----------------------------------------- Version 3.22 2024-08-28T09:00:24 ----------------------------------------- Patch: 9 Released: Fri Aug 9 10:33:34 2024 Summary: Recommended update for bash, libcap-ng, libselinux, libselinux-bindings, libsemanage, zypper Severity: low References: Description: This update fixes the following issues: - No change rebuild due to dependency changes. ----------------------------------------- Patch: 18 Released: Tue Aug 20 13:47:06 2024 Summary: Security update for nghttp2 Severity: important References: 1221399,CVE-2024-28182 Description: This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------- Version 3.22 2024-09-05T09:00:24 ----------------------------------------- Patch: 30 Released: Wed Sep 4 16:07:40 2024 Summary: Security update for curl Severity: moderate References: 1221665,1221666,1221667,1221668,1227888,1228535,CVE-2024-2004,CVE-2024-2379,CVE-2024-2398,CVE-2024-2466,CVE-2024-6197,CVE-2024-7264 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2024-7264: ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Freeing stack buffer in utf8asn1str (bsc#1227888) - CVE-2024-2379: QUIC certificate check bypass with wolfSSL (bsc#1221666) - CVE-2024-2466: TLS certificate check bypass with mbedTLS (bsc#1221668) - CVE-2024-2004: Usage of disabled protocol (bsc#1221665) - CVE-2024-2398: HTTP/2 push headers memory-leak (bsc#1221667) Non-security issue fixed: - Fixed various TLS related issues including FTP over SSL transmission timeouts. ----------------------------------------- Version 3.22 2024-09-12T09:00:24 ----------------------------------------- Patch: 44 Released: Wed Sep 11 13:33:01 2024 Summary: Security update for expat Severity: important References: 1221289,1229930,1229931,1229932,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 Description: This update for expat fixes the following issues: - CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932) - CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931) - CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930) - CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289)