openSUSE Updates
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
May 2024
- 3 participants
- 163 discussions
06 May '24
# Recommended update for salt
Announcement ID: SUSE-RU-2024:1529-1
Rating: moderate
References:
* bsc#1211649
* bsc#1211888
* bsc#1216850
* bsc#1218482
* bsc#1219001
* jsc#MSQA-760
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* Server Applications Module 15-SP5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* Transactional Server Module 15-SP5
An update that contains one feature and has five fixes can now be installed.
## Description:
This update for salt fixes the following issues:
* Convert oscap output to UTF-8
* Make Salt compatible with Python 3.11
* Ignore non-ascii chars in oscap output (bsc#1219001)
* Fix detected issues in Salt tests when running on VMs
* Make importing seco.range thread safe (bsc#1211649)
* Fix problematic tests and allow smooth tests executions on containers
* Discover Ansible playbook files as " _.yml " or "_.yaml" files (bsc#1211888)
* Provide user(salt)/group(salt) capabilities for RPM 4.19
* Extend dependencies for python3-salt-testsuiteand python3-salt packages
* Improve Salt and testsuite packages multibuild
* Enable multibuilld and create test flavor
* Prevent exceptions with fileserver.update when called via state
(bsc#1218482)
* Improve pip target override condition with VENV_PIP_TARGET environment
variable (bsc#1216850)
* Fixed KeyError in logs when running a state that fails
## Special Instructions and Notes:
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-1529=1 openSUSE-SLE-15.5-2024-1529=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-1529=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1529=1
* Server Applications Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2024-1529=1
* Transactional Server Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP5-2024-1529=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* salt-cloud-3006.0-150500.4.32.2
* salt-proxy-3006.0-150500.4.32.2
* salt-transactional-update-3006.0-150500.4.32.2
* salt-syndic-3006.0-150500.4.32.2
* salt-master-3006.0-150500.4.32.2
* salt-minion-3006.0-150500.4.32.2
* python3-salt-testsuite-3006.0-150500.4.32.1
* python3-salt-3006.0-150500.4.32.2
* salt-standalone-formulas-configuration-3006.0-150500.4.32.2
* salt-doc-3006.0-150500.4.32.2
* salt-api-3006.0-150500.4.32.2
* salt-ssh-3006.0-150500.4.32.2
* salt-3006.0-150500.4.32.2
* openSUSE Leap 15.5 (noarch)
* salt-zsh-completion-3006.0-150500.4.32.2
* salt-fish-completion-3006.0-150500.4.32.2
* salt-bash-completion-3006.0-150500.4.32.2
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* salt-minion-3006.0-150500.4.32.2
* salt-transactional-update-3006.0-150500.4.32.2
* python3-salt-3006.0-150500.4.32.2
* salt-3006.0-150500.4.32.2
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-minion-3006.0-150500.4.32.2
* python3-salt-3006.0-150500.4.32.2
* salt-doc-3006.0-150500.4.32.2
* salt-3006.0-150500.4.32.2
* Basesystem Module 15-SP5 (noarch)
* salt-zsh-completion-3006.0-150500.4.32.2
* salt-bash-completion-3006.0-150500.4.32.2
* Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-proxy-3006.0-150500.4.32.2
* salt-cloud-3006.0-150500.4.32.2
* salt-syndic-3006.0-150500.4.32.2
* salt-master-3006.0-150500.4.32.2
* salt-standalone-formulas-configuration-3006.0-150500.4.32.2
* salt-api-3006.0-150500.4.32.2
* salt-ssh-3006.0-150500.4.32.2
* Server Applications Module 15-SP5 (noarch)
* salt-fish-completion-3006.0-150500.4.32.2
* Transactional Server Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* salt-transactional-update-3006.0-150500.4.32.2
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1211649
* https://bugzilla.suse.com/show_bug.cgi?id=1211888
* https://bugzilla.suse.com/show_bug.cgi?id=1216850
* https://bugzilla.suse.com/show_bug.cgi?id=1218482
* https://bugzilla.suse.com/show_bug.cgi?id=1219001
* https://jira.suse.com/browse/MSQA-760
1
0
SUSE-SU-2024:1530-1: moderate: Security update for grafana and mybatis
by OPENSUSE-UPDATES 06 May '24
by OPENSUSE-UPDATES 06 May '24
06 May '24
# Security update for grafana and mybatis
Announcement ID: SUSE-SU-2024:1530-1
Rating: moderate
References:
* bsc#1219912
* bsc#1222155
* jsc#MSQA-760
Cross-References:
* CVE-2023-6152
* CVE-2024-1313
CVSS scores:
* CVE-2023-6152 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2024-1313 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Package Hub 15 15-SP5
An update that solves two vulnerabilities and contains one feature can now be
installed.
## Description:
This update for grafana and mybatis fixes the following issues:
grafana was updated to version 9.5.18:
* Grafana now requires Go 1.20
* Security issues fixed:
* CVE-2024-1313: Require same organisation when deleting snapshots
(bsc#1222155)
* CVE-2023-6152: Add email verification when updating user email (bsc#1219912)
* Other non-security related changes:
* Version 9.5.17:
* [FEATURE] Alerting: Backport use Alertmanager API v2
* Version 9.5.16:
* [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL
* Version 9.5.15:
* [FEATURE] Alerting: Attempt to retry retryable errors
* Version 9.5.14:
* [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error
* [BUGFIX] Transformations: Config overrides being lost when config from query transform is applied
* [BUGFIX] LDAP: Fix enable users on successfull login
* Version 9.5.13:
* [BUGFIX] BrowseDashboards: Only remember the most recent expanded folder
* [BUGFIX] Licensing: Pass func to update env variables when starting plugin
* Version 9.5.12:
* [FEATURE] Azure: Add support for Workload Identity authentication
* Version 9.5.9:
* [FEATURE] SSE: Fix DSNode to not panic when response has empty response
* [FEATURE] Prometheus: Handle the response with different field key order
* [BUGFIX] LDAP: Fix user disabling
mybatis:
* `apache-commons-ognl` is now a non-optional dependency
* Fixed building with log4j v1 and v2 dependencies
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1530=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1530=1
## Package List:
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* grafana-9.5.18-150200.3.56.1
* grafana-debuginfo-9.5.18-150200.3.56.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* grafana-9.5.18-150200.3.56.1
* grafana-debuginfo-9.5.18-150200.3.56.1
* openSUSE Leap 15.5 (noarch)
* mybatis-3.5.6-150200.5.6.1
* mybatis-javadoc-3.5.6-150200.5.6.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6152.html
* https://www.suse.com/security/cve/CVE-2024-1313.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219912
* https://bugzilla.suse.com/show_bug.cgi?id=1222155
* https://jira.suse.com/browse/MSQA-760
1
0
SUSE-RU-2024:1531-1: moderate: Recommended update for golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter
by OPENSUSE-UPDATES 06 May '24
by OPENSUSE-UPDATES 06 May '24
06 May '24
# Recommended update for golang-github-prometheus-alertmanager, golang-github-
prometheus-node_exporter
Announcement ID: SUSE-RU-2024:1531-1
Rating: moderate
References:
* jsc#MSQA-760
* jsc#PED-7893
* jsc#PED-7928
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.3
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15
* SUSE Linux Enterprise Desktop 15 SP1
* SUSE Linux Enterprise Desktop 15 SP2
* SUSE Linux Enterprise Desktop 15 SP3
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15
* SUSE Linux Enterprise High Performance Computing 15 SP1
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.0
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP1
* SUSE Linux Enterprise Real Time 15 SP2
* SUSE Linux Enterprise Real Time 15 SP3
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15
* SUSE Linux Enterprise Server 15 SP1
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15
* SUSE Linux Enterprise Server for SAP Applications 15 SP1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Client Tools Beta for SLE 15
* SUSE Manager Client Tools for SLE 15
* SUSE Manager Client Tools for SLE Micro 5
* SUSE Manager Proxy 4.3
* SUSE Manager Proxy 4.3 Module 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP5
An update that contains three features can now be installed.
## Description:
This update for golang-github-prometheus-alertmanager, golang-github-prometheus-
node_exporter fixes the following issues:
* update to 1.7.0 (jsc#PED-7893, jsc#PED-7928):
* [FEATURE] Add ZFS freebsd per dataset stats #2753
* [FEATURE] Add cpu vulnerabilities reporting from sysfs #2721
* [ENHANCEMENT] Parallelize stat calls in Linux filesystem collector #1772
* [ENHANCEMENT] Add missing linkspeeds to ethtool collector #2711
* [ENHANCEMENT] Add CPU MHz as the value for node_cpu_info metric #2778
* [ENHANCEMENT] Improve qdisc collector performance #2779
* [ENHANCEMENT] Add include and exclude filter for hwmon collector #2699
* [ENHANCEMENT] Optionally fetch ARP stats via rtnetlink instead of procfs
#2777
* [BUFFIX] Fix ZFS arcstats on FreeBSD 14.0+ 2754
* [BUGFIX] Fallback to 32-bit stats in netdev #2757
* [BUGFIX] Close btrfs.FS handle after use #2780
* [BUGFIX] Move RO status before error return #2807
* [BUFFIX] Fix promhttp_metric_handler_errors_total being always active #2808
* [BUGFIX] Fix nfsd v4 index miss #2824
* update to 1.6.1: (no source code changes in this release)
* BuildRequire go1.20
* update to 1.6.0:
* [CHANGE] Fix cpustat when some cpus are offline #2318
* [CHANGE] Remove metrics of offline CPUs in CPU collector #2605
* [CHANGE] Deprecate ntp collector #2603
* [CHANGE] Remove bcache `cache_readaheads_totals` metrics #2583
* [CHANGE] Deprecate supervisord collector #2685
* [FEATURE] Enable uname collector on NetBSD #2559
* [FEATURE] NetBSD support for the meminfo collector #2570
* [FEATURE] NetBSD support for CPU collector #2626
* [FEATURE] Add FreeBSD collector for netisr subsystem #2668
* [FEATURE] Add softirqs collector #2669
* [ENHANCEMENT] Add suspended as a `node_zfs_zpool_state` #2449
* [ENHANCEMENT] Add administrative state of Linux network interfaces #2515
* [ENHANCEMENT] Log current value of GOMAXPROCS #2537
* [ENHANCEMENT] Add profiler options for perf collector #2542
* [ENHANCEMENT] Allow root path as metrics path #2590
* [ENHANCEMENT] Add cpu frequency governor metrics #2569
* [ENHANCEMENT] Add new landing page #2622
* [ENHANCEMENT] Reduce privileges needed for btrfs device stats #2634
* [ENHANCEMENT] Add ZFS `memory_available_bytes` #2687
* [ENHANCEMENT] Use `SCSI_IDENT_SERIAL` as serial in diskstats #2612
* [ENHANCEMENT] Read missing from netlink netclass attributes from sysfs #2669
* [BUGFIX] perf: fixes for automatically detecting the correct tracefs
mountpoints #2553
* [BUGFIX] Fix `thermal_zone` collector noise @2554
* [BUGFIX] Fix a problem fetching the user wire count on FreeBSD 2584
* [BUGFIX] interrupts: Fix fields on linux aarch64 #2631
* [BUGFIX] Remove metrics of offline CPUs in CPU collector #2605
* [BUGFIX] Fix OpenBSD filesystem collector string parsing #2637
* [BUGFIX] Fix bad reporting of `node_cpu_seconds_total` in OpenBSD #2663
* change go_modules archive in _service to use obscpio file
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1531=1
* SUSE Manager Client Tools for SLE 15
zypper in -t patch SUSE-SLE-Manager-Tools-15-2024-1531=1
* SUSE Manager Client Tools Beta for SLE 15
zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2024-1531=1
* SUSE Manager Client Tools for SLE Micro 5
zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2024-1531=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1531=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1531=1
* SUSE Manager Proxy 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2024-1531=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1531=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1531=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1531=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1531=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1531=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1531=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1531=1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1531=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1531=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1531=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1531=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1531=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-1531=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1531=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-1531=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* golang-github-prometheus-alertmanager-0.26.0-150100.4.22.1
* SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.22.1
* SUSE Manager Client Tools Beta for SLE 15 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.22.1
* SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.22.1
* SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64)
* golang-github-prometheus-alertmanager-0.26.0-150100.4.22.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Manager Proxy 4.3 (x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1
## References:
* https://jira.suse.com/browse/MSQA-760
* https://jira.suse.com/browse/PED-7893
* https://jira.suse.com/browse/PED-7928
1
0
SUSE-SU-2024:1532-1: important: Maintenance update for SUSE Manager 4.3 Release Notes
by OPENSUSE-UPDATES 06 May '24
by OPENSUSE-UPDATES 06 May '24
06 May '24
# Maintenance update for SUSE Manager 4.3 Release Notes
Announcement ID: SUSE-SU-2024:1532-1
Rating: important
References:
* bsc#1170848
* bsc#1208572
* bsc#1214340
* bsc#1214387
* bsc#1216085
* bsc#1217204
* bsc#1217874
* bsc#1218764
* bsc#1218805
* bsc#1218931
* bsc#1218957
* bsc#1219061
* bsc#1219233
* bsc#1219634
* bsc#1219875
* bsc#1220001
* bsc#1220101
* bsc#1220169
* bsc#1220194
* bsc#1220221
* bsc#1220376
* bsc#1220705
* bsc#1220726
* bsc#1220903
* bsc#1220980
* bsc#1221111
* bsc#1221182
* bsc#1221279
* bsc#1221465
* bsc#1221571
* bsc#1221784
* bsc#1221922
* bsc#1222110
* bsc#1222347
* jsc#MSQA-760
Cross-References:
* CVE-2023-51775
CVSS scores:
* CVE-2023-51775 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability, contains one feature and has 33
security fixes can now be installed.
## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3
### Description:
This update fixes the following issues:
release-notes-susemanager-proxy:
* Update to SUSE Manager 4.3.12
* Bugs mentioned: bsc#1208572, bsc#1214387, bsc#1217204, bsc#1220980,
bsc#1221465 bsc#1222347, bsc#1220001
## Security update for SUSE Manager Server 4.3
### Description:
This update fixes the following issues:
release-notes-susemanager:
* Update to SUSE Manager 4.3.12
* Monitoring: Node exporter upgraded to 1.7.0
* Automatic migration from Salt 3000 to the Salt Bundle
* New update-salt recurring state
* uyuni-proxy-systemd-services package has been added to proxy channel
* New Errata getRelevantErrata API endpoint
* CVEs fixed: 2023-51775
* Bugs mentioned:
bsc#1170848, bsc#1208572, bsc#1214340, bsc#1214387, bsc#1216085 bsc#1217204,
bsc#1217874, bsc#1218764, bsc#1218805, bsc#1218931 bsc#1218957, bsc#1219061,
bsc#1219233, bsc#1219634, bsc#1219875 bsc#1220101, bsc#1220169, bsc#1220194,
bsc#1220221, bsc#1220376 bsc#1220705, bsc#1220726, bsc#1220903, bsc#1220980,
bsc#1221111 bsc#1221182, bsc#1221279, bsc#1221465, bsc#1221571, bsc#1221784
bsc#1221922, bsc#1222110, bsc#1222347
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1532=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-1532=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1532=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-1532=1
## Package List:
* SUSE Manager Proxy 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.12-150400.3.82.3
* SUSE Manager Retail Branch Server 4.3 (noarch)
* release-notes-susemanager-proxy-4.3.12-150400.3.82.3
* SUSE Manager Server 4.3 (noarch)
* release-notes-susemanager-4.3.12-150400.3.108.2
* openSUSE Leap 15.4 (noarch)
* release-notes-susemanager-proxy-4.3.12-150400.3.82.3
* release-notes-susemanager-4.3.12-150400.3.108.2
## References:
* https://www.suse.com/security/cve/CVE-2023-51775.html
* https://bugzilla.suse.com/show_bug.cgi?id=1170848
* https://bugzilla.suse.com/show_bug.cgi?id=1208572
* https://bugzilla.suse.com/show_bug.cgi?id=1214340
* https://bugzilla.suse.com/show_bug.cgi?id=1214387
* https://bugzilla.suse.com/show_bug.cgi?id=1216085
* https://bugzilla.suse.com/show_bug.cgi?id=1217204
* https://bugzilla.suse.com/show_bug.cgi?id=1217874
* https://bugzilla.suse.com/show_bug.cgi?id=1218764
* https://bugzilla.suse.com/show_bug.cgi?id=1218805
* https://bugzilla.suse.com/show_bug.cgi?id=1218931
* https://bugzilla.suse.com/show_bug.cgi?id=1218957
* https://bugzilla.suse.com/show_bug.cgi?id=1219061
* https://bugzilla.suse.com/show_bug.cgi?id=1219233
* https://bugzilla.suse.com/show_bug.cgi?id=1219634
* https://bugzilla.suse.com/show_bug.cgi?id=1219875
* https://bugzilla.suse.com/show_bug.cgi?id=1220001
* https://bugzilla.suse.com/show_bug.cgi?id=1220101
* https://bugzilla.suse.com/show_bug.cgi?id=1220169
* https://bugzilla.suse.com/show_bug.cgi?id=1220194
* https://bugzilla.suse.com/show_bug.cgi?id=1220221
* https://bugzilla.suse.com/show_bug.cgi?id=1220376
* https://bugzilla.suse.com/show_bug.cgi?id=1220705
* https://bugzilla.suse.com/show_bug.cgi?id=1220726
* https://bugzilla.suse.com/show_bug.cgi?id=1220903
* https://bugzilla.suse.com/show_bug.cgi?id=1220980
* https://bugzilla.suse.com/show_bug.cgi?id=1221111
* https://bugzilla.suse.com/show_bug.cgi?id=1221182
* https://bugzilla.suse.com/show_bug.cgi?id=1221279
* https://bugzilla.suse.com/show_bug.cgi?id=1221465
* https://bugzilla.suse.com/show_bug.cgi?id=1221571
* https://bugzilla.suse.com/show_bug.cgi?id=1221784
* https://bugzilla.suse.com/show_bug.cgi?id=1221922
* https://bugzilla.suse.com/show_bug.cgi?id=1222110
* https://bugzilla.suse.com/show_bug.cgi?id=1222347
* https://jira.suse.com/browse/MSQA-760
1
0
06 May '24
# Recommended update for powerpc-utils
Announcement ID: SUSE-RU-2024:1496-1
Rating: important
References:
* bsc#1200731
Affected Products:
* openSUSE Leap 15.3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that has one fix can now be installed.
## Description:
This update for powerpc-utils fixes the following issues:
* Use separate hcn-init service for wicked and NM (bsc#1200731)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1496=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1496=1
* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-1496=1
## Package List:
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le)
* powerpc-utils-debugsource-1.3.10-150300.9.35.1
* powerpc-utils-debuginfo-1.3.10-150300.9.35.1
* powerpc-utils-1.3.10-150300.9.35.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le)
* powerpc-utils-debugsource-1.3.10-150300.9.35.1
* powerpc-utils-debuginfo-1.3.10-150300.9.35.1
* powerpc-utils-1.3.10-150300.9.35.1
* openSUSE Leap 15.3 (ppc64le)
* powerpc-utils-debugsource-1.3.10-150300.9.35.1
* powerpc-utils-debuginfo-1.3.10-150300.9.35.1
* powerpc-utils-1.3.10-150300.9.35.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1200731
1
0
06 May '24
# Security update for skopeo
Announcement ID: SUSE-SU-2024:1497-1
Rating: important
References:
* bsc#1215611
* bsc#1219563
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.3
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that has two security fixes can now be installed.
## Description:
This update for skopeo fixes the following issues:
* Update to version 1.14.2:
* [release-1.14] Bump Skopeo to v1.14.2
* [release-1.14] Bump c/image to v5.29.2, c/common to v0.57.3 (fixes
bsc#1219563)
* Update to version 1.14.1:
* Bump to v1.14.1
* fix(deps): update module github.com/containers/common to v0.57.2
* fix(deps): update module github.com/containers/image/v5 to v5.29.1
* chore(deps): update dependency containers/automation_images to v20240102
* Fix libsubid detection
* fix(deps): update module golang.org/x/term to v0.16.0
* fix(deps): update golang.org/x/exp digest to 02704c9
* chore(deps): update dependency containers/automation_images to v20231208
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containers/common to v0.57.1
* fix(deps): update golang.org/x/exp digest to 6522937
* DOCS: add Gentoo in install.md
* DOCS: Update to add Arch Linux in install.md
* fix(deps): update module golang.org/x/term to v0.15.0
* Bump to v1.14.1-dev
* Update to version 1.14.0:
* Bump to v1.14.0
* fix(deps): update module github.com/containers/common to v0.57.0
* chore(deps): update dependency containers/automation_images to v20231116
* fix(deps): update module github.com/containers/image/v5 to v5.29.0
* Add documentation and smoke tests for the new --compat-auth-file options
* Update c/image and c/common to latest
* fix(deps): update module github.com/containers/storage to v1.51.0
* fix(deps): update module golang.org/x/term to v0.14.0
* fix(deps): update module github.com/spf13/cobra to v1.8.0
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
* fix(deps): update github.com/containers/common digest to 3e5caa0
* chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
* fix(deps): update module github.com/containers/ocicrypt to v1.1.9
* Update github.com/klauspost/compress to v1.17.2
* chore(deps): update module github.com/docker/docker to v24.0.7+incompatible
[security]
* Fix ENTRYPOINT documentation, drop others.
* Remove unused environment variables in Cirrus
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
* chore(deps): update dependency containers/automation_images to v20231004
* chore(deps): update module golang.org/x/net to v0.17.0 [security]
* copy: Note support for `zstd:chunked`
* fix(deps): update module golang.org/x/term to v0.13.0
* fix(deps): update module github.com/docker/distribution to
v2.8.3+incompatible
* fix(deps): update github.com/containers/common digest to 745eaa4
* Packit: switch to @containers/packit-build team for copr failure
notification comments
* Packit: tag @lsm5 on copr build failures
* vendor of containers/common
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
* fix(deps): update module github.com/containers/common to v0.56.0
* Cirrus: Remove multi-arch skopeo image builds
* fix(deps): update module github.com/containers/image/v5 to v5.28.0
* Increase the golangci-lint timeout
* fix(deps): update module github.com/containers/storage to v1.50.2
* fix(deps): update module github.com/containers/storage to v1.50.1
* fix(deps): update golang.org/x/exp digest to 9212866
* Fix a man page link
* fix(deps): update github.com/containers/image/v5 digest to 58d5eb6
* GHA: Closed issue/PR comment-lock test
* fix(deps): update module github.com/containers/common to v0.55.4
* fix(deps): update module github.com/containers/storage to v1.49.0
* rpm: spdx compatible license field
* chore(deps): update dependency golangci/golangci-lint to v1.54.2
* chore(deps): update dependency containers/automation_images to v20230816
* Packit: set eln target correctly
* packit: Build PRs into default packit COPRs
* DOCS: Update Go version requirement info
* DOCS: Add information about the cross-build
* fix(deps): update module github.com/containers/ocicrypt to v1.1.8
* fix(deps): update module github.com/containers/common to v0.55.3
* Update c/image after https://github.com/containers/image/pull/2070
* chore(deps): update dependency golangci/golangci-lint to v1.54.1
* chore(deps): update dependency containers/automation_images to v20230809
* fix(deps): update golang.org/x/exp digest to 352e893
* chore(deps): update dependency containers/automation_images to v20230807
* Update to Go 1.19
* fix(deps): update module golang.org/x/term to v0.11.0
* Update c/image for golang.org/x/exp
* RPM: define gobuild macro for rhel/centos stream
* Fix handling the unexpected return value combination from
IsRunningImageAllowed
* Close the PolicyContext, as required by the API
* Use globalOptions.getPolicyContext instead of an image-targeted
SystemContext
* Packit: remove pre-sync action
* fix(deps): update module github.com/containers/common to v0.55.2
* proxy: Change the imgid to uint64
* [CI:BUILD] Packit: install golist before updating downstream spec
* Update module golang.org/x/term to v0.10.0
* Bump to v1.14.0-dev
* Bump to v1.13.0
* Bump go version to 1.21 (bsc#1215611)
* Update to version 1.13.2:
* [release-1.13] Bump to v1.13.2
* [release-1.31] Bump c/common v0.55.3
* Packit: remove pre-sync action
* [release-1.13] Bump to v1.13.2-dev
* Update to version 1.13.1:
* [release-1.13] Bump to v1.13.1
* [release-1.13] Bump c/common to v0.55.2
* [release-1.13 backport] [CI:BUILD] Packit: install golist before updating
downstream spec
* [release-1.13] Bump to v1.13.1-dev
* Update to version 1.13.0:
* Bump to v1.13.0
* proxy: Policy verification of OCI Image before pulling
* Update module github.com/opencontainers/image-spec to v1.1.0-rc4
* Update module github.com/containers/common to v0.55.1
* Update module github.com/containers/common to v0.54.0
* Update module github.com/containers/image/v5 to v5.26.0
* [CI:BUILD] RPM: fix ELN builds
* Update module github.com/containers/storage to v1.47.0
* Packit: easier to read distro conditionals
* Update dependency golangci/golangci-lint to v1.53.3
* Help Renovate manage the golangci-lint version
* Minor: Cleanup renovate configuration
* Update dependency containers/automation_images to v20230614
* Update module golang.org/x/term to v0.9.0
* [CI:BUILD] Packit: add jobs for downstream Fedora package builds
* Update module github.com/sirupsen/logrus to v1.9.3
* Update dependency containers/automation_images to v20230601
* Update golang.org/x/exp digest to 2e198f4
* Update github.com/containers/image/v5 digest to e14c1c5
* Update module github.com/stretchr/testify to v1.8.4
* Update module github.com/stretchr/testify to v1.8.3
* Update dependency containers/automation_images to v20230517
* Update module github.com/sirupsen/logrus to v1.9.2
* Update module github.com/docker/distribution to v2.8.2+incompatible
* Trigger an update of the ostree_ext container image
* Update c/image with https://github.com/containers/image/pull/1944
* Update module github.com/containers/common to v0.53.0
* Update module golang.org/x/term to v0.8.0
* Update dependency containers/automation_images to v20230426
* Update golang.org/x/exp digest to 47ecfdc
* Emphasize the semantics of --preserve-digests a tiny bit
* Improve the static build documentation a tiny bit
* Bump to v1.12.1-dev
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.3
zypper in -t patch SUSE-2024-1497=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1497=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-1497=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1497=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1497=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1497=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1497=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1497=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1497=1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1497=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1497=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1497=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1497=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-1497=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1497=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-1497=1
## Package List:
* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* openSUSE Leap 15.3 (noarch)
* skopeo-zsh-completion-1.14.2-150300.11.8.1
* skopeo-bash-completion-1.14.2-150300.11.8.1
* skopeo-fish-completion-1.14.2-150300.11.8.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Manager Proxy 4.3 (x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* skopeo-debuginfo-1.14.2-150300.11.8.1
* skopeo-1.14.2-150300.11.8.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1215611
* https://bugzilla.suse.com/show_bug.cgi?id=1219563
1
0
06 May '24
# Security update for java-11-openjdk
Announcement ID: SUSE-SU-2024:1498-1
Rating: low
References:
* bsc#1213470
* bsc#1222979
* bsc#1222983
* bsc#1222984
* bsc#1222986
* bsc#1222987
Cross-References:
* CVE-2024-21011
* CVE-2024-21012
* CVE-2024-21068
* CVE-2024-21085
* CVE-2024-21094
CVSS scores:
* CVE-2024-21011 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21012 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-21068 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-21085 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21094 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.5
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP2
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP2
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
* SUSE Package Hub 15 15-SP5
An update that solves five vulnerabilities and has one security fix can now be
installed.
## Description:
This update for java-11-openjdk fixes the following issues:
* CVE-2024-21011: Fixed denial of service due to long Exception message
logging (JDK-8319851,bsc#1222979)
* CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client
improper reverse DNS lookup (JDK-8315708,bsc#1222987)
* CVE-2024-21068: Fixed integer overflow in C1 compiler address generation
(JDK-8322122,bsc#1222983)
* CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory
allocation (JDK-8322114,bsc#1222984)
* CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation
failure with "Exceeded _node_regs array"
(JDK-8317507,JDK-8325348,bsc#1222986)
Other fixes: \- Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU) *
Security fixes \+ JDK-8318340: Improve RSA key implementations * Other changes
\+ JDK-6928542: Chinese characters in RTF are not decoded \+ JDK-7132796:
[macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS
\+ JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup
does not appear. \+ JDK-8054022: HttpURLConnection timeouts with Expect:
100-Continue and no chunking \+ JDK-8054572: [macosx] JComboBox paints the
border incorrectly \+ JDK-8058176: [mlvm] tests should not allow code cache
exhaustion \+ JDK-8067651: LevelTransitionTest.java, fix trivial methods levels
logic \+ JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently
times out \+ JDK-8156889: ListKeychainStore.sh fails in some virtualized
environments \+ JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps
timeouting \+ JDK-8166554: Avoid compilation blocking in
OverloadCompileQueueTest.java \+ JDK-8169475: WheelModifier.java fails by
timeout \+ JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to
Java Jtreg Test \+ JDK-8186610: move ModuleUtils to top-level testlibrary \+
JDK-8192864: defmeth tests can hide failures \+ JDK-8193543: Regression
automated test '/open/test/jdk/java/
/awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails \+
JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/
/isexceeded001/TestDescription.java still failing \+ JDK-8202282: [TESTBUG]
appcds TestCommon .makeCommandLineForAppCDS() can be removed \+ JDK-8202790: DnD
test DisposeFrameOnDragTest.java does not clean up \+ JDK-8202931: [macos]
java/awt/Choice/ChoicePopupLocation/ /ChoicePopupLocation.java fails \+
JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests \+
JDK-8207214: Broken links in JDK API serialized-form page \+ JDK-8207855: Make
applications/jcstress invoke tests in batches \+ JDK-8208243:
vmTestbase/gc/lock/jni/jnilock002/ /TestDescription.java fails in jdk/hs nightly
\+ JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java
.findDeadlock.INDIFY_Test Deadlocked threads are not always detected \+
JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system
\+ JDK-8208699: remove unneeded imports from runtime tests \+ JDK-8208704:
runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing \+
JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always
required for appcds tests \+ JDK-8209549: remove VMPropsExt from TEST.ROOT \+
JDK-8209595: MonitorVmStartTerminate.java timed out \+ JDK-8209946: [TESTBUG]
CDS tests should use "@run driver" \+ JDK-8211438: [Testbug]
runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location \+
JDK-8211978: Move testlibrary/jdk/testlibrary/ /SimpleSSLContext.java and
testkeys to network testlibrary \+ JDK-8213622: Windows VS2013 build failure -
"'snprintf': identifier not found" \+ JDK-8213926:
WB_EnqueueInitializerForCompilation requests compilation for NULL \+
JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled
\+ JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules \+
JDK-8214915: CtwRunner misses export for jdk.internal.access \+ JDK-8216408:
XMLStreamWriter setDefaultNamespace(null) throws NullPointerException \+
JDK-8217475: Unexpected StackOverflowError in "process reaper" thread \+
JDK-8218754: JDK-8068225 regression in JDIBreakpointTest \+ JDK-8219475: javap
man page needs to be updated \+ JDK-8219585: [TESTBUG]
sun/management/jmxremote/bootstrap/ /JMXInterfaceBindingTest.java passes
trivially when it shouldn't \+ JDK-8219612: [TESTBUG]
compiler.codecache.stress.Helper .TestCaseImpl can't be defined in different
runtime package as its nest host \+ JDK-8225471: Test utility
jdk.test.lib.util.FileUtils .areAllMountPointsAccessible needs to tolerate
duplicates \+ JDK-8226706: (se) Reduce the number of outer loop iterations on
Windows in java/nio/channels/Selector/RacyDeregister.java \+ JDK-8226905:
unproblem list applications/ctw/modules/ _tests on windows \+ JDK-8226910: make
it possible to use jtreg 's -match via run-test framework \+ JDK-8227438:
[TESTLIB] Determine if file exists by Files.exists in function
FileUtils.deleteFileIfExistsWithRetry \+ JDK-8231585:
java/lang/management/ThreadMXBean/ /MaxDepthForThreadInfoTest.java fails with
java.lang.NullPointerException \+ JDK-8232839: JDI AfterThreadDeathTest.java
failed due to "FAILED: Did not get expected IllegalThreadStateException on a
StepRequest.enable()" \+ JDK-8233453: MLVM deoptimize stress test timed out \+
JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception \+
JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/
/AccessibleChoiceTest.java fails \+ JDK-8237777: "Dumping core ..." is shown
despite claiming that "# No core dump will be written." \+ JDK-8237834:
com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read
timeout \+ JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel \+
JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/
/AccessibleChoiceTest.java fails \+ JDK-8244679: JVM/TI
GetCurrentContendedMonitor/contmon001 failed due to "(IsSameObject#3) unexpected
monitor object: 0x000000562336DBA8" \+ JDK-8246222: Rename javac test
T6395981.java to be more informative \+ JDK-8247818: GCC 10 warning stringop-
overflow with symbol code \+ JDK-8249087: Always initialize _body[0..1] in
Symbol constructor \+ JDK-8251349: Add TestCaseImpl to
OverloadCompileQueueTest.java's build dependencies \+ JDK-8251904:
vmTestbase/nsk/sysdict/vm/stress/btree/btree010/ /btree010.java fails with
ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR \+ JDK-8253543:
sanity/client/SwingSet/src/ /ButtonDemoScreenshotTest.java failed with
"AssertionError: All pixels are not black" \+ JDK-8253739:
java/awt/image/MultiResolutionImage/ /MultiResolutionImageObserverTest.java
fails \+ JDK-8253820: Save test images and dumps with timestamps from client
sanity suite \+ JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock
do not randomly delay \+ JDK-8255546: Missing coverage for
javax.smartcardio.CardPermission and ResponseAPDU \+ JDK-8255743: Relax SIGFPE
match in in runtime/ErrorHandling/SecondaryErrorTest.java \+ JDK-8257505:
nsk/share/test/StressOptions stressTime is scaled in getter but not when printed
\+ JDK-8259801: Enable XML Signature secure validation mode by default \+
JDK-8264135: UnsafeGetStableArrayElement should account for different JIT
implementation details \+ JDK-8265349: vmTestbase/../stress/compiler/deoptimize/
/Test.java fails with OOME due to CodeCache exhaustion. \+ JDK-8269025:
jsig/Testjsig.java doesn't check exit code \+ JDK-8269077: TestSystemGC uses
"require vm.gc.G1" for large pages subtest \+ JDK-8271094:
runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code \+
JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit
code \+ JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore
external VM flags \+ JDK-8271829: mark hotspot runtime/Throwable tests which
ignore external VM flags \+ JDK-8271890: mark hotspot runtime/Dictionary tests
which ignore external VM flags \+ JDK-8272291: mark hotspot runtime/logging
tests which ignore external VM flags \+ JDK-8272335:
runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes \+ JDK-8272551:
mark hotspot runtime/modules tests which ignore external VM flags \+
JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags \+
JDK-8273803: Zero: Handle "zero" variant in CommandLineOptionTest.java \+
JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows
11 \+ JDK-8274621: NullPointerException because listenAddress[0] is null \+
JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC \+
JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 \+
JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with
java.lang.RuntimeException: values differ by more than 1GB \+ JDK-8281377:
Remove vmTestbase/nsk/monitoring/ThreadMXBean/
/ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. \+
JDK-8281717: Cover logout method for several LoginModule \+ JDK-8282665: [REDO]
ByteBufferTest.java: replace endless recursion with RuntimeException in void
ck(double x, double y) \+ JDK-8284090:
com/sun/security/auth/module/AllPlatforms.java fails to compile \+ JDK-8285756:
clean up use of bad arguments for `@clean` in langtools tests \+ JDK-8285785:
CheckCleanerBound test fails with PasswordCallback object is not released \+
JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and
automate \+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java fails on mac aarch64 \+ JDK-8286969: Add a new
test library API to execute kinit in SecurityTools.java \+ JDK-8287113: JFR:
Periodic task thread uses period for method sampling events \+ JDK-8289511:
Improve test coverage for XPath Axes: child \+ JDK-8289764: gc/lock tests failed
with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced
objects" \+ JDK-8289948: Improve test coverage for XPath functions: Node Set
Functions \+ JDK-8290399: [macos] Aqua LAF does not fire an action event if
combo box menu is displayed \+ JDK-8290909:
MemoryPoolMBean/isUsageThresholdExceeded tests failed with
"isUsageThresholdExceeded() returned false, and is still false, while threshold
= MMMMMMM and used peak = NNNNNNN" \+ JDK-8292182: [TESTLIB] Enhance
JAXPPolicyManager to setup required permissions for jtreg version 7 jar \+
JDK-8292946: GC lock/jni/jnilock001 test failed "assert(gch->gc_cause() ==
GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice
in a row" \+ JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with
"RuntimeException: Retrieved backing PlatformLogger level null is not the
expected CONFIG" \+ JDK-8294158: HTML formatting for PassFailJFrame instructions
\+ JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java
failure \+ JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport \+
JDK-8294535: Add screen capture functionality to PassFailJFrame \+ JDK-8296083:
javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM \+
JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/
/AbstractDrbg/SpecTest.java intermittently timeout \+ JDK-8299494: Test
vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError:
target class not found \+ JDK-8300269: The selected item in an editable
JComboBox with titled border is not visible in Aqua LAF \+ JDK-8300727:
java/awt/List/ListGarbageCollectionTest/ /AwtListGarbageCollectionTest.java
failed with "List wasn't garbage collected" \+ JDK-8301310: The
SendRawSysexMessage test may cause a JVM crash \+ JDK-8301377: adjust timeout
for JLI GetObjectSizeIntrinsicsTest.java subtest again \+ JDK-8301846: Invalid
TargetDataLine after screen lock when using JFileChooser or COM library \+
JDK-8302017: Allocate BadPaddingException only if it will be thrown \+
JDK-8302109: Trivial fixes to btree tests \+ JDK-8302149: Speed up
compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java \+ JDK-8302607:
increase timeout for ContinuousCallSiteTargetChange.java \+ JDK-8304074: [JMX]
Add an approximation of total bytes allocated on the Java heap by the JVM \+
JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 \+ JDK-8304725:
AsyncGetCallTrace can cause SIGBUS on M1 \+ JDK-8305502: adjust timeouts in
three more M&M tests \+ JDK-8305505: NPE in javazic compiler \+ JDK-8305972:
Update XML Security for Java to 3.0.2 \+ JDK-8306072: Open source several AWT
MouseInfo related tests \+ JDK-8306076: Open source AWT misc tests \+
JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related
tests \+ JDK-8306640: Open source several AWT TextArea related tests \+
JDK-8306652: Open source AWT MenuItem related tests \+ JDK-8306681: Open source
more AWT DnD related tests \+ JDK-8306683: Open source several clipboard and
color AWT tests \+ JDK-8306752: Open source several container and component AWT
tests \+ JDK-8306753: Open source several container AWT tests \+ JDK-8306755:
Open source few Swing JComponent and AbstractButton tests \+ JDK-8306812: Open
source several AWT Miscellaneous tests \+ JDK-8306871: Open source more AWT Drag
& Drop tests \+ JDK-8306996: Open source Swing MenuItem related tests \+
JDK-8307123: Fix deprecation warnings in DPrinter \+ JDK-8307130: Open source
few Swing JMenu tests \+ JDK-8307299: Move more DnD tests to open \+
JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests
\+ JDK-8307381: Open Source JFrame, JIF related Swing Tests \+ JDK-8307683: Loop
Predication should not hoist range checks with trap on success projection by
negating their condition \+ JDK-8308043: Deadlock in TestCSLocker.java due to
blocking GC while allocating \+ JDK-8308116:
jdk.test.lib.compiler.InMemoryJavaCompiler .compile does not close files \+
JDK-8308223: failure handler missed jcmd.vm.info command \+ JDK-8308232: nsk/jdb
tests don't pass -verbose flag to the debuggee \+ JDK-8308245: Add -proc:full to
describe current default annotation processing policy \+ JDK-8308336: Test
java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed:
java.net.BindException: Address already in use \+ JDK-8309104: [JVMCI]
compiler/unsafe/ /UnsafeGetStableArrayElement test asserts wrong values with
Graal \+ JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates
for all If nodes in loop predication \+ JDK-8309462: [AIX]
vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing
due to empty while loop \+ JDK-8309778: java/nio/file/Files/CopyAndMove.java
fails when using second test directory \+ JDK-8309870: Using -proc:full should
be considered requesting explicit annotation processing \+ JDK-8310106:
sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks
handshakeConsumers \+ JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/
/bug6889007.java fails \+ JDK-8310551:
vmTestbase/nsk/jdb/interrupt/interrupt001/ /interrupt001.java timed out due to
missing prompt \+ JDK-8310807: java/nio/channels/DatagramChannel/Connect.java
timed out \+ JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows
platform \+ JDK-8311511: Improve description of NativeLibrary JFR event \+
JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java \+ JDK-8313081:
MonitoringSupport_lock should be unconditionally initialized after 8304074 \+
JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles \+
JDK-8313164: src/java.desktop/windows/native/libawt/windows/ /awt_Robot.cpp
GetRGBPixels adjust releasing of resources \+ JDK-8313252:
Java_sun_awt_windows_ThemeReader_paintBackground release resources in early
returns \+ JDK-8313643: Update HarfBuzz to 8.2.2 \+ JDK-8313816: Accessing
jmethodID might lead to spurious crashes \+ JDK-8314144:
gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp \+
JDK-8314164: java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java fails intermittently in timeout \+
JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result
errno in missing case \+ JDK-8315034: File.mkdirs() occasionally fails to create
folders on Windows shared folder \+ JDK-8315042: NPE in PKCS7.parseOldSignedData
\+ JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases \+
JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into
libsplashscreen \+ JDK-8315594: Open source few headless Swing misc tests \+
JDK-8315600: Open source few more headless Swing misc tests \+ JDK-8315602: Open
source swing security manager test \+ JDK-8315606: Open source few swing
text/html tests \+ JDK-8315611: Open source swing text/html and tree test \+
JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch \+
JDK-8315731: Open source several Swing Text related tests \+ JDK-8315761: Open
source few swing JList and JMenuBar tests \+ JDK-8315986: [macos14]
javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on
the screen to determine its location \+ JDK-8316001: GC: Make
TestArrayAllocatorMallocLimit use createTestJvm \+ JDK-8316028: Update FreeType
to 2.13.2 \+ JDK-8316030: Update Libpng to 1.6.40 \+ JDK-8316106: Open source
few swing JInternalFrame and JMenuBar tests \+ JDK-8316461: Fix: make test
outputs TEST SUCCESS after unsuccessful exit \+ JDK-8316947: Write a test to
check textArea triggers MouseEntered/MouseExited events properly \+ JDK-8317307:
test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with
ConnectException: Connection timed out: no further information \+ JDK-8317327:
Remove JT_JAVA dead code in jib-profiles.js \+ JDK-8318154: Improve stability of
WheelModifier.java test \+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/
/BootClassPathTest.sh fails on Japanese Windows \+ JDK-8318468:
compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100
-XX:TieredStopAtLevel=1 \+ JDK-8318603: Parallelize
sun/java2d/marlin/ClipShapeTest.java \+ JDK-8318607: Enable parallelism in
vmTestbase/nsk/stress/jni tests \+ JDK-8318608: Enable parallelism in
vmTestbase/nsk/stress/threads tests \+ JDK-8318736:
com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed:
Address already in use" \+ JDK-8318889: C2: add bailout after assert Bad graph
detected in build_loop_late \+ JDK-8318951: Additional negative value check in
JPEG decoding \+ JDK-8318955: Add ReleaseIntArrayElements in
Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return \+
JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent
Files \+ JDK-8318983: Fix comment typo in PKCS12Passwd.java \+ JDK-8319124:
Update XML Security for Java to 3.0.3 \+ JDK-8319456:
jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause
'GCLocker Initiated GC' not in the valid causes \+ JDK-8319668: Fixup of jar
filename typo in BadFactoryTest.sh \+ JDK-8320001: javac crashes while adding
type annotations to the return type of a constructor \+ JDK-8320208: Update
Public Suffix List to b5bf572 \+ JDK-8320363: ppc64 TypeEntries::type_unknown
logic looks wrong, missed optimization opportunity \+ JDK-8320597: RSA signature
verification fails on signed data that does not encode params correctly \+
JDK-8320798: Console read line with zero out should zero out underlying buffer
\+ JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 \+ JDK-8320937:
support latest VS2022 MSC_VER in abstract_vm_version.cpp \+ JDK-8321151:
JDK-8294427 breaks Windows L&F on all older Windows versions \+ JDK-8321215:
Incorrect x86 instruction encoding for VSIB addressing mode \+ JDK-8321408: Add
Certainly roots R1 and E1 \+ JDK-8321480: ISO 4217 Amendment 176 Update \+
JDK-8322178: Error. can't find jdk.testlibrary .SimpleSSLContext in test
directory or libraries \+ JDK-8322417: Console read line with zero out should
zero out when throwing exception \+ JDK-8322725: (tz) Update Timezone Data to
2023d \+ JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html"
failed because A blue ball icon is added outside of the system tray \+
JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert \+
JDK-8322772: Clean up code after JDK-8322417 \+ JDK-8323008: filter out harmful
-std_ flags added by autoconf from CXX \+ JDK-8323243: JNI invocation of an
abstract instance method corrupts the stack \+ JDK-8323515: Create test alias
"all" for all test roots \+ JDK-8323640: [TESTBUG]testMemoryFailCount in
jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because
OOM killed \+ JDK-8324184: Windows VS2010 build failed with "error C2275:
'int64_t'" \+ JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer
(non-static data member initializers) \+ JDK-8324347: Enable "maybe-
uninitialized" warning for FreeType 2.13.1 \+ JDK-8324659: GHA: Generic jtreg
errors are not reported \+ JDK-8325096: Test
java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing \+
JDK-8325150: (tz) Update Timezone Data to 2024a \+ JDK-8326109: GCC 13 reports
maybe-uninitialized warnings for jni.cpp with dtrace enabled \+ JDK-8326503:
[11u] java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fail
because of package org.junit.jupiter.api does not exist \+ JDK-8327391: Add
SipHash attribution file \+ JDK-8329837: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23
* Removed the possibility to use the system timezone-java (bsc#1213470)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1498=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1498=1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-1498=1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1498=1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1498=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-1498=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1498=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1498=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1498=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-1498=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1498=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2024-1498=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1498=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1498=1
* SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-1498=1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-1498=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1498=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1498=1
## Package List:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x
x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x
x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Manager Proxy 4.3 (x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-src-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-jmods-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* openSUSE Leap 15.5 (noarch)
* java-11-openjdk-javadoc-11.0.23.0-150000.3.113.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* SUSE Package Hub 15 15-SP5 (noarch)
* java-11-openjdk-javadoc-11.0.23.0-150000.3.113.1
* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64
x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debuginfo-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-11-openjdk-demo-11.0.23.0-150000.3.113.1
* java-11-openjdk-11.0.23.0-150000.3.113.1
* java-11-openjdk-devel-11.0.23.0-150000.3.113.1
* java-11-openjdk-headless-11.0.23.0-150000.3.113.1
* java-11-openjdk-debugsource-11.0.23.0-150000.3.113.1
## References:
* https://www.suse.com/security/cve/CVE-2024-21011.html
* https://www.suse.com/security/cve/CVE-2024-21012.html
* https://www.suse.com/security/cve/CVE-2024-21068.html
* https://www.suse.com/security/cve/CVE-2024-21085.html
* https://www.suse.com/security/cve/CVE-2024-21094.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213470
* https://bugzilla.suse.com/show_bug.cgi?id=1222979
* https://bugzilla.suse.com/show_bug.cgi?id=1222983
* https://bugzilla.suse.com/show_bug.cgi?id=1222984
* https://bugzilla.suse.com/show_bug.cgi?id=1222986
* https://bugzilla.suse.com/show_bug.cgi?id=1222987
1
0
06 May '24
# Security update for java-17-openjdk
Announcement ID: SUSE-SU-2024:1499-1
Rating: low
References:
* bsc#1213470
* bsc#1222979
* bsc#1222983
* bsc#1222986
* bsc#1222987
Cross-References:
* CVE-2024-21011
* CVE-2024-21012
* CVE-2024-21068
* CVE-2024-21094
CVSS scores:
* CVE-2024-21011 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21012 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-21068 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-21094 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products:
* Basesystem Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Desktop 15 SP5
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves four vulnerabilities and has one security fix can now be
installed.
## Description:
This update for java-17-openjdk fixes the following issues:
* CVE-2024-21011: Fixed denial of service due to long Exception message
logging (JDK-8319851,bsc#1222979)
* CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client
improper reverse DNS lookup (JDK-8315708,bsc#1222987)
* CVE-2024-21068: Fixed integer overflow in C1 compiler address generation
(JDK-8322122,bsc#1222983)
* CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation
failure with "Exceeded _node_regs array"
(JDK-8317507,JDK-8325348,bsc#1222986)
Other fixes: \- Update to upstream tag jdk-17.0.11+9 (April 2024 CPU) * Security
fixes \+ JDK-8318340: Improve RSA key implementations * Other changes \+
JDK-6928542: Chinese characters in RTF are not decoded \+ JDK-7132796: [macosx]
closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS \+
JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup
does not appear. \+ JDK-7167356: (javac) investigate failing tests in
JavacParserTest \+ JDK-8054022: HttpURLConnection timeouts with Expect:
100-Continue and no chunking \+ JDK-8054572: [macosx] JComboBox paints the
border incorrectly \+ JDK-8169475: WheelModifier.java fails by timeout \+
JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int
InetAddress.preferIPv6Address` as a boolean \+ JDK-8209595:
MonitorVmStartTerminate.java timed out \+ JDK-8210410: Refactor
java.util.Currency:i18n shell tests to plain java tests \+ JDK-8261404:
Class.getReflectionFactory() is not thread-safe \+ JDK-8261837: SIGSEGV in
ciVirtualCallTypeData::translate_from \+ JDK-8263256: Test
java/net/Inet6Address/serialize/ /Inet6AddressSerializationTest.java fails due
to dynamic reconfigurations of network interface during test \+ JDK-8269258:
java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout \+
JDK-8271118: C2: StressGCM should have higher priority than frequency-based
policy \+ JDK-8271616: oddPart in MutableBigInteger::mutableModInverse contains
info on final result \+ JDK-8272811: Document the effects of building with
_GNU_SOURCE in os_posix.hpp \+ JDK-8272853: improve `JavadocTester.runTests` \+
JDK-8273454: C2: Transform (-a) _(-b) into a_ b \+ JDK-8274060: C2: Incorrect
computation after JDK-8273454 \+ JDK-8274122:
java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 \+
JDK-8274621: NullPointerException because listenAddress[0] is null \+
JDK-8274632: Possible pointer overflow in PretouchTask chunk claiming \+
JDK-8274634: Use String.equals instead of String.compareTo in java.desktop \+
JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id \+
JDK-8278028: [test-library] Warnings cleanup of the test library \+ JDK-8278312:
Update SimpleSSLContext keystore to use SANs for localhost IP addresses \+
JDK-8278363: Create extented container test groups \+ JDK-8280241: (aio)
AsynchronousSocketChannel init fails in IPv6 only Windows env \+ JDK-8281377:
Remove vmTestbase/nsk/monitoring/ThreadMXBean/
/ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. \+
JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp \+ JDK-8281585:
Remove unused imports under test/lib and jtreg/gc \+ JDK-8283400: [macos] a11y :
Screen magnifier does not reflect JRadioButton value change \+ JDK-8283626:
AArch64: Set relocInfo::offset_unit to 4 \+ JDK-8283994: Make Xerces
DatatypeException stackless \+ JDK-8286312: Stop mixing signed and unsigned
types in bit operations \+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java fails on mac aarch64 \+ JDK-8287832:
jdk/jfr/event/runtime/TestActiveSettingEvent.java failed with "Expected two
batches of Active Setting events" \+ JDK-8288663: JFR: Disabling the
JfrThreadSampler commits only a partially disabled state \+ JDK-8288846: misc
tests fail "assert(ms < 1000) failed: Un-interruptable sleep, short time use
only" \+ JDK-8289764: gc/lock tests failed with "OutOfMemoryError: Java heap
space: failed reallocation of scalar replaced objects" \+ JDK-8290041:
ModuleDescriptor.hashCode is inconsistent \+ JDK-8290203: ProblemList
vmTestbase/nsk/jvmti/scenarios/ /capability/CM03/cm03t001/TestDescription.java
on linux-all \+ JDK-8290399: [macos] Aqua LAF does not fire an action event if
combo box menu is displayed \+ JDK-8292458: Atomic operations on scoped enums
don't build with clang \+ JDK-8292946: GC lock/jni/jnilock001 test failed
"assert(gch->gc_cause() == GCCause::_scavenge_alot ||
!gch->incremental_collection_failed()) failed: Twice in a row" \+ JDK-8293117:
Add atomic bitset functions \+ JDK-8293547: Add relaxed add_and_fetch for macos
aarch64 atomics \+ JDK-8294158: HTML formatting for PassFailJFrame instructions
\+ JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java
failure \+ JDK-8294535: Add screen capture functionality to PassFailJFrame \+
JDK-8295068: SSLEngine throws NPE parsing CertificateRequests \+ JDK-8295124:
Atomic::add to pointer type may return wrong value \+ JDK-8295274:
HelidonAppTest.java fails "assert(event->should_commit()) failed: invariant"
from compiled frame" \+ JDK-8296631: NSS tests failing on OL9 linux-aarch64
hosts \+ JDK-8297968: Crash in PrintOptoAssembly \+ JDK-8298087: XML Schema
Validation reports an required attribute twice via ErrorHandler \+ JDK-8299494:
Test vmTestbase/nsk/stress/except/except011.java failed:
ExceptionInInitializerError: target class not found \+ JDK-8300269: The selected
item in an editable JComboBox with titled border is not visible in Aqua LAF \+
JDK-8301306: java/net/httpclient/ _fail with -Xcomp \+ JDK-8301310: The
SendRawSysexMessage test may cause a JVM crash \+ JDK-8301787:
java/net/httpclient/SpecialHeadersTest failing after JDK-8301306 \+ JDK-8301846:
Invalid TargetDataLine after screen lock when using JFileChooser or COM library
\+ JDK-8302017: Allocate BadPaddingException only if it will be thrown \+
JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/
/TestAMEnotNPE.java \+ JDK-8303605: Memory leaks in Metaspace gtests \+
JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java
heap by the JVM \+ JDK-8304696: Duplicate class names in dynamicArchive tests
can lead to test failure \+ JDK-8305356: Fix ignored bad CompileCommands in
tests \+ JDK-8305900: Use loopback IP addresses in security policy files of
httpclient tests \+ JDK-8305906: HttpClient may use incorrect key when finding
pooled HTTP/2 connection for IPv6 address \+ JDK-8305962: update jcstress to
0.16 \+ JDK-8305972: Update XML Security for Java to 3.0.2 \+ JDK-8306014:
Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate \+
JDK-8306408: Fix the format of several tables in building.md \+ JDK-8307185:
pkcs11 native libraries make JNI calls into java code while holding GC lock \+
JDK-8307926: Support byte-sized atomic bitset operations \+ JDK-8307955: Prefer
to PTRACE_GETREGSET instead of PTRACE_GETREGS in method
'ps_proc.c::process_get_lwp_regs' \+ JDK-8307990: jspawnhelper must close its
writing side of a pipe before reading from it \+ JDK-8308043: Deadlock in
TestCSLocker.java due to blocking GC while allocating \+ JDK-8308245: Add
-proc:full to describe current default annotation processing policy \+
JDK-8308336: Test java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java failed: java.net.BindException:
Address already in use \+ JDK-8309302: java/net/Socket/Timeouts.java fails with
AssertionError on test temporal post condition \+ JDK-8309305:
sun/security/ssl/SSLSocketImpl/ /BlockedAsyncClose.java fails with jtreg test
timeout \+ JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/
/agentthr001/TestDescription.java crashing due to empty while loop \+
JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect announcements of
JRadioButton \+ JDK-8309870: Using -proc:full should be considered requesting
explicit annotation processing \+ JDK-8310106: sun.security.ssl.SSLHandshake
.getHandshakeProducer() incorrectly checks handshakeConsumers \+ JDK-8310238:
[test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails \+
JDK-8310380: Handle problems in core-related tests on macOS when codesign tool
does not work \+ JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is
spuriously passing \+ JDK-8310807:
java/nio/channels/DatagramChannel/Connect.java timed out \+ JDK-8310838: Correct
range notations in MethodTypeDesc specification \+ JDK-8310844: [AArch64] C1
compilation fails because monitor offset in OSR buffer is too large for
immediate \+ JDK-8310923: Refactor Currency tests to use JUnit \+ JDK-8311081:
KeytoolReaderP12Test.java fail on localized Windows platform \+ JDK-8311160:
[macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and
JCheckBoxMenuItem \+ JDK-8311581: Remove obsolete code and comments in
TestLVT.java \+ JDK-8311645: Memory leak in jspawnhelper spawnChild after
JDK-8307990 \+ JDK-8311986: Disable runtime/os/TestTracePageSizes.java for
ShenandoahGC \+ JDK-8312428: PKCS11 tests fail with NSS 3.91 \+ JDK-8312434:
SPECjvm2008/xml.transform with CDS fails with "can't seal package nu.xom" \+
JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after
8304074 \+ JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles \+
JDK-8313206: PKCS11 tests silently skip execution \+ JDK-8313575: Refactor
PKCS11Test tests \+ JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/
/TestFloatingDecimal should use RandomFactory \+ JDK-8313643: Update HarfBuzz to
8.2.2 \+ JDK-8313816: Accessing jmethodID might lead to spurious crashes \+
JDK-8314164: java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java fails intermittently in timeout \+
JDK-8314220: Configurable InlineCacheBuffer size \+ JDK-8314830:
runtime/ErrorHandling/ tests ignore external VM flags \+ JDK-8315034:
File.mkdirs() occasionally fails to create folders on Windows shared folder \+
JDK-8315042: NPE in PKCS7.parseOldSignedData \+ JDK-8315594: Open source few
headless Swing misc tests \+ JDK-8315600: Open source few more headless Swing
misc tests \+ JDK-8315602: Open source swing security manager test \+
JDK-8315611: Open source swing text/html and tree test \+ JDK-8315680:
java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch \+ JDK-8315731:
Open source several Swing Text related tests \+ JDK-8315761: Open source few
swing JList and JMenuBar tests \+ JDK-8315920: C2: "control input must dominate
current control" assert failure \+ JDK-8315986: [macos14]
javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on
the screen to determine its location \+ JDK-8316001: GC: Make
TestArrayAllocatorMallocLimit use createTestJvm \+ JDK-8316028: Update FreeType
to 2.13.2 \+ JDK-8316030: Update Libpng to 1.6.40 \+ JDK-8316106: Open source
few swing JInternalFrame and JMenuBar tests \+ JDK-8316304: (fs) Add support for
BasicFileAttributes .creationTime() for Linux \+ JDK-8316392:
compiler/interpreter/ /TestVerifyStackAfterDeopt.java failed with SIGBUS in
PcDescContainer::find_pc_desc_internal \+ JDK-8316414: C2: large byte array
clone triggers "failed: malformed control flow" assertion failure on linux-x86
\+ JDK-8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests \+
JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java get OOM killed with
Parallel GC \+ JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/
/CheckOrigin.java as vm.flagless \+ JDK-8316679: C2 SuperWord: wrong result,
load should not be moved before store if not comparable \+ JDK-8316693: Simplify
at-requires checkDockerSupport() \+ JDK-8316929: Shenandoah: Shenandoah
degenerated GC and full GC need to cleanup old OopMapCache entries \+
JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited
events properly \+ JDK-8317039: Enable specifying the JDK used to run jtreg \+
JDK-8317144: Exclude sun/security/pkcs11/sslecc/ /ClientJSSEServerJSSE.java on
Linux ppc64le \+ JDK-8317307: test/jdk/com/sun/jndi/ldap/
/LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no
further information \+ JDK-8317603: Improve exception messages thrown by
sun.nio.ch.Net native methods (win) \+ JDK-8317771: [macos14] Expand/collapse a
JTree using keyboard freezes the application in macOS 14 Sonoma \+ JDK-8317807:
JAVA_FLAGS removed from jtreg running in JDK-8317039 \+ JDK-8317960: [17u]
Excessive CPU usage on AbstractQueuedSynchronized.isEnqueued \+ JDK-8318154:
Improve stability of WheelModifier.java test \+ JDK-8318183: C2: VM may crash
after hitting node limit \+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/
/BootClassPathTest.sh fails on Japanese Windows \+ JDK-8318468:
compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100
-XX:TieredStopAtLevel=1 \+ JDK-8318490: Increase timeout for JDK tests that are
close to the limit when run with libgraal \+ JDK-8318603: Parallelize
sun/java2d/marlin/ClipShapeTest.java \+ JDK-8318607: Enable parallelism in
vmTestbase/nsk/stress/jni tests \+ JDK-8318608: Enable parallelism in
vmTestbase/nsk/stress/threads tests \+ JDK-8318689: jtreg is confused when
folder name is the same as the test name \+ JDK-8318736:
com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed:
Address already in use" \+ JDK-8318951: Additional negative value check in JPEG
decoding \+ JDK-8318955: Add ReleaseIntArrayElements in
Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return \+
JDK-8318957: Enhance agentlib:jdwp help output by info about allow option \+
JDK-8318961: increase javacserver connection timeout values and max retry
attempts \+ JDK-8318971: Better Error Handling for Jar Tool When Processing Non-
existent Files \+ JDK-8318983: Fix comment typo in PKCS12Passwd.java \+
JDK-8319124: Update XML Security for Java to 3.0.3 \+ JDK-8319213:
Compatibility.java reads both stdout and stderr of JdkUtils \+ JDK-8319436:
Proxy.newProxyInstance throws NPE if loader is null and interface not visible
from class loader \+ JDK-8319456: jdk/jfr/event/gc/collection/
/TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in
the valid causes \+ JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh
\+ JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21 \+ JDK-8319961:
JvmtiEnvBase doesn't zero _ext_event_callbacks \+ JDK-8320001: javac crashes
while adding type annotations to the return type of a constructor \+
JDK-8320168: handle setsocktopt return values \+ JDK-8320208: Update Public
Suffix List to b5bf572 \+ JDK-8320300: Adjust hs_err output in malloc/mmap error
cases \+ JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed
optimization opportunity \+ JDK-8320597: RSA signature verification fails on
signed data that does not encode params correctly \+ JDK-8320798: Console read
line with zero out should zero out underlying buffer \+ JDK-8320885: Bump update
version for OpenJDK: jdk-17.0.11 \+ JDK-8320921: GHA: Parallelize
hotspot_compiler test jobs \+ JDK-8320937: support latest VS2022 MSC_VER in
abstract_vm_version.cpp \+ JDK-8321151: JDK-8294427 breaks Windows L&F on all
older Windows versions \+ JDK-8321215: Incorrect x86 instruction encoding for
VSIB addressing mode \+ JDK-8321408: Add Certainly roots R1 and E1 \+
JDK-8321480: ISO 4217 Amendment 176 Update \+ JDK-8321599: Data loss in AVX3
Base64 decoding \+ JDK-8321815: Shenandoah: gc state should be synchronized to
java threads only once per safepoint \+ JDK-8321972: test
runtime/Unsafe/InternalErrorTest.java timeout on linux-riscv64 platform \+
JDK-8322098: os::Linux::print_system_memory_info enhance the THP output with
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size \+ JDK-8322321: Add man page
doc for -XX:+VerifySharedSpaces \+ JDK-8322417: Console read line with zero out
should zero out when throwing exception \+ JDK-8322583: RISC-V: Enable fast
class initialization checks \+ JDK-8322725: (tz) Update Timezone Data to 2023d
\+ JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed
because A blue ball icon is added outside of the system tray \+ JDK-8322772:
Clean up code after JDK-8322417 \+ JDK-8322783: prioritize /etc/os-release over
/etc/SuSE-release in hs_err/info output \+ JDK-8322968: [17u] Amend Atomics
gtest with 1-byte tests \+ JDK-8323008: filter out harmful -std_ flags added by
autoconf from CXX \+ JDK-8323021: Shenandoah: Encountered reference count always
attributed to first worker thread \+ JDK-8323086: Shenandoah: Heap could be
corrupted by oom during evacuation \+ JDK-8323243: JNI invocation of an abstract
instance method corrupts the stack \+ JDK-8323331: fix typo hpage_pdm_size \+
JDK-8323428: Shenandoah: Unused memory in regions compacted during a full GC
should be mangled \+ JDK-8323515: Create test alias "all" for all test roots \+
JDK-8323637: Capture hotspot replay files in GHA \+ JDK-8323640:
[TESTBUG]testMemoryFailCount in
jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because
OOM killed \+ JDK-8323806: [17u] VS2017 build fails with warning after 8293117\.
\+ JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" \+
JDK-8324280: RISC-V: Incorrect implementation in VM_Version::parse_satp_mode \+
JDK-8324347: Enable "maybe-uninitialized" warning for FreeType 2.13.1 \+
JDK-8324514: ClassLoaderData::print_on should print address of class loader \+
JDK-8324647: Invalid test group of lib-test after JDK-8323515 \+ JDK-8324659:
GHA: Generic jtreg errors are not reported \+ JDK-8324937: GHA: Avoid multiple
test suites per job \+ JDK-8325096: Test
java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing \+
JDK-8325150: (tz) Update Timezone Data to 2024a \+ JDK-8325585: Remove no longer
necessary calls to set/unset-in-asgct flag in JDK 17 \+ JDK-8326000: Remove
obsolete comments for class sun.security.ssl.SunJSSE \+ JDK-8327036: [macosx-
aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from
Unsafe_CopySwapMemory0 \+ JDK-8327391: Add SipHash attribution file \+
JDK-8329836: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release
17.0.11
* Removed the possibility to use the system timezone-java (bsc#1213470).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2024-1499=1
* openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-1499=1
* Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1499=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1499=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1499=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1499=1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1499=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1499=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1499=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-1499=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1499=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* java-17-openjdk-17.0.11.0-150400.3.42.1
* java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-jmods-17.0.11.0-150400.3.42.1
* java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-17.0.11.0-150400.3.42.1
* java-17-openjdk-demo-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-src-17.0.11.0-150400.3.42.1
* openSUSE Leap 15.4 (noarch)
* java-17-openjdk-javadoc-17.0.11.0-150400.3.42.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-17.0.11.0-150400.3.42.1
* java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-jmods-17.0.11.0-150400.3.42.1
* java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-17.0.11.0-150400.3.42.1
* java-17-openjdk-demo-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-src-17.0.11.0-150400.3.42.1
* openSUSE Leap 15.5 (noarch)
* java-17-openjdk-javadoc-17.0.11.0-150400.3.42.1
* Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
* java-17-openjdk-17.0.11.0-150400.3.42.1
* java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-17.0.11.0-150400.3.42.1
* java-17-openjdk-demo-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-17.0.11.0-150400.3.42.1
* java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-17.0.11.0-150400.3.42.1
* java-17-openjdk-demo-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* java-17-openjdk-17.0.11.0-150400.3.42.1
* java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-17.0.11.0-150400.3.42.1
* java-17-openjdk-demo-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
* java-17-openjdk-17.0.11.0-150400.3.42.1
* java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-17.0.11.0-150400.3.42.1
* java-17-openjdk-demo-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1
* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x
x86_64)
* java-17-openjdk-17.0.11.0-150400.3.42.1
* java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-17.0.11.0-150400.3.42.1
* java-17-openjdk-demo-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* java-17-openjdk-17.0.11.0-150400.3.42.1
* java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-17.0.11.0-150400.3.42.1
* java-17-openjdk-demo-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1
* SUSE Manager Proxy 4.3 (x86_64)
* java-17-openjdk-17.0.11.0-150400.3.42.1
* java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-17.0.11.0-150400.3.42.1
* java-17-openjdk-demo-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* java-17-openjdk-17.0.11.0-150400.3.42.1
* java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-17.0.11.0-150400.3.42.1
* java-17-openjdk-demo-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* java-17-openjdk-17.0.11.0-150400.3.42.1
* java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1
* java-17-openjdk-headless-17.0.11.0-150400.3.42.1
* java-17-openjdk-demo-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-17.0.11.0-150400.3.42.1
* java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1
## References:
* https://www.suse.com/security/cve/CVE-2024-21011.html
* https://www.suse.com/security/cve/CVE-2024-21012.html
* https://www.suse.com/security/cve/CVE-2024-21068.html
* https://www.suse.com/security/cve/CVE-2024-21094.html
* https://bugzilla.suse.com/show_bug.cgi?id=1213470
* https://bugzilla.suse.com/show_bug.cgi?id=1222979
* https://bugzilla.suse.com/show_bug.cgi?id=1222983
* https://bugzilla.suse.com/show_bug.cgi?id=1222986
* https://bugzilla.suse.com/show_bug.cgi?id=1222987
1
0
SUSE-SU-2024:1491-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)
by OPENSUSE-UPDATES 06 May '24
by OPENSUSE-UPDATES 06 May '24
06 May '24
# Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP5)
Announcement ID: SUSE-SU-2024:1491-1
Rating: important
References:
* bsc#1219079
Cross-References:
* CVE-2024-0775
CVSS scores:
* CVE-2024-0775 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2024-0775 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves one vulnerability can now be installed.
## Description:
This update for the Linux Kernel 5.14.21-150500_13_5 fixes one issue.
The following security issue was fixed:
* CVE-2024-0775: Fixed a use-after-free flaw was found in the __ext4_remount
in fs/ext4/super.c in ext4 (bsc#1219079).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2024-1491=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2024-1492=1
* openSUSE Leap 15.5
zypper in -t patch SUSE-2024-1492=1 SUSE-2024-1491=1
## Package List:
* SUSE Linux Enterprise Live Patching 15-SP5 (x86_64)
* kernel-livepatch-5_14_21-150500_11-rt-12-150500.3.1
* kernel-livepatch-5_14_21-150500_13_5-rt-11-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-11-150500.2.1
* kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-11-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-12-150500.3.1
* kernel-livepatch-5_14_21-150500_11-rt-debuginfo-12-150500.3.1
* openSUSE Leap 15.5 (x86_64)
* kernel-livepatch-5_14_21-150500_11-rt-12-150500.3.1
* kernel-livepatch-5_14_21-150500_13_5-rt-11-150500.2.1
* kernel-livepatch-5_14_21-150500_13_5-rt-debuginfo-11-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_1-debugsource-11-150500.2.1
* kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-12-150500.3.1
* kernel-livepatch-5_14_21-150500_11-rt-debuginfo-12-150500.3.1
## References:
* https://www.suse.com/security/cve/CVE-2024-0775.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219079
1
0
openSUSE-RU-2024:0116-1: moderate: Recommended update for mtail
by maintenance@opensuse.org 04 May '24
by maintenance@opensuse.org 04 May '24
04 May '24
openSUSE Recommended Update: Recommended update for mtail
______________________________________________________________________________
Announcement ID: openSUSE-RU-2024:0116-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP5
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for mtail fixes the following issues:
- Support service reload
- Switch to sysusers
- Repair system call filter induced startup failure
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-116=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):
mtail-3.0.0rc51-bp155.2.3.1
References:
1
0