-----------------------------------------
Version 6.0-Default-encrypted-Build10.1 2024-10-05T09:00:26

-----------------------------------------
Patch: 7
Released: Mon Jul 15 13:04:11 2024
Summary: Security update for less
Severity: important
References: 1222849,CVE-2024-32487
Description:
This update for less fixes the following issues:

- CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)


-----------------------------------------
Patch: 8
Released: Tue Jul 30 09:43:22 2024
Summary: Security update for openssh
Severity: critical
References: 1217950,1218215,1226642,1227318,CVE-2023-48795,CVE-2023-51385,CVE-2024-39894,CVE-2024-6387
Description:
This update for openssh fixes the following issues:

- CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318)
- CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642).


-----------------------------------------
Patch: 9
Released: Fri Aug  9 10:33:34 2024
Summary: Recommended update for bash, libcap-ng, libselinux, libselinux-bindings, libsemanage, zypper
Severity: low
References: 
Description:
This update fixes the following issues:

- No change rebuild due to dependency changes.


-----------------------------------------
Patch: 30
Released: Wed Sep  4 16:07:40 2024
Summary: Security update for curl
Severity: moderate
References: 1221665,1221666,1221667,1221668,1227888,1228535,CVE-2024-2004,CVE-2024-2379,CVE-2024-2398,CVE-2024-2466,CVE-2024-6197,CVE-2024-7264
Description:
This update for curl fixes the following issues:

Security issues fixed:

- CVE-2024-7264: ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Freeing stack buffer in utf8asn1str (bsc#1227888)
- CVE-2024-2379: QUIC certificate check bypass with wolfSSL (bsc#1221666)
- CVE-2024-2466: TLS certificate check bypass with mbedTLS (bsc#1221668)
- CVE-2024-2004: Usage of disabled protocol (bsc#1221665)
- CVE-2024-2398: HTTP/2 push headers memory-leak (bsc#1221667)

Non-security issue fixed:

- Fixed various TLS related issues including FTP over SSL transmission timeouts.


-----------------------------------------
Patch: 39
Released: Tue Sep 10 11:26:35 2024
Summary: Recommended update for salt
Severity: important
References: 1211649,1211888,1216063,1219001,1222684
Description:
This update for salt fixes the following issues:

- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix 'status.diskusage' function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Speed up salt.matcher.confirm_top by using __context__
- Do not call the async wrapper calls with the separate thread
- Prevent OOM with high amount of batch async calls (bsc#1216063)
- Add missing contextvars dependency in salt.version
- Skip tests for unsupported algorithm on old OpenSSL version
- Remove redundant `_file_find` call to the master
- Prevent possible exception in tornado.concurrent.Future._set_done
- Make reactor engine less blocking the EventPublisher
- Make salt-master self recoverable on killing EventPublisher
- Improve broken events catching and reporting
- Make logging calls lighter
- Remove unused import causing delays on starting salt-master
- Mark python3-CherryPy as recommended package for the testsuite
- Make 'man' a recommended package instead of required
- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions on containers
- Discover Ansible playbook files as '*.yml' or '*.yaml' files (bsc#1211888)
- Provide user(salt)/group(salt) capabilities for RPM 4.19
- Extend dependencies for python3-salt-testsuite and python3-salt packages
- Improve Salt and testsuite packages multibuild
- Enable multibuilld and create test flavor


-----------------------------------------
Patch: 44
Released: Wed Sep 11 13:33:01 2024
Summary: Security update for expat
Severity: important
References: 1221289,1229930,1229931,1229932,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492
Description:
This update for expat fixes the following issues:

- CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932) 
- CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931)
- CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930)
- CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289)