux, the net package can now use Multipath TCP when the
kernel supports it. It is not used by default. To use Multipath TCP
when available on a client, call the Dialer.SetMultipathTCP method
before calling the Dialer.Dial or Dialer.DialContext methods. To use
Multipath TCP when available
on a server, call the ListenConfig.SetMultipathTCP method before
calling the ListenConfig.Listen method. Specify the network as "tcp"
or "tcp4" or "tcp6" as usual. If Multipath TCP is not supported by
the kernel or the remote host, the connection will silently fall back
to TCP. To test whether a particular connection is using Multipath
TCP, use the TCPConn.MultipathTCP method.
* net: In a future Go release we may enable Multipath TCP by default on
systems that support it.
* net/http: The new ResponseController.EnableFullDuplex method allows
server handlers to concurrently read from an HTTP/1 request body while
writing the response. Normally, the HTTP/1 server automatically
consumes any remaining request body before starting to write the
response, to avoid deadlocking clients which attempt to write a
complete request before reading the response. The EnableFullDuplex
method disables this behavior.
* net/http: The new ErrSchemeMismatch error is returned by Client and
Transport when the server responds to an HTTPS request with an HTTP
response.
* net/http: The net/http package now supports errors.ErrUnsupported, in
that the expression errors.Is(http.ErrNotSupported,
errors.ErrUnsupported) will return true.
* os: Programs may now pass an empty time.Time value to the Chtimes
function to leave either the access time or the modification time
unchanged.
* os: On Windows the File.Chdir method now changes the current directory
to the file, rather than always returning an error.
* os: On Unix systems, if a non-blocking descriptor is passed to
NewFile, calling the File.Fd method will now return a non-blocking
descriptor. Previously the descriptor was converted to blocking mode.
* os: On Windows calling Truncate on a non-existent file used to create
an empty file. It now returns an error indicating that the file does
not exist.
* os: On Windows calling TempDir now uses GetTempPath2W when available,
instead of GetTempPathW. The new behavior is a security hardening
measure that prevents temporary files created by processes running as
SYSTEM to be accessed by non-SYSTEM processes.
* os: On Windows the os package now supports working with files whose
names, stored as UTF-16, can't be represented as valid UTF-8.
* os: On Windows Lstat now resolves symbolic links for paths ending with
a path separator, consistent with its behavior on POSIX platforms.
* os: The implementation of the io/fs.DirEntry interface returned by the
ReadDir function and the File.ReadDir method now implements a String
method that calls io/fs.FormatDirEntry.
* os: The implementation of the io/fs.FS interface returned by the DirFS
function now implements the io/fs.ReadFileFS and the io/fs.ReadDirFS
interfaces.
* path/filepath: The implementation of the io/fs.DirEntry interface
passed to the function argument of WalkDir now implements a String
method that calls io/fs.FormatDirEntry.
* reflect: In Go 1.21, ValueOf no longer forces its argument to be
allocated on the heap, allowing a Value's content to be allocated on
the stack. Most operations on a Value also allow the underlying value
to be stack allocated.
* reflect: The new Value method Value.Clear clears the contents
of a map or zeros the contents of a slice. This corresponds to the new
clear built-in added to the language.
* reflect: The SliceHeader and StringHeader types are now deprecated. In
new code prefer unsafe.Slice, unsafe.SliceData, unsafe.String, or
unsafe.StringData.
* regexp: Regexp now defines MarshalText and UnmarshalText methods.
These implement encoding.TextMarshaler and encoding.TextUnmarshaler
and will be used by packages such as encoding/json.
* runtime: Textual stack traces produced by Go programs, such as those
produced when crashing, calling runtime.Stack, or collecting a
goroutine profile with debug=2, now include the IDs of the goroutines
that created each goroutine in the stack trace.
* runtime: Crashing Go applications can now opt-in to Windows Error
Reporting (WER) by setting the environment variable GOTRACEBACK=wer or
calling debug.SetTraceback("wer") before the crash. Other than
enabling WER, the runtime will behave as with GOTRACEBACK=crash. On
non-Windows systems, GOTRACEBACK=wer is ignored.
* runtime: GODEBUG=cgocheck=2, a thorough checker of cgo pointer passing
rules, is no longer available as a debug
option. Instead, it is available as an experiment using
GOEXPERIMENT=cgocheck2. In particular this means that this mode has
to be selected at build time instead of startup time.
* runtime: GODEBUG=cgocheck=1 is still available (and is still the
default).
* runtime: A new type Pinner has been added to the runtime package.
Pinners may be used to "pin" Go memory such that it may be used more
freely by non-Go code. For instance, passing Go values that reference
pinned Go memory to C code is now allowed. Previously, passing any
such nested reference was disallowed by the cgo pointer passing rules.
See the docs for more details.
* runtime/metrics: A few previously-internal GC metrics, such as live
heap size, are now available. GOGC and GOMEMLIMIT are also now
available as metrics.
* runtime/trace: Collecting traces on amd64 and arm64 now incurs a
substantially smaller CPU cost: up to a 10x improvement over the
previous release.
* runtime/trace: Traces now contain explicit stop-the-world events for
every reason the Go runtime might stop-the-world, not just garbage
collection.
* sync: The new OnceFunc, OnceValue, and OnceValues functions capture a
common use of Once to lazily initialize a value on first use.
* syscall: On Windows the Fchdir function now changes the current
directory to its argument, rather than always returning an error.
* syscall: On FreeBSD SysProcAttr has a new field Jail that may be used
to put the newly created process in a jailed environment.
* syscall: On Windows the syscall package now supports working with
files whose names, stored as UTF-16, can't be represented as valid
UTF-8. The UTF16ToString and UTF16FromString functions now convert
between UTF-16 data and WTF-8 strings. This is backward compatible as
WTF-8 is a superset of the UTF-8 format that was used in earlier
releases.
* syscall: Several error values match the new errors.ErrUnsupported,
such that errors.Is(err, errors.ErrUnsupported) returns true. ENOSYS
ENOTSUP EOPNOTSUPP EPLAN9 (Plan 9 only) ERROR_CALL_NOT_IMPLEMENTED
(Windows only) ERROR_NOT_SUPPORTED (Windows only) EWINDOWS (Windows
only)
* testing: The new -test.fullpath option will print full path names in
test log messages, rather than just base names.
* testing: The new Testing function reports whether the program is a
test created by go test.
* testing/fstest: Calling Open.Stat will return a type that now
implements a String method that calls io/fs.FormatFileInfo.
* unicode: The unicode package and associated support throughout the
system has been upgraded to Unicode 15.0.0.
* Darwin port: As announced in the Go 1.20 release notes, Go 1.21
requires macOS 10.15 Catalina or later; support for previous versions
has been discontinued.
* Windows port: As announced in the Go 1.20 release notes, Go 1.21
requires at least Windows 10 or Windows Server 2016; support for
previous versions has been discontinued.
* WebAssembly port: The new go:wasmimport directive can now be used in
Go programs to import functions from the WebAssembly host.
* WebAssembly port: The Go scheduler now interacts much more efficiently
with the JavaScript event loop, especially in applications that block
frequently on asynchronous events.
* WebAssembly System Interface port: Go 1.21 adds an experimental port
to the WebAssembly System Interface (WASI), Preview 1 (GOOS=wasip1,
GOARCH=wasm).
* WebAssembly System Interface port: As a result of the addition
of the new GOOS value "wasip1", Go files named *_wasip1.go will now be
ignored by Go tools except when that GOOS value is being used. If you
have existing filenames matching that pattern, you will need to
rename them.
* ppc64/ppc64le port: On Linux, GOPPC64=power10 now generates
PC-relative instructions, prefixed instructions, and other new Power10
instructions. On AIX, GOPPC64=power10 generates Power10 instructions,
but does not generate PC-relative instructions.
* ppc64/ppc64le port: When building position-independent binaries for
GOPPC64=power10 GOOS=linux GOARCH=ppc64le, users can expect reduced
binary sizes in most cases, in some cases 3.5%. Position-independent
binaries are built for ppc64le with the following -buildmode values:
c-archive, c-shared, shared, pie, plugin.
* loong64 port: The linux/loong64 port now supports
-buildmode=c-archive, -buildmode=c-shared and -buildmode=pie.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2023-360=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):
go-1.21-41.1
go-doc-1.21-41.1
go1.21-1.21.3-2.1
go1.21-doc-1.21.3-2.1
References:
https://www.suse.com/security/cve/CVE-2023-39318.html
https://www.suse.com/security/cve/CVE-2023-39319.html
https://www.suse.com/security/cve/CVE-2023-39320.html
https://www.suse.com/security/cve/CVE-2023-39321.html
https://www.suse.com/security/cve/CVE-2023-39322.html
https://www.suse.com/security/cve/CVE-2023-39323.html
https://www.suse.com/security/cve/CVE-2023-39325.html
https://www.suse.com/security/cve/CVE-2023-44487.html
https://bugzilla.suse.com/1212475
https://bugzilla.suse.com/1212667
https://bugzilla.suse.com/1212669
https://bugzilla.suse.com/1215084
https://bugzilla.suse.com/1215085
https://bugzilla.suse.com/1215086
https://bugzilla.suse.com/1215087
https://bugzilla.suse.com/1215090
https://bugzilla.suse.com/1215985
https://bugzilla.suse.com/1216109
1
0
SUSE-RU-2023:4385-1: important: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
by maintenance@opensuse.org 09 Nov '23
by maintenance@opensuse.org 09 Nov '23
09 Nov '23
# Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch
Server
Announcement ID: SUSE-RU-2023:4385-1
Rating: important
References:
* bsc#1204270
* bsc#1211047
* bsc#1211145
* bsc#1211270
* bsc#1211912
* bsc#1212168
* bsc#1212507
* bsc#1213132
* bsc#1213376
* bsc#1213469
* bsc#1213680
* bsc#1213689
* bsc#1214041
* bsc#1214121
* bsc#1214463
* bsc#1214553
* bsc#1214746
* bsc#1215027
* bsc#1215120
* bsc#1215412
* bsc#1215514
* bsc#1216411
* bsc#1216661
* jsc#MSQA-706
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* Public Cloud Module 15-SP4
* Public Cloud Module 15-SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 Module 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Manager Server 4.3 Module 4.3
An update that contains one feature and has 23 fixes can now be installed.
## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3
### Description:
This update fixes the following issues:
apache2-mod_wsgi:
* Make sure that the keyword wsgi is preserved in the APACHE_MODULES variable
when updating apache2-mod_wsgi (bsc#1216411)
spacecmd:
* Version 4.3.24-1
* Change default scheduler from (none) to (system)
spacewalk-backend:
* Version 4.3.24-1
* Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)
spacewalk-client-tools:
* Version 4.3.16-1
* Update translation strings
spacewalk-web:
* Version 4.3.35-1
* Add missing translation wrappers for Salt formula catalog
* Shows a notification when an update for SUSE Manager is available
How to apply this update:
1. Log in as root user to the SUSE Manager Proxy or Retail Branch Server.
2. Stop the proxy service: `spacewalk-proxy stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-proxy start`
## Recommended update for SUSE Manager Server 4.3
### Description:
This update fixes the following issues:
billing-data-service:
* Version 4.3.1-1
* Align the package version with the SUSE Manager major version 4.3
cobbler:
* Buildiso: copy grub into ESP using mtools to allow execution in containers
* Add mtools as dependency for Cobbler
susemanager-docs_en:
* Removed technical preview statement about Ansible in Administration Guide
(bsc#1216661)
* Replace the "Quick Start: Public Cloud" with "Public Cloud Guide" in
Specialized Guides
* Provide the right base operating system service pack version to be used for
SUSE Manager Proxy (bsc#1213469)
* Add Debian 12 as supported client in Client Configuration Guide
smdba:
* Version 1.7.12
* re-use configured max_connection value
* keep previous selected value for SSD configuration
spacecmd:
* Version 4.3.24-1
* Change default scheduler from (none) to (system)
spacewalk-backend:
* Version 4.3.24-1
* Only show missing /root/.curlrc error with log_level = 5 (bsc#1212507)
spacewalk-client-tools:
* Version 4.3.16-1
* Update translation strings
spacewalk-config:
* Version 4.3.12-1
* Handle spaces in /ks/dist/ file names (bsc#1213680)
spacewalk-java:
* Version 4.3.68-1
* Sync GPG properties on each build in CLM (bsc#1213689)
* Change list endpoints in saltkey namespace to accept GET requests instead of
POST (bsc#1214463)
* Respect user email preferences when sending 'user creation' emails
(bsc#1214553)
* Fix server error when visiting the notifications page
* Fixed the value of the advisory release for Ubuntu erratas
* Restart the bunch from where it was interrupted when rescheduling
* Moved the Ubuntu errata processing in its own separate taskomatic task
(bsc#1211145)
* Stop the taskomatic bunch execution if it was not possible to execute one of
the tasks
* Add detection of Debian 12
* Implement different way to copy data for SystemPackageUpdate report database
table (bsc#1211912)
* Avoid SCC credentials check if `server.susemanager.fromdir` is set
(bsc#1211270)
* Fix bug about listing Ansible inventories (bsc#1213132)
* Remove SUSE Manager proxy 4.2 product channel for PAYG instance
(bsc#1215412)
* Show a notification when an update for SUSE Manager is available
* Optimize memory usage in UbuntuErrataManager
* Handle spaces in /ks/dist/ file names (bsc#1213680)
* Change default scheduler from (none) to (system)
* Set user for package list refresh action if possible
* Fix recurring state execution not using the correct order (bsc#1215027)
* Ignore mandatory channels results that don't match list of channels
(bsc#1204270)
* Token cleanup process removing invalid tokens using sql query (bsc#1213376)
* Fix failed actions rescheduling (bsc#1214121)
* Fix unscheduling actions when the trigger name changed after retry
(bsc#1214121)
* Improve Taskomatic by removing invalid triggers before starting and
enhancing logs
* Revert action executor fix that was intended to prevent blocking of
Taskomatic threads (bsc#1214121)
* Extend success message after adding monitoring property (bsc#1212168)
spacewalk-utils:
* Version 4.3.18-1
* Add Debian 12 repositories
spacewalk-web:
* Version 4.3.35-1
* Add missing translation wrappers for Salt formula catalog
* Shows a notification when an update for SUSE Manager is available
susemanager:
* Version 4.3.32-1
* Add bootstrap repository definition for OES2023.4 (bsc#1215514)
* Add bootstrap repository definitions for Debian 12
* Fix SLES 15 for SAP not being listed in mgr-create-bootstrap-repo
(bsc#1215120)
* Add missing PKGLIST15_TRAD for SLES 15 SAP mgr-create-bootstrap-repo entries
(bsc#1215120)
* Fix possible permission issues with database migration script (bsc#1214746)
susemanager-docs_en:
* Added comment about SCC subscription to Administration Guide (bsc#1211270)
* Added Debian 12 as a technology preview client in Client Configuration Guide
* Fixed over-long table issue in openSCAP chapter in Administration Guide
* Update Hardware Requirements section about disk space for /var/spacewalk in
the Installation and Upgrade Guide
* Documented disabling automatic channel selection for cloned channels in
Content Lifecycle Management chapter of Administration Guide (bsc#1211047)
* Fixed broken links and references in the Image building file in
* Updated autoinstallation chapter in Client Configuration Guide about
buildiso command in the context of Cobbler
* Removed end-of-life openSUSE Leap clients from the support matrix in the
Client Configuration Guide
* Added note about Jinja templating for configuration files management on Salt
Clients in Client Configuration Guide
* Fixed DHCP example for Cobbler autoinstallation and added one per
architecture in Client Configuration Guide (bsc#1214041) Guide (bsc#1213469)
susemanager-schema:
* Version 4.3.21-1
* Add index on server needed cache to improve performance for some queries
(bsc#1211912)
* Moved the Ubuntu errata processing in its own separate taskomatic task
(bsc#1211145)
susemanager-sls:
* Version 4.3.36-1
* Do not install instance-flavor-check tool on openSUSE
susemanager-sync-data:
* Version 4.3.13-1
* Add OES2023.4 (bsc#1215514)
* Add Debian 12 amd64
How to apply this update:
1. Log in as root user to the SUSE Manager Server.
2. Stop the Spacewalk service: `spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service: `spacewalk-service start`
## Recommended update for apache2-mod_wsgi
### Description:
This update fixes the following issues:
apache2-mod_wsgi:
* Make sure that the keyword wsgi is preserved in the APACHE_MODULES variable
when updating apache2-mod_wsgi (bsc#1216411)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Proxy 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-4385=1
* SUSE Manager Server 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-4385=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2023-4385=1 openSUSE-SLE-15.4-2023-4385=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4385=1
* Public Cloud Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-4385=1
* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4385=1
## Package List:
* SUSE Manager Proxy 4.3 Module 4.3 (x86_64)
* apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7
* apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7
* apache2-mod_wsgi-4.7.1-150400.3.7.7
* SUSE Manager Proxy 4.3 Module 4.3 (noarch)
* spacewalk-backend-4.3.24-150400.3.30.16
* python3-spacewalk-client-setup-4.3.16-150400.3.18.13
* spacewalk-base-minimal-4.3.35-150400.3.33.14
* spacewalk-check-4.3.16-150400.3.18.13
* python3-spacewalk-check-4.3.16-150400.3.18.13
* spacewalk-base-minimal-config-4.3.35-150400.3.33.14
* python3-spacewalk-client-tools-4.3.16-150400.3.18.13
* spacewalk-client-setup-4.3.16-150400.3.18.13
* spacewalk-client-tools-4.3.16-150400.3.18.13
* spacecmd-4.3.24-150400.3.27.10
* SUSE Manager Server 4.3 Module 4.3 (noarch)
* susemanager-schema-utility-4.3.21-150400.3.27.11
* susemanager-docs_en-pdf-4.3-150400.9.47.1
* spacewalk-backend-iss-export-4.3.24-150400.3.30.16
* uyuni-config-modules-4.3.36-150400.3.34.6
* spacewalk-backend-sql-4.3.24-150400.3.30.16
* spacewalk-base-minimal-4.3.35-150400.3.33.14
* spacewalk-java-config-4.3.68-150400.3.66.14
* spacewalk-backend-iss-4.3.24-150400.3.30.16
* spacewalk-backend-sql-postgresql-4.3.24-150400.3.30.16
* cobbler-3.3.3-150400.5.36.10
* spacewalk-java-lib-4.3.68-150400.3.66.14
* spacewalk-utils-4.3.18-150400.3.18.10
* susemanager-docs_en-4.3-150400.9.47.1
* spacewalk-java-postgresql-4.3.68-150400.3.66.14
* spacewalk-backend-server-4.3.24-150400.3.30.16
* spacewalk-backend-config-files-tool-4.3.24-150400.3.30.16
* spacewalk-base-minimal-config-4.3.35-150400.3.33.14
* susemanager-schema-4.3.21-150400.3.27.11
* spacewalk-html-4.3.35-150400.3.33.14
* spacewalk-client-tools-4.3.16-150400.3.18.13
* spacewalk-backend-package-push-server-4.3.24-150400.3.30.16
* spacewalk-backend-applet-4.3.24-150400.3.30.16
* spacewalk-taskomatic-4.3.68-150400.3.66.14
* billing-data-service-4.3.1-150400.10.9.10
* spacewalk-backend-tools-4.3.24-150400.3.30.16
* susemanager-sls-4.3.36-150400.3.34.6
* spacewalk-backend-app-4.3.24-150400.3.30.16
* spacewalk-java-4.3.68-150400.3.66.14
* spacewalk-backend-xmlrpc-4.3.24-150400.3.30.16
* spacewalk-backend-xml-export-libs-4.3.24-150400.3.30.16
* spacecmd-4.3.24-150400.3.27.10
* spacewalk-backend-4.3.24-150400.3.30.16
* spacewalk-utils-extras-4.3.18-150400.3.18.10
* spacewalk-base-4.3.35-150400.3.33.14
* spacewalk-config-4.3.12-150400.3.12.10
* spacewalk-backend-config-files-4.3.24-150400.3.30.16
* susemanager-sync-data-4.3.13-150400.3.14.10
* python3-spacewalk-client-tools-4.3.16-150400.3.18.13
* spacewalk-backend-config-files-common-4.3.24-150400.3.30.16
* SUSE Manager Server 4.3 Module 4.3 (ppc64le s390x x86_64)
* susemanager-4.3.32-150400.3.39.6
* susemanager-tools-4.3.32-150400.3.39.6
* smdba-1.7.12-0.150400.4.9.10
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7
* apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7
* apache2-mod_wsgi-4.7.1-150400.3.7.7
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7
* apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7
* apache2-mod_wsgi-4.7.1-150400.3.7.7
* Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7
* apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7
* apache2-mod_wsgi-4.7.1-150400.3.7.7
* Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* apache2-mod_wsgi-debugsource-4.7.1-150400.3.7.7
* apache2-mod_wsgi-debuginfo-4.7.1-150400.3.7.7
* apache2-mod_wsgi-4.7.1-150400.3.7.7
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1204270
* https://bugzilla.suse.com/show_bug.cgi?id=1211047
* https://bugzilla.suse.com/show_bug.cgi?id=1211145
* https://bugzilla.suse.com/show_bug.cgi?id=1211270
* https://bugzilla.suse.com/show_bug.cgi?id=1211912
* https://bugzilla.suse.com/show_bug.cgi?id=1212168
* https://bugzilla.suse.com/show_bug.cgi?id=1212507
* https://bugzilla.suse.com/show_bug.cgi?id=1213132
* https://bugzilla.suse.com/show_bug.cgi?id=1213376
* https://bugzilla.suse.com/show_bug.cgi?id=1213469
* https://bugzilla.suse.com/show_bug.cgi?id=1213680
* https://bugzilla.suse.com/show_bug.cgi?id=1213689
* https://bugzilla.suse.com/show_bug.cgi?id=1214041
* https://bugzilla.suse.com/show_bug.cgi?id=1214121
* https://bugzilla.suse.com/show_bug.cgi?id=1214463
* https://bugzilla.suse.com/show_bug.cgi?id=1214553
* https://bugzilla.suse.com/show_bug.cgi?id=1214746
* https://bugzilla.suse.com/show_bug.cgi?id=1215027
* https://bugzilla.suse.com/show_bug.cgi?id=1215120
* https://bugzilla.suse.com/show_bug.cgi?id=1215412
* https://bugzilla.suse.com/show_bug.cgi?id=1215514
* https://bugzilla.suse.com/show_bug.cgi?id=1216411
* https://bugzilla.suse.com/show_bug.cgi?id=1216661
* https://jira.suse.com/browse/MSQA-706
1
0
09 Nov '23
# Security update for salt
Announcement ID: SUSE-SU-2023:4386-1
Rating: important
References:
* bsc#1213293
* bsc#1213518
* bsc#1214477
* bsc#1215157
* jsc#MSQA-706
Cross-References:
* CVE-2023-34049
CVSS scores:
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* Transactional Server Module 15-SP5
An update that solves one vulnerability, contains one feature and has three
security fixes can now be installed.
## Description:
This update for salt fixes the following issues:
Security issues fixed:
* CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
* Fix optimization_order opt to prevent testsuite fails
* Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
* Use salt-call from salt bundle with transactional_update
* Only call native_str on curl_debug message in tornado when needed
* Implement the calling for batch async from the salt CLI
* Fix calculation of SLS context vars when trailing dots on targetted
sls/state (bsc#1213518)
* Rename salt-tests to python3-salt-testsuite
* Allow all primitive grain types for autosign_grains (bsc#1214477)
## Special Instructions and Notes:
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4386=1 SUSE-2023-4386=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4386=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4386=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-4386=1
* Transactional Server Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP5-2023-4386=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* salt-proxy-3006.0-150500.4.24.2
* salt-standalone-formulas-configuration-3006.0-150500.4.24.2
* salt-3006.0-150500.4.24.2
* salt-cloud-3006.0-150500.4.24.2
* salt-master-3006.0-150500.4.24.2
* salt-api-3006.0-150500.4.24.2
* salt-minion-3006.0-150500.4.24.2
* salt-syndic-3006.0-150500.4.24.2
* python3-salt-3006.0-150500.4.24.2
* salt-transactional-update-3006.0-150500.4.24.2
* salt-doc-3006.0-150500.4.24.2
* python3-salt-testsuite-3006.0-150500.4.24.2
* salt-ssh-3006.0-150500.4.24.2
* openSUSE Leap 15.5 (noarch)
* salt-bash-completion-3006.0-150500.4.24.2
* salt-fish-completion-3006.0-150500.4.24.2
* salt-zsh-completion-3006.0-150500.4.24.2
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* salt-3006.0-150500.4.24.2
* salt-minion-3006.0-150500.4.24.2
* python3-salt-3006.0-150500.4.24.2
* salt-transactional-update-3006.0-150500.4.24.2
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-doc-3006.0-150500.4.24.2
* salt-3006.0-150500.4.24.2
* salt-minion-3006.0-150500.4.24.2
* python3-salt-3006.0-150500.4.24.2
* Basesystem Module 15-SP5 (noarch)
* salt-bash-completion-3006.0-150500.4.24.2
* salt-zsh-completion-3006.0-150500.4.24.2
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-proxy-3006.0-150500.4.24.2
* salt-standalone-formulas-configuration-3006.0-150500.4.24.2
* salt-cloud-3006.0-150500.4.24.2
* salt-master-3006.0-150500.4.24.2
* salt-api-3006.0-150500.4.24.2
* salt-syndic-3006.0-150500.4.24.2
* salt-ssh-3006.0-150500.4.24.2
* Server Applications Module 15-SP5 (noarch)
* salt-fish-completion-3006.0-150500.4.24.2
* Transactional Server Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-transactional-update-3006.0-150500.4.24.2
## References:
* https://www.suse.com/security/cve/CVE-2023-34049.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213293
* https://bugzilla.suse.com/show_bug.cgi?id=1213518
* https://bugzilla.suse.com/show_bug.cgi?id=1214477
* https://bugzilla.suse.com/show_bug.cgi?id=1215157
* https://jira.suse.com/browse/MSQA-706
1
0
09 Nov '23
# Security update for salt
Announcement ID: SUSE-SU-2023:4387-1
Rating: important
References:
* bsc#1213293
* bsc#1213518
* bsc#1214477
* bsc#1215157
* jsc#MSQA-706
Cross-References:
* CVE-2023-34049
CVSS scores:
Affected Products:
* Basesystem Module 15-SP4
* openSUSE Leap 15.4
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* Server Applications Module 15-SP4
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* Transactional Server Module 15-SP4
An update that solves one vulnerability, contains one feature and has three
security fixes can now be installed.
## Description:
This update for salt fixes the following issues:
Security issues fixed:
* CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
* Fix optimization_order opt to prevent testsuite fails
* Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
* Use salt-call from salt bundle with transactional_update
* Only call native_str on curl_debug message in tornado when needed
* Implement the calling for batch async from the salt CLI
* Fix calculation of SLS context vars when trailing dots on targetted
sls/state (bsc#1213518)
* Rename salt-tests to python3-salt-testsuite
* Allow all primitive grain types for autosign_grains (bsc#1214477)
## Special Instructions and Notes:
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4387=1 SUSE-2023-4387=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4387=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4387=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4387=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4387=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4387=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4387=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4387=1
* Server Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-4387=1
* Transactional Server Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2023-4387=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* salt-master-3006.0-150400.8.49.2
* salt-proxy-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* salt-standalone-formulas-configuration-3006.0-150400.8.49.2
* salt-minion-3006.0-150400.8.49.2
* salt-syndic-3006.0-150400.8.49.2
* salt-doc-3006.0-150400.8.49.2
* python3-salt-testsuite-3006.0-150400.8.49.2
* salt-api-3006.0-150400.8.49.2
* salt-cloud-3006.0-150400.8.49.2
* salt-ssh-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* openSUSE Leap 15.4 (noarch)
* salt-bash-completion-3006.0-150400.8.49.2
* salt-fish-completion-3006.0-150400.8.49.2
* salt-zsh-completion-3006.0-150400.8.49.2
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-transactional-update-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* salt-minion-3006.0-150400.8.49.2
* salt-doc-3006.0-150400.8.49.2
* salt-3006.0-150400.8.49.2
* python3-salt-3006.0-150400.8.49.2
* Basesystem Module 15-SP4 (noarch)
* salt-bash-completion-3006.0-150400.8.49.2
* salt-zsh-completion-3006.0-150400.8.49.2
* Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* salt-master-3006.0-150400.8.49.2
* salt-proxy-3006.0-150400.8.49.2
* salt-standalone-formulas-configuration-3006.0-150400.8.49.2
* salt-syndic-3006.0-150400.8.49.2
* salt-api-3006.0-150400.8.49.2
* salt-cloud-3006.0-150400.8.49.2
* salt-ssh-3006.0-150400.8.49.2
* Server Applications Module 15-SP4 (noarch)
* salt-fish-completion-3006.0-150400.8.49.2
* Transactional Server Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* salt-transactional-update-3006.0-150400.8.49.2
## References:
* https://www.suse.com/security/cve/CVE-2023-34049.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213293
* https://bugzilla.suse.com/show_bug.cgi?id=1213518
* https://bugzilla.suse.com/show_bug.cgi?id=1214477
* https://bugzilla.suse.com/show_bug.cgi?id=1215157
* https://jira.suse.com/browse/MSQA-706
1
0
09 Nov '23
# Security update for salt
Announcement ID: SUSE-SU-2023:4388-1
Rating: important
References:
* bsc#1213293
* bsc#1213518
* bsc#1214477
* bsc#1215157
* jsc#MSQA-706
Cross-References:
* CVE-2023-34049
CVSS scores:
Affected Products:
* Basesystem Module 15-SP4
* Basesystem Module 15-SP5
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap Micro 5.3
* openSUSE Leap Micro 5.4
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.2
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability, contains one feature and has three
security fixes can now be installed.
## Description:
This update for salt fixes the following issues:
Security issues fixed:
* CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
* Fix optimization_order opt to prevent testsuite fails
* Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
* Use salt-call from salt bundle with transactional_update
* Only call native_str on curl_debug message in tornado when needed
* Implement the calling for batch async from the salt CLI
* Fix calculation of SLS context vars when trailing dots on targetted
sls/state (bsc#1213518)
* Rename salt-tests to python3-salt-testsuite
* Allow all primitive grain types for autosign_grains (bsc#1214477)
## Special Instructions and Notes:
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2023-4388=1
* openSUSE Leap Micro 5.3
zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4388=1
* openSUSE Leap Micro 5.4
zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4388=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4388=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4388=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4388=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2023-4388=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4388=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2023-4388=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2023-4388=1
* Basesystem Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4388=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4388=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4388=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4388=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4388=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4388=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2023-4388=1
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-4388=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4388=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-4388=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python2-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-doc-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-transactional-update-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python2-simplejson-3.17.2-150300.3.4.1
* python3-salt-3006.0-150300.53.65.2
* python3-salt-testsuite-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* openSUSE Leap 15.3 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* openSUSE Leap Micro 5.3 (aarch64 x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* openSUSE Leap Micro 5.4 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64
x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* salt-doc-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* salt-doc-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-transactional-update-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* salt-doc-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* salt-doc-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-proxy-3006.0-150300.53.65.2
* salt-minion-3006.0-150300.53.65.2
* salt-ssh-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-master-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-standalone-formulas-configuration-3006.0-150300.53.65.2
* salt-transactional-update-3006.0-150300.53.65.2
* salt-api-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* salt-syndic-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* salt-doc-3006.0-150300.53.65.2
* salt-cloud-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Enterprise Storage 7.1 (noarch)
* salt-bash-completion-3006.0-150300.53.65.2
* salt-fish-completion-3006.0-150300.53.65.2
* salt-zsh-completion-3006.0-150300.53.65.2
* SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-minion-3006.0-150300.53.65.2
* salt-transactional-update-3006.0-150300.53.65.2
* salt-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-minion-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-transactional-update-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
* python3-simplejson-3.17.2-150300.3.4.1
* salt-minion-3006.0-150300.53.65.2
* python-simplejson-debugsource-3.17.2-150300.3.4.1
* salt-transactional-update-3006.0-150300.53.65.2
* python-simplejson-debuginfo-3.17.2-150300.3.4.1
* salt-3006.0-150300.53.65.2
* python3-salt-3006.0-150300.53.65.2
* python3-simplejson-debuginfo-3.17.2-150300.3.4.1
## References:
* https://www.suse.com/security/cve/CVE-2023-34049.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213293
* https://bugzilla.suse.com/show_bug.cgi?id=1213518
* https://bugzilla.suse.com/show_bug.cgi?id=1214477
* https://bugzilla.suse.com/show_bug.cgi?id=1215157
* https://jira.suse.com/browse/MSQA-706
1
0
SUSE-RU-2023:4392-1: moderate: Recommended update for SUSE Manager Client Tools
by maintenance@opensuse.org 09 Nov '23
by maintenance@opensuse.org 09 Nov '23
09 Nov '23
# Recommended update for SUSE Manager Client Tools
Announcement ID: SUSE-RU-2023:4392-1
Rating: moderate
References:
* jsc#MSQA-706
Affected Products:
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15
* SUSE Linux Enterprise Desktop 15 SP1
* SUSE Linux Enterprise Desktop 15 SP2
* SUSE Linux Enterprise Desktop 15 SP3
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP1
* SUSE Linux Enterprise Real Time 15 SP2
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Client Tools for SLE 15
* SUSE Package Hub 15 15-SP5
An update that contains one feature can now be installed.
## Description:
This update fixes the following issues:
grafana:
* Update to version 9.5.8:
* Features and enhancements GenericOAuth: Set sub as auth id
* Bug fixes: DataSourceProxy: Fix url validation error handling
* Update to version 9.5.7:
* Alerting: Sort NumberCaptureValues in EvaluationString
* Alerting: Improve performance of matching captures
* Alerting: No longer silence paused alerts during legacy migration
* Alerting: Remove and revert flag alertingBigTransactions
* Alerting: Migrate unknown NoData\Error settings to the default
* Tracing: supply Grafana build version
* Tempo: Escape regex-sensitive characters in span name before building promql
query
* Plugins: Only configure plugin proxy transport once
* Alerting: Fix unique violation when updating rule group with title
chains/cycles
* Prometheus: Version detect bug
* Prometheus: Fix heatmap format with no data
* Database: Change getExistingDashboardByTitleAndFolder to get dashboard by
title, not slug
* Alerting: Convert 'Both' type Prometheus queries to 'Range' in
* SQLStore: Fix Postgres dialect treating "false" migrator default as true
* Alerting: Support newer http_config struct
* InfluxDB: Interpolate retention policies
* StatusHistory: Fix rendering of value-mapped null
* Alerting: Fix provenance guard checks for Alertmanager configuration to not
cause panic when compared nested objects
* AnonymousAuth: Fix concurrent read-write crash
* AzureMonitor: Ensure legacy properties containing template variables are
correctly migrated
* Explore: Remove data source onboarding page
* Dashboard: Re-align Save form
* Azure Monitor: Fix bug that did not show alert rule preview
* Histogram: Respect min/max panel settings for x-axis
* Heatmap: Fix color rendering for value ranges < 1
* Heatmap: Handle unsorted timestamps in calculate mode
* Google Cloud Monitor: Fix mem usage for dropdown
* AzureMonitor: Fix logs query multi-resource and timespan values
* Utils: Reimplement util.GetRandomString to avoid modulo bias
* Alerting: Fix matching labels with spaces in their values
* Dashboard: Fix applying timezone to datetime variables
* Dashboard: Fix panel description event triggering every time panel is
rendered
* Tempo: Fix get label values based on CoreApp type
* Heatmap: Fix log scale editor
* Dashboard: Fix disappearing panel when viewed panel is refreshed
* Prometheus: Fix bug in creating autocomplete queries with labels
* Prometheus: Fix Query Inspector expression range value
* Alerting: Fix migration failing if alert_configuration table is not empty
* InfluxDB: Fix querying retention policies on flux mode
* Update to version 9.5.6:
* Dashboard: Fix library panels in collapsed rows not getting updated
* Auth: Add and document option for enabling email lookup
spacecmd:
* Version 4.3.24-1
* Change default scheduler from (none) to (system)
spacewalk-client-tools:
* Version 4.3.16-1
* Update translation strings
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4392=1
* SUSE Manager Client Tools for SLE 15
zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-4392=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4392=1
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4392=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-promu-0.14.0-150000.3.15.2
* openSUSE Leap 15.5 (noarch)
* spacecmd-4.3.24-150000.3.107.1
* SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
* grafana-9.5.8-150000.1.57.2
* grafana-debuginfo-9.5.8-150000.1.57.2
* SUSE Manager Client Tools for SLE 15 (noarch)
* spacecmd-4.3.24-150000.3.107.1
* python3-spacewalk-client-tools-4.3.16-150000.3.80.2
* python3-spacewalk-client-setup-4.3.16-150000.3.80.2
* python3-spacewalk-check-4.3.16-150000.3.80.2
* spacewalk-client-setup-4.3.16-150000.3.80.2
* spacewalk-client-tools-4.3.16-150000.3.80.2
* spacewalk-check-4.3.16-150000.3.80.2
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-promu-0.14.0-150000.3.15.2
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-promu-0.14.0-150000.3.15.2
* openSUSE Leap 15.4 (noarch)
* spacecmd-4.3.24-150000.3.107.1
## References:
* https://jira.suse.com/browse/MSQA-706
1
0
SUSE-RU-2023:4393-1: moderate: Recommended update for grafana
by maintenance@opensuse.org 09 Nov '23
by maintenance@opensuse.org 09 Nov '23
09 Nov '23
# Recommended update for grafana
Announcement ID: SUSE-RU-2023:4393-1
Rating: moderate
References:
* jsc#MSQA-706
Affected Products:
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP4
* SUSE Package Hub 15 15-SP5
An update that contains one feature can now be installed.
## Description:
This update for grafana fixes the following issues:
* Update to version 9.5.8 GenericOAuth: Set sub as auth id DataSourceProxy:
Fix url validation error handling Alerting: Sort NumberCaptureValues in
EvaluationString Alerting: Improve performance of matching captures
Alerting: No longer silence paused alerts during legacy migration Alerting:
Remove and revert flag alertingBigTransactions Alerting: Migrate unknown
NoData\Error settings to the default Tracing: supply Grafana build version
Tempo: Escape regex-sensitive characters in span name before building promql
query Plugins: Only configure plugin proxy transport once Alerting: Fix
unique violation when updating rule group with title chains/cycles
Prometheus: Version detect bug Prometheus: Fix heatmap format with no data
Database: Change getExistingDashboardByTitleAndFolder to get dashboard by
title, not slug Alerting: Convert 'Both' type Prometheus queries to 'Range'
in migration SQLStore: Fix Postgres dialect treating "false" migrator
default as true Alerting: Support newer http_config struct InfluxDB:
Interpolate retention policies StatusHistory: Fix rendering of value-mapped
null Alerting: Fix Alertmanager's provenance guard checks configuration to
not cause panic when compared nested objects AnonymousAuth: Fix concurrent
read-write crash AzureMonitor: Ensure legacy properties containing template
variables are correctly migrated Explore: Remove data source onboarding page
Dashboard: Re-align Save form Azure Monitor: Fix bug that did not show alert
rule preview Histogram: Respect min/max panel settings for x-axis Heatmap:
Fix color rendering for value ranges < 1 Heatmap: Handle unsorted timestamps
in calculate mode Google Cloud Monitor: Fix mem usage for dropdown
AzureMonitor: Fix logs query multi-resource and timespan values Utils:
Reimplement util.GetRandomString to avoid modulo bias Alerting: Fix matching
labels with spaces in their values Dashboard: Fix applying timezone to
datetime variables Dashboard: Fix panel description event triggering every
time panel is rendered Tempo: Fix get label values based on CoreApp type
Heatmap: Fix log scale editor Dashboard: Fix disappearing panel when viewed
panel is refreshed Prometheus: Fix bug in creating autocomplete queries with
labels Prometheus: Fix Query Inspector expression range value Alerting: Fix
migration failing if alert_configuration table is not empty InfluxDB: Fix
querying retention policies on flux mode Dashboard: Fix library panels in
collapsed rows not getting updated Auth: Add and document option for
enabling email lookup
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4393=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4393=1
* SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4393=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4393=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.8-150200.3.50.4
* grafana-9.5.8-150200.3.50.4
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.8-150200.3.50.4
* grafana-9.5.8-150200.3.50.4
* SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.8-150200.3.50.4
* grafana-9.5.8-150200.3.50.4
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* grafana-debuginfo-9.5.8-150200.3.50.4
* grafana-9.5.8-150200.3.50.4
## References:
* https://jira.suse.com/browse/MSQA-706
1
0