August 2024 - openSUSE Updates - openSUSE Mailing Lists

SUSE-RU-2024:2996-1: important: Recommended update for cloud-regionsrv-client
by OPENSUSE-UPDATES 21 Aug '24

21 Aug '24

# Recommended update for cloud-regionsrv-client Announcement ID: SUSE-RU-2024:2996-1 Rating: important References: * bsc#1229137 Affected Products: * openSUSE Leap 15.3 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * openSUSE Leap Micro 5.5 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update for cloud-regionsrv-client fixes the following issues: * Fix docker.service fail to start in Public Cloud providers. (bsc#1229137) * The entry for the update infrastructure registry mirror was written incorrectly causing docker daemon startup to fail. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-2996=1 * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-2996=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2996=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2996=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2996=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2996=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2996=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2996=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-2996=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2024-2996=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-2996=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-2996=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2024-2996=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * openSUSE Leap 15.3 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * openSUSE Leap Micro 5.5 (aarch64 x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * openSUSE Leap Micro 5.5 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * openSUSE Leap 15.5 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * openSUSE Leap 15.6 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * Public Cloud Module 15-SP3 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * Public Cloud Module 15-SP4 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * Public Cloud Module 15-SP5 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 * Public Cloud Module 15-SP6 (aarch64 ppc64le s390x x86_64) * cloud-regionsrv-client-10.3.0-150300.13.6.1 * cloud-regionsrv-client-plugin-ec2-1.0.4-150300.13.6.1 * cloud-regionsrv-client-plugin-gce-1.0.0-150300.13.6.1 * cloud-regionsrv-client-plugin-azure-2.0.0-150300.13.6.1 * cloud-regionsrv-client-generic-config-1.0.0-150300.13.6.1 * Public Cloud Module 15-SP6 (noarch) * cloud-regionsrv-client-addon-azure-1.0.5-150300.13.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1229137

1 0

openSUSE-SU-2024:0257-1: moderate: Security update for roundcubemail
by opensuse-security＠opensuse.org 21 Aug '24

21 Aug '24

openSUSE Security Update: Security update for roundcubemail ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0257-1 Rating: moderate References: #1216895 Cross-References: CVE-2023-47272 CVSS scores: CVE-2023-47272 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for roundcubemail fixes the following issues: Update to 1.6.7 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerabilities: * Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes. Reported by Valentin T. and Lutz Wolf of CrowdStrike. * Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences. Reported by Huy Nguyễn Phạm Nhật. * Fix command injection via crafted im_convert_path/im_identify_path on Windows. Reported by Huy Nguyễn Phạm Nhật. CHANGELOG * Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313) * Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312) * Fix bug in collapsing/expanding folders with some special characters in names (#9324) * Fix PHP8 warnings (#9363, #9365, #9429) * Fix missing field labels in CSV import, for some locales (#9393) * Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes * Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences * Fix command injection via crafted im_convert_path/im_identify_path on Windows Update to 1.6.6: * Fix regression in handling LDAP search_fields configuration parameter (#9210) * Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3 * Fix page jump menu flickering on click (#9196) * Update to TinyMCE 5.10.9 security release (#9228) * Fix PHP8 warnings (#9235, #9238, #9242, #9306) * Fix saving other encryption settings besides enigma's (#9240) * Fix unneeded php command use in installto.sh and deluser.sh scripts (#9237) * Fix TinyMCE localization installation (#9266) * Fix bug where trailing non-ascii characters in email addresses could have been removed in recipient input (#9257) * Fix IMAP GETMETADATA command with options - RFC5464 Update to 1.6.5 (boo#1216895): * Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download CVE-2023-47272 Other changes: * Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) * Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166) * Fix PHP warnings (#9174) * Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175) * Fix bug where images attached to application/smil messages weren't displayed (#8870) * Fix PHP string replacement error in utils/error.php (#9185) * Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-257=1 Package List: - openSUSE Backports SLE-15-SP5 (noarch): roundcubemail-1.6.7-bp155.2.9.1 References: https://www.suse.com/security/cve/CVE-2023-47272.html https://bugzilla.suse.com/1216895

1 0

SUSE-RU-2024:2995-1: moderate: Recommended update for mysql-connector-java
by OPENSUSE-UPDATES 21 Aug '24

21 Aug '24

# Recommended update for mysql-connector-java Announcement ID: SUSE-RU-2024:2995-1 Rating: moderate References: * bsc#1229150 Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 An update that has one fix can now be installed. ## Description: This update for mysql-connector-java fixes the following issue: * Null pointer exception fixes as reported from (bsc#1229150). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2995=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2995=1 ## Package List: * openSUSE Leap 15.5 (noarch) * mysql-connector-java-8.4.0-150200.3.24.2 * openSUSE Leap 15.6 (noarch) * mysql-connector-java-8.4.0-150200.3.24.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1229150

1 0

SUSE-RU-2024:2992-1: moderate: Recommended update for regionServiceClientConfigEC2
by OPENSUSE-UPDATES 20 Aug '24

20 Aug '24

# Recommended update for regionServiceClientConfigEC2 Announcement ID: SUSE-RU-2024:2992-1 Rating: moderate References: * bsc#1218656 * bsc#1228363 Affected Products: * openSUSE Leap 15.5 * openSUSE Leap 15.6 * openSUSE Leap Micro 5.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * Public Cloud Module 15-SP6 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update for regionServiceClientConfigEC2 contains the following fixes: * Update to version 4.3.0 (bsc#1228363) * The IPv6 cert was switched up for the region server running in us-west-2 and as such the SSL handshake was failing. Drop the incorrect cert and add the correct cert. * Switch the patch syntax away form the deprecated shorthand macro * Version 4.2.0 Replace certs (length 4096): rgnsrv-ec2-cn-north1 -> 54.223.148.145 expires in 8 years rgnsrv-ec2-us-west2-2 -> 54.245.101.47 expires in 9 years Sidenote: We have one server with a short cert (2048) left; 34.197.223.242 expires in 2027 * Version 4.1.1 Add patch no-ipv6.patch to not serve IPv6 addresses on SLES12 Related to bsc#1218656 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.5 zypper in -t patch openSUSE-Leap-Micro-5.5-2024-2992=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2992=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2992=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2992=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2992=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2992=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2992=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2024-2992=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2024-2992=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2024-2992=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2024-2992=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2024-2992=1 * Public Cloud Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP6-2024-2992=1 ## Package List: * openSUSE Leap Micro 5.5 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * openSUSE Leap 15.5 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * openSUSE Leap 15.6 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * SUSE Linux Enterprise Micro 5.5 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * Public Cloud Module 15-SP2 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * Public Cloud Module 15-SP3 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * Public Cloud Module 15-SP4 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * Public Cloud Module 15-SP5 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 * Public Cloud Module 15-SP6 (noarch) * regionServiceClientConfigEC2-4.3.0-150000.3.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1218656 * https://bugzilla.suse.com/show_bug.cgi?id=1228363

1 0

openSUSE-RU-2024:0256-1: moderate: Recommended update for yast2-theme
by maintenance＠opensuse.org 20 Aug '24

20 Aug '24

openSUSE Recommended Update: Recommended update for yast2-theme ______________________________________________________________________________ Announcement ID: openSUSE-RU-2024:0256-1 Rating: moderate References: #1229282 Affected Products: openSUSE Leap 15.6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-theme refreshes the 15.6 main repo. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.6: zypper in -t patch openSUSE-2024-256=1 Package List: - openSUSE Leap 15.6 (noarch): yast2-theme-4.6.0-lp156.2.4.1 yast2-theme-breeze-4.6.0-lp156.2.4.1 yast2-theme-oxygen-4.6.0-lp156.2.4.1 References: https://bugzilla.suse.com/1229282

1 0

SUSE-RU-2024:2017-1: important: Recommended update for transactional-update
by OPENSUSE-UPDATES 20 Aug '24

20 Aug '24

# Recommended update for transactional-update Announcement ID: SUSE-RU-2024:2017-1 Rating: important References: * bsc#1221346 Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that has one fix can now be installed. ## Description: This update for transactional-update fixes the following issues: * tukit: Properly handle overlay syncing failures: If the system would not be rebooted and several snapshots accumulated in the meantime, it was possible that the previous base snapshot "required for /etc syncing" was deleted already. In that case changes in /etc might have been reset (gh#openSUSE/transactional-update#116) (gh#kube-hetzner/terraform-hcloud- kube-hetzner#1287) * Always use zypper of installed system (bsc#1221346) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2024-2017=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2017=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2017=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.9.3 * dracut-transactional-update-4.1.8-150400.3.9.3 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * tukitd-debuginfo-4.1.8-150400.3.9.3 * libtukit4-debuginfo-4.1.8-150400.3.9.3 * tukit-4.1.8-150400.3.9.3 * tukitd-4.1.8-150400.3.9.3 * transactional-update-debugsource-4.1.8-150400.3.9.3 * transactional-update-debuginfo-4.1.8-150400.3.9.3 * libtukit4-4.1.8-150400.3.9.3 * tukit-debuginfo-4.1.8-150400.3.9.3 * transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.9.3 * dracut-transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * tukitd-debuginfo-4.1.8-150400.3.9.3 * libtukit4-debuginfo-4.1.8-150400.3.9.3 * tukit-4.1.8-150400.3.9.3 * tukitd-4.1.8-150400.3.9.3 * transactional-update-debugsource-4.1.8-150400.3.9.3 * transactional-update-debuginfo-4.1.8-150400.3.9.3 * libtukit4-4.1.8-150400.3.9.3 * tukit-debuginfo-4.1.8-150400.3.9.3 * transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro 5.3 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.9.3 * dracut-transactional-update-4.1.8-150400.3.9.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * tukitd-debuginfo-4.1.8-150400.3.9.3 * libtukit4-debuginfo-4.1.8-150400.3.9.3 * tukit-4.1.8-150400.3.9.3 * tukitd-4.1.8-150400.3.9.3 * transactional-update-debugsource-4.1.8-150400.3.9.3 * transactional-update-debuginfo-4.1.8-150400.3.9.3 * libtukit4-4.1.8-150400.3.9.3 * tukit-debuginfo-4.1.8-150400.3.9.3 * transactional-update-4.1.8-150400.3.9.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1221346

1 0

SUSE-RU-2024:2025-1: important: Recommended update for transactional-update
by OPENSUSE-UPDATES 20 Aug '24

20 Aug '24

# Recommended update for transactional-update Announcement ID: SUSE-RU-2024:2025-1 Rating: important References: * bsc#1221346 Affected Products: * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has one fix can now be installed. ## Description: This update for transactional-update fixes the following issues: * tukit: Properly handle overlay syncing failures: If the system would not be rebooted and several snapshots accumulated in the meantime, it was possible that the previous base snapshot "required for /etc syncing" was deleted already. In that case changes in /etc might have been reset (gh#openSUSE/transactional-update#116) (gh#kube-hetzner/terraform-hcloud- kube-hetzner#1287) * Always use zypper of installed system (bsc#1221346) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2024-2025=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2025=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2024-2025=1 ## Package List: * openSUSE Leap Micro 5.4 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.6.4 * dracut-transactional-update-4.1.8-150400.3.6.4 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * libtukit4-debuginfo-4.1.8-150400.3.6.4 * transactional-update-debugsource-4.1.8-150400.3.6.4 * tukitd-debuginfo-4.1.8-150400.3.6.4 * libtukit4-4.1.8-150400.3.6.4 * tukit-debuginfo-4.1.8-150400.3.6.4 * transactional-update-debuginfo-4.1.8-150400.3.6.4 * tukitd-4.1.8-150400.3.6.4 * transactional-update-4.1.8-150400.3.6.4 * tukit-4.1.8-150400.3.6.4 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.6.4 * dracut-transactional-update-4.1.8-150400.3.6.4 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libtukit4-debuginfo-4.1.8-150400.3.6.4 * transactional-update-debugsource-4.1.8-150400.3.6.4 * tukitd-debuginfo-4.1.8-150400.3.6.4 * libtukit4-4.1.8-150400.3.6.4 * tukit-debuginfo-4.1.8-150400.3.6.4 * transactional-update-debuginfo-4.1.8-150400.3.6.4 * tukitd-4.1.8-150400.3.6.4 * transactional-update-4.1.8-150400.3.6.4 * tukit-4.1.8-150400.3.6.4 * SUSE Linux Enterprise Micro 5.4 (noarch) * transactional-update-zypp-config-4.1.8-150400.3.6.4 * dracut-transactional-update-4.1.8-150400.3.6.4 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libtukit4-debuginfo-4.1.8-150400.3.6.4 * transactional-update-debugsource-4.1.8-150400.3.6.4 * tukitd-debuginfo-4.1.8-150400.3.6.4 * libtukit4-4.1.8-150400.3.6.4 * tukit-debuginfo-4.1.8-150400.3.6.4 * transactional-update-debuginfo-4.1.8-150400.3.6.4 * tukitd-4.1.8-150400.3.6.4 * transactional-update-4.1.8-150400.3.6.4 * tukit-4.1.8-150400.3.6.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1221346

1 0

SUSE-SU-2024:1499-2: low: Security update for java-17-openjdk
by OPENSUSE-UPDATES 20 Aug '24

20 Aug '24

# Security update for java-17-openjdk Announcement ID: SUSE-SU-2024:1499-2 Rating: low References: * bsc#1213470 * bsc#1222979 * bsc#1222983 * bsc#1222986 * bsc#1222987 Cross-References: * CVE-2024-21011 * CVE-2024-21012 * CVE-2024-21068 * CVE-2024-21094 CVSS scores: * CVE-2024-21011 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21012 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21068 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21094 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP6 * Legacy Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities and has one security fix can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: * CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) * CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) * CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) * CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with "Exceeded _node_regs array" (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: \- Update to upstream tag jdk-17.0.11+9 (April 2024 CPU) * Security fixes \+ JDK-8318340: Improve RSA key implementations * Other changes \+ JDK-6928542: Chinese characters in RTF are not decoded \+ JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS \+ JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. \+ JDK-7167356: (javac) investigate failing tests in JavacParserTest \+ JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking \+ JDK-8054572: [macosx] JComboBox paints the border incorrectly \+ JDK-8169475: WheelModifier.java fails by timeout \+ JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean \+ JDK-8209595: MonitorVmStartTerminate.java timed out \+ JDK-8210410: Refactor java.util.Currency:i18n shell tests to plain java tests \+ JDK-8261404: Class.getReflectionFactory() is not thread-safe \+ JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from \+ JDK-8263256: Test java/net/Inet6Address/serialize/ /Inet6AddressSerializationTest.java fails due to dynamic reconfigurations of network interface during test \+ JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout \+ JDK-8271118: C2: StressGCM should have higher priority than frequency-based policy \+ JDK-8271616: oddPart in MutableBigInteger::mutableModInverse contains info on final result \+ JDK-8272811: Document the effects of building with _GNU_SOURCE in os_posix.hpp \+ JDK-8272853: improve `JavadocTester.runTests` \+ JDK-8273454: C2: Transform (-a) _(-b) into a_ b \+ JDK-8274060: C2: Incorrect computation after JDK-8273454 \+ JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 \+ JDK-8274621: NullPointerException because listenAddress[0] is null \+ JDK-8274632: Possible pointer overflow in PretouchTask chunk claiming \+ JDK-8274634: Use String.equals instead of String.compareTo in java.desktop \+ JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id \+ JDK-8278028: [test-library] Warnings cleanup of the test library \+ JDK-8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses \+ JDK-8278363: Create extented container test groups \+ JDK-8280241: (aio) AsynchronousSocketChannel init fails in IPv6 only Windows env \+ JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. \+ JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp \+ JDK-8281585: Remove unused imports under test/lib and jtreg/gc \+ JDK-8283400: [macos] a11y : Screen magnifier does not reflect JRadioButton value change \+ JDK-8283626: AArch64: Set relocInfo::offset_unit to 4 \+ JDK-8283994: Make Xerces DatatypeException stackless \+ JDK-8286312: Stop mixing signed and unsigned types in bit operations \+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 \+ JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java failed with "Expected two batches of Active Setting events" \+ JDK-8288663: JFR: Disabling the JfrThreadSampler commits only a partially disabled state \+ JDK-8288846: misc tests fail "assert(ms < 1000) failed: Un-interruptable sleep, short time use only" \+ JDK-8289764: gc/lock tests failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" \+ JDK-8290041: ModuleDescriptor.hashCode is inconsistent \+ JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/ /capability/CM03/cm03t001/TestDescription.java on linux-all \+ JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed \+ JDK-8292458: Atomic operations on scoped enums don't build with clang \+ JDK-8292946: GC lock/jni/jnilock001 test failed "assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row" \+ JDK-8293117: Add atomic bitset functions \+ JDK-8293547: Add relaxed add_and_fetch for macos aarch64 atomics \+ JDK-8294158: HTML formatting for PassFailJFrame instructions \+ JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure \+ JDK-8294535: Add screen capture functionality to PassFailJFrame \+ JDK-8295068: SSLEngine throws NPE parsing CertificateRequests \+ JDK-8295124: Atomic::add to pointer type may return wrong value \+ JDK-8295274: HelidonAppTest.java fails "assert(event->should_commit()) failed: invariant" from compiled frame" \+ JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts \+ JDK-8297968: Crash in PrintOptoAssembly \+ JDK-8298087: XML Schema Validation reports an required attribute twice via ErrorHandler \+ JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found \+ JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF \+ JDK-8301306: java/net/httpclient/ _fail with -Xcomp \+ JDK-8301310: The SendRawSysexMessage test may cause a JVM crash \+ JDK-8301787: java/net/httpclient/SpecialHeadersTest failing after JDK-8301306 \+ JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library \+ JDK-8302017: Allocate BadPaddingException only if it will be thrown \+ JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/ /TestAMEnotNPE.java \+ JDK-8303605: Memory leaks in Metaspace gtests \+ JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM \+ JDK-8304696: Duplicate class names in dynamicArchive tests can lead to test failure \+ JDK-8305356: Fix ignored bad CompileCommands in tests \+ JDK-8305900: Use loopback IP addresses in security policy files of httpclient tests \+ JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address \+ JDK-8305962: update jcstress to 0.16 \+ JDK-8305972: Update XML Security for Java to 3.0.2 \+ JDK-8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate \+ JDK-8306408: Fix the format of several tables in building.md \+ JDK-8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock \+ JDK-8307926: Support byte-sized atomic bitset operations \+ JDK-8307955: Prefer to PTRACE_GETREGSET instead of PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs' \+ JDK-8307990: jspawnhelper must close its writing side of a pipe before reading from it \+ JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating \+ JDK-8308245: Add -proc:full to describe current default annotation processing policy \+ JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use \+ JDK-8309302: java/net/Socket/Timeouts.java fails with AssertionError on test temporal post condition \+ JDK-8309305: sun/security/ssl/SSLSocketImpl/ /BlockedAsyncClose.java fails with jtreg test timeout \+ JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop \+ JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect announcements of JRadioButton \+ JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing \+ JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers \+ JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails \+ JDK-8310380: Handle problems in core-related tests on macOS when codesign tool does not work \+ JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is spuriously passing \+ JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out \+ JDK-8310838: Correct range notations in MethodTypeDesc specification \+ JDK-8310844: [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate \+ JDK-8310923: Refactor Currency tests to use JUnit \+ JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform \+ JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem \+ JDK-8311581: Remove obsolete code and comments in TestLVT.java \+ JDK-8311645: Memory leak in jspawnhelper spawnChild after JDK-8307990 \+ JDK-8311986: Disable runtime/os/TestTracePageSizes.java for ShenandoahGC \+ JDK-8312428: PKCS11 tests fail with NSS 3.91 \+ JDK-8312434: SPECjvm2008/xml.transform with CDS fails with "can't seal package nu.xom" \+ JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 \+ JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles \+ JDK-8313206: PKCS11 tests silently skip execution \+ JDK-8313575: Refactor PKCS11Test tests \+ JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/ /TestFloatingDecimal should use RandomFactory \+ JDK-8313643: Update HarfBuzz to 8.2.2 \+ JDK-8313816: Accessing jmethodID might lead to spurious crashes \+ JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout \+ JDK-8314220: Configurable InlineCacheBuffer size \+ JDK-8314830: runtime/ErrorHandling/ tests ignore external VM flags \+ JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder \+ JDK-8315042: NPE in PKCS7.parseOldSignedData \+ JDK-8315594: Open source few headless Swing misc tests \+ JDK-8315600: Open source few more headless Swing misc tests \+ JDK-8315602: Open source swing security manager test \+ JDK-8315611: Open source swing text/html and tree test \+ JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch \+ JDK-8315731: Open source several Swing Text related tests \+ JDK-8315761: Open source few swing JList and JMenuBar tests \+ JDK-8315920: C2: "control input must dominate current control" assert failure \+ JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location \+ JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm \+ JDK-8316028: Update FreeType to 2.13.2 \+ JDK-8316030: Update Libpng to 1.6.40 \+ JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests \+ JDK-8316304: (fs) Add support for BasicFileAttributes .creationTime() for Linux \+ JDK-8316392: compiler/interpreter/ /TestVerifyStackAfterDeopt.java failed with SIGBUS in PcDescContainer::find_pc_desc_internal \+ JDK-8316414: C2: large byte array clone triggers "failed: malformed control flow" assertion failure on linux-x86 \+ JDK-8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests \+ JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java get OOM killed with Parallel GC \+ JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/ /CheckOrigin.java as vm.flagless \+ JDK-8316679: C2 SuperWord: wrong result, load should not be moved before store if not comparable \+ JDK-8316693: Simplify at-requires checkDockerSupport() \+ JDK-8316929: Shenandoah: Shenandoah degenerated GC and full GC need to cleanup old OopMapCache entries \+ JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly \+ JDK-8317039: Enable specifying the JDK used to run jtreg \+ JDK-8317144: Exclude sun/security/pkcs11/sslecc/ /ClientJSSEServerJSSE.java on Linux ppc64le \+ JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information \+ JDK-8317603: Improve exception messages thrown by sun.nio.ch.Net native methods (win) \+ JDK-8317771: [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma \+ JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039 \+ JDK-8317960: [17u] Excessive CPU usage on AbstractQueuedSynchronized.isEnqueued \+ JDK-8318154: Improve stability of WheelModifier.java test \+ JDK-8318183: C2: VM may crash after hitting node limit \+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows \+ JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 \+ JDK-8318490: Increase timeout for JDK tests that are close to the limit when run with libgraal \+ JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java \+ JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests \+ JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests \+ JDK-8318689: jtreg is confused when folder name is the same as the test name \+ JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed: Address already in use" \+ JDK-8318951: Additional negative value check in JPEG decoding \+ JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return \+ JDK-8318957: Enhance agentlib:jdwp help output by info about allow option \+ JDK-8318961: increase javacserver connection timeout values and max retry attempts \+ JDK-8318971: Better Error Handling for Jar Tool When Processing Non- existent Files \+ JDK-8318983: Fix comment typo in PKCS12Passwd.java \+ JDK-8319124: Update XML Security for Java to 3.0.3 \+ JDK-8319213: Compatibility.java reads both stdout and stderr of JdkUtils \+ JDK-8319436: Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader \+ JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes \+ JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh \+ JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21 \+ JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks \+ JDK-8320001: javac crashes while adding type annotations to the return type of a constructor \+ JDK-8320168: handle setsocktopt return values \+ JDK-8320208: Update Public Suffix List to b5bf572 \+ JDK-8320300: Adjust hs_err output in malloc/mmap error cases \+ JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity \+ JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly \+ JDK-8320798: Console read line with zero out should zero out underlying buffer \+ JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11 \+ JDK-8320921: GHA: Parallelize hotspot_compiler test jobs \+ JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp \+ JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions \+ JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode \+ JDK-8321408: Add Certainly roots R1 and E1 \+ JDK-8321480: ISO 4217 Amendment 176 Update \+ JDK-8321599: Data loss in AVX3 Base64 decoding \+ JDK-8321815: Shenandoah: gc state should be synchronized to java threads only once per safepoint \+ JDK-8321972: test runtime/Unsafe/InternalErrorTest.java timeout on linux-riscv64 platform \+ JDK-8322098: os::Linux::print_system_memory_info enhance the THP output with /sys/kernel/mm/transparent_hugepage/hpage_pmd_size \+ JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces \+ JDK-8322417: Console read line with zero out should zero out when throwing exception \+ JDK-8322583: RISC-V: Enable fast class initialization checks \+ JDK-8322725: (tz) Update Timezone Data to 2023d \+ JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray \+ JDK-8322772: Clean up code after JDK-8322417 \+ JDK-8322783: prioritize /etc/os-release over /etc/SuSE-release in hs_err/info output \+ JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests \+ JDK-8323008: filter out harmful -std_ flags added by autoconf from CXX \+ JDK-8323021: Shenandoah: Encountered reference count always attributed to first worker thread \+ JDK-8323086: Shenandoah: Heap could be corrupted by oom during evacuation \+ JDK-8323243: JNI invocation of an abstract instance method corrupts the stack \+ JDK-8323331: fix typo hpage_pdm_size \+ JDK-8323428: Shenandoah: Unused memory in regions compacted during a full GC should be mangled \+ JDK-8323515: Create test alias "all" for all test roots \+ JDK-8323637: Capture hotspot replay files in GHA \+ JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed \+ JDK-8323806: [17u] VS2017 build fails with warning after 8293117\. \+ JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" \+ JDK-8324280: RISC-V: Incorrect implementation in VM_Version::parse_satp_mode \+ JDK-8324347: Enable "maybe-uninitialized" warning for FreeType 2.13.1 \+ JDK-8324514: ClassLoaderData::print_on should print address of class loader \+ JDK-8324647: Invalid test group of lib-test after JDK-8323515 \+ JDK-8324659: GHA: Generic jtreg errors are not reported \+ JDK-8324937: GHA: Avoid multiple test suites per job \+ JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing \+ JDK-8325150: (tz) Update Timezone Data to 2024a \+ JDK-8325585: Remove no longer necessary calls to set/unset-in-asgct flag in JDK 17 \+ JDK-8326000: Remove obsolete comments for class sun.security.ssl.SunJSSE \+ JDK-8327036: [macosx- aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 \+ JDK-8327391: Add SipHash attribution file \+ JDK-8329836: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11 * Removed the possibility to use the system timezone-java (bsc#1213470). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1499=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2024-1499=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-1499=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-demo-17.0.11.0-150400.3.42.1 * java-17-openjdk-devel-17.0.11.0-150400.3.42.1 * java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-17.0.11.0-150400.3.42.1 * java-17-openjdk-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-src-17.0.11.0-150400.3.42.1 * java-17-openjdk-jmods-17.0.11.0-150400.3.42.1 * openSUSE Leap 15.6 (noarch) * java-17-openjdk-javadoc-17.0.11.0-150400.3.42.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-devel-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-devel-17.0.11.0-150400.3.42.1 * java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-17.0.11.0-150400.3.42.1 * java-17-openjdk-17.0.11.0-150400.3.42.1 * java-17-openjdk-headless-debuginfo-17.0.11.0-150400.3.42.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-debuginfo-17.0.11.0-150400.3.42.1 * java-17-openjdk-demo-17.0.11.0-150400.3.42.1 * java-17-openjdk-debugsource-17.0.11.0-150400.3.42.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21011.html * https://www.suse.com/security/cve/CVE-2024-21012.html * https://www.suse.com/security/cve/CVE-2024-21068.html * https://www.suse.com/security/cve/CVE-2024-21094.html * https://bugzilla.suse.com/show_bug.cgi?id=1213470 * https://bugzilla.suse.com/show_bug.cgi?id=1222979 * https://bugzilla.suse.com/show_bug.cgi?id=1222983 * https://bugzilla.suse.com/show_bug.cgi?id=1222986 * https://bugzilla.suse.com/show_bug.cgi?id=1222987

1 0

SUSE-SU-2024:2786-1: important: Security update for java-1_8_0-openjdk
by OPENSUSE-UPDATES 20 Aug '24

20 Aug '24

# Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2024:2786-1 Rating: important References: * bsc#1228046 * bsc#1228047 * bsc#1228048 * bsc#1228050 * bsc#1228051 * bsc#1228052 Cross-References: * CVE-2024-21131 * CVE-2024-21138 * CVE-2024-21140 * CVE-2024-21144 * CVE-2024-21145 * CVE-2024-21147 CVSS scores: * CVE-2024-21131 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2024-21138 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21140 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21144 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-21145 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2024-21147 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * Legacy Module 15-SP5 * Legacy Module 15-SP6 * openSUSE Leap 15.5 * openSUSE Leap 15.6 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u422 (icedtea-3.32.0): * Security fixes * JDK-8314794, CVE-2024-21131, bsc#1228046: Improve UTF8 String supports * JDK-8319859, CVE-2024-21138, bsc#1228047: Better symbol storage * JDK-8320097: Improve Image transformations * JDK-8320548, CVE-2024-21140, bsc#1228048: Improved loop handling * JDK-8322106, CVE-2024-21144, bsc#1228050: Enhance Pack 200 loading * JDK-8323231, CVE-2024-21147, bsc#1228052: Improve array management * JDK-8323390: Enhance mask blit functionality * JDK-8324559, CVE-2024-21145, bsc#1228051: Improve 2D image handling * JDK-8325600: Better symbol storage * Import of OpenJDK 8 u422 build 05 * JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105 * JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings * JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/ /bug7123767.java: number of checked graphics configurations should be limited * JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails * JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails * JDK-8205407: [windows, vs<2017] C4800 after 8203197 * JDK-8235834: IBM-943 charset encoder needs updating * JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly" * JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled * JDK-8256152: tests fail because of ambiguous method resolution * JDK-8258855: Two tests sun/security/krb5/auto/ /ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3 * JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info. * JDK-8268916: Tests for AffirmTrust roots * JDK-8278067: Make HttpURLConnection default keep alive timeout configurable * JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 * JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value * JDK-8291638: Keep-Alive timeout of 0 should close connection immediately * JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections * JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL * JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM * JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 * JDK-8315020: The macro definition for LoongArch64 zero build is not accurate. * JDK-8316138: Add GlobalSign 2 TLS root certificates * JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows * JDK-8320005: Allow loading of shared objects with .a extension on AIX * JDK-8324185: [8u] Accept Xcode 12+ builds on macOS * JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing * JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test * JDK-8326686: Bump update version of OpenJDK: 8u422 * JDK-8327440: Fix "bad source file" error during beaninfo generation * JDK-8328809: [8u] Problem list some CA tests * JDK-8328825: Google CAInterop test failures * JDK-8329544: [8u] sun/security/krb5/auto/ /ReplayCacheTestProc.java cannot find the testlibrary * JDK-8331791: [8u] AIX build break from JDK-8320005 backport * JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test * JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes * Bug fixes * JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye * JDK-8333669: [8u] GHA: Dead VS2010 download link * JDK-8318039: GHA: Bump macOS and Xcode versions ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-2786=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-2786=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2024-2786=1 * Legacy Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP6-2024-2786=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2786=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2786=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2786=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2786=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2786=1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2786=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2786=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2786=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-src-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-accessibility-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.422-150000.3.97.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-src-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-accessibility-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * openSUSE Leap 15.6 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.422-150000.3.97.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * Legacy Module 15-SP6 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-debugsource-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.422-150000.3.97.1 * java-1_8_0-openjdk-1.8.0.422-150000.3.97.1 ## References: * https://www.suse.com/security/cve/CVE-2024-21131.html * https://www.suse.com/security/cve/CVE-2024-21138.html * https://www.suse.com/security/cve/CVE-2024-21140.html * https://www.suse.com/security/cve/CVE-2024-21144.html * https://www.suse.com/security/cve/CVE-2024-21145.html * https://www.suse.com/security/cve/CVE-2024-21147.html * https://bugzilla.suse.com/show_bug.cgi?id=1228046 * https://bugzilla.suse.com/show_bug.cgi?id=1228047 * https://bugzilla.suse.com/show_bug.cgi?id=1228048 * https://bugzilla.suse.com/show_bug.cgi?id=1228050 * https://bugzilla.suse.com/show_bug.cgi?id=1228051 * https://bugzilla.suse.com/show_bug.cgi?id=1228052

1 0

SUSE-SU-2024:2977-1: important: Security update for qemu
by OPENSUSE-UPDATES 20 Aug '24

20 Aug '24

# Security update for qemu Announcement ID: SUSE-SU-2024:2977-1 Rating: important References: * bsc#1212968 * bsc#1215311 * bsc#1227322 Cross-References: * CVE-2023-2861 * CVE-2024-4467 CVSS scores: * CVE-2023-2861 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2023-2861 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2024-4467 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves two vulnerabilities and has one security fix can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2023-2861: Fixed improper access control on special files via 9p protocol (bsc#1212968) * CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) Other fixes: \- Fixed qemu build compilation with binutils 2.41 upgrade (bsc#1215311) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2024-2977=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2977=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2977=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2977=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-2977=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-2977=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2977=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-2977=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-vhost-user-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-vhost-user-gpu-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ivshmem-tools-debuginfo-5.2.0-150300.130.1 * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-linux-user-debuginfo-5.2.0-150300.130.1 * qemu-block-nfs-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-block-gluster-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-ppc-5.2.0-150300.130.1 * qemu-block-dmg-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-testsuite-5.2.0-150300.130.2 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-hw-usb-smartcard-5.2.0-150300.130.1 * qemu-block-nfs-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ppc-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * qemu-ivshmem-tools-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-block-gluster-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-extra-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-block-dmg-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * qemu-linux-user-5.2.0-150300.130.1 * qemu-linux-user-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-extra-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.130.1 * qemu-hw-usb-smartcard-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * openSUSE Leap 15.3 (s390x x86_64 i586) * qemu-kvm-5.2.0-150300.130.1 * openSUSE Leap 15.3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-SLOF-5.2.0-150300.130.1 * qemu-skiboot-5.2.0-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-microvm-5.2.0-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-kvm-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le x86_64) * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-SLOF-5.2.0-150300.130.1 * qemu-skiboot-5.2.0-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * qemu-ppc-debuginfo-5.2.0-150300.130.1 * qemu-ppc-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x x86_64) * qemu-kvm-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.130.1 * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-SLOF-5.2.0-150300.130.1 * qemu-skiboot-5.2.0-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * qemu-ppc-debuginfo-5.2.0-150300.130.1 * qemu-ppc-5.2.0-150300.130.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-kvm-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.130.1 * qemu-ui-gtk-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-block-ssh-5.2.0-150300.130.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.130.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-app-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-curses-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-lang-5.2.0-150300.130.1 * qemu-ui-curses-debuginfo-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-block-iscsi-5.2.0-150300.130.1 * qemu-chardev-baum-5.2.0-150300.130.1 * qemu-ksm-5.2.0-150300.130.1 * qemu-block-rbd-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-block-ssh-debuginfo-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-block-curl-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-block-rbd-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * qemu-block-curl-5.2.0-150300.130.1 * SUSE Enterprise Storage 7.1 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Enterprise Storage 7.1 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Enterprise Storage 7.1 (x86_64) * qemu-audio-alsa-5.2.0-150300.130.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-kvm-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-audio-pa-5.2.0-150300.130.1 * qemu-audio-pa-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * qemu-chardev-spice-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-5.2.0-150300.130.1 * qemu-tools-5.2.0-150300.130.1 * qemu-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.130.1 * qemu-chardev-spice-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.130.1 * qemu-5.2.0-150300.130.1 * qemu-hw-usb-redirect-5.2.0-150300.130.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.130.1 * qemu-ui-spice-core-5.2.0-150300.130.1 * qemu-ui-opengl-5.2.0-150300.130.1 * qemu-audio-spice-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.130.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.130.1 * qemu-hw-display-qxl-5.2.0-150300.130.1 * qemu-debugsource-5.2.0-150300.130.1 * qemu-audio-spice-5.2.0-150300.130.1 * qemu-guest-agent-debuginfo-5.2.0-150300.130.1 * qemu-tools-debuginfo-5.2.0-150300.130.1 * qemu-guest-agent-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64) * qemu-arm-debuginfo-5.2.0-150300.130.1 * qemu-arm-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * qemu-sgabios-8-150300.130.1 * qemu-seabios-1.14.0_0_g155821a-150300.130.1 * qemu-ipxe-1.0.0+-150300.130.1 * qemu-vgabios-1.14.0_0_g155821a-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.130.1 * qemu-s390x-5.2.0-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * qemu-x86-debuginfo-5.2.0-150300.130.1 * qemu-x86-5.2.0-150300.130.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2861.html * https://www.suse.com/security/cve/CVE-2024-4467.html * https://bugzilla.suse.com/show_bug.cgi?id=1212968 * https://bugzilla.suse.com/show_bug.cgi?id=1215311 * https://bugzilla.suse.com/show_bug.cgi?id=1227322

1 0