SUSE Image Update Advisory: ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:342-1 Image Tags : Image Release : Severity : critical Type : security References : 1065270 1127591 1168481 1176785 1178233 1186449 1186870 1187810 1189036 1191467 1191525 1195175 1195633 1198438 1198932 1199132 1199282 1199282 1199756 1200321 1200441 1200710 1201234 1201490 1202353 1203201 1203248 1203249 1203331 1203332 1203355 1203446 1203599 1203715 1203746 1204356 1204548 1204585 1204662 1204929 1204956 1205128 1205200 1205375 1205554 1205570 1205636 1206065 1206103 1206235 1206351 1206483 1206513 1206781 1206949 1206992 1207014 1207022 1207051 1207064 1207088 1207168 1207416 1207560 1207571 1207575 1207773 1207780 1207795 1207843 1207845 1207875 1207957 1207975 1207992 1208023 1208036 1208137 1208153 1208179 1208212 1208329 1208358 1208423 1208426 1208471 1208598 1208599 1208601 1208700 1208741 1208776 1208777 1208787 1208816 1208828 1208828 1208837 1208843 1208845 1208929 1208957 1208959 1208962 1208971 1209008 1209017 1209018 1209019 1209026 1209042 1209052 1209122 1209165 1209187 1209188 1209188 1209209 1209210 1209211 1209212 1209214 1209234 1209256 1209288 1209289 1209290 1209291 1209361 1209362 1209366 1209372 1209406 1209481 1209483 1209485 1209532 1209533 1209547 1209549 1209624 1209634 1209635 1209636 1209667 1209672 1209683 1209687 1209713 1209714 1209739 1209777 1209778 1209785 1209871 1209873 1209878 1209884 1209888 1210135 1210164 1210202 1210203 1210298 1210301 1210328 1210329 1210336 1210337 1210411 1210412 1210414 1210418 1210434 1210453 1210469 1210498 1210506 1210507 1210593 1210629 1210640 1210647 1210649 1210870 1211144 1211231 1211232 1211233 1211339 1211430 1211604 1211605 1211606 1211607 1211643 1211661 1211795 1212187 CVE-2017-5753 CVE-2020-36691 CVE-2021-3541 CVE-2021-3923 CVE-2022-2196 CVE-2022-23471 CVE-2022-29217 CVE-2022-29824 CVE-2022-32746 CVE-2022-36109 CVE-2022-36280 CVE-2022-38096 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 CVE-2022-43945 CVE-2022-4744 CVE-2022-4899 CVE-2023-0045 CVE-2023-0225 CVE-2023-0461 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0512 CVE-2023-0590 CVE-2023-0597 CVE-2023-0614 CVE-2023-0687 CVE-2023-0922 CVE-2023-1075 CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-1127 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 CVE-2023-1264 CVE-2023-1281 CVE-2023-1355 CVE-2023-1382 CVE-2023-1390 CVE-2023-1513 CVE-2023-1582 CVE-2023-1611 CVE-2023-1670 CVE-2023-1838 CVE-2023-1855 CVE-2023-1872 CVE-2023-1981 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2008 CVE-2023-2124 CVE-2023-2162 CVE-2023-2176 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23004 CVE-2023-23006 CVE-2023-23559 CVE-2023-23916 CVE-2023-23931 CVE-2023-24329 CVE-2023-24593 CVE-2023-25012 CVE-2023-25153 CVE-2023-25173 CVE-2023-25180 CVE-2023-25809 CVE-2023-2650 CVE-2023-26545 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-27561 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28327 CVE-2023-28328 CVE-2023-28464 CVE-2023-28466 CVE-2023-28484 CVE-2023-28486 CVE-2023-28487 CVE-2023-28642 CVE-2023-28772 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 CVE-2023-30630 CVE-2023-30772 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-32324 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:780-1 Released: Thu Mar 16 18:06:30 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1186449,1195175,1198438,1203331,1203332,1204356,1204662,1206103,1206351,1207051,1207575,1207773,1207795,1207845,1207875,1208023,1208153,1208212,1208700,1208741,1208776,1208816,1208837,1208845,1208971,CVE-2022-36280,CVE-2022-38096,CVE-2023-0045,CVE-2023-0590,CVE-2023-0597,CVE-2023-1118,CVE-2023-22995,CVE-2023-22998,CVE-2023-23000,CVE-2023-23006,CVE-2023-23559,CVE-2023-26545 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - mm/slub: fix panic in slab_alloc_node() (bsc#1208023). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that. - s390/kexec: fix ipl report address for kdump (bsc#1207575). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - update suse/net-mlx5-Allocate-individual-capability (bsc#1195175). - update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175). - update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175). - update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175). - update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175). - update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference. - vmxnet3: move rss code block under eop descriptor (bsc#1208212). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:781-1 Released: Thu Mar 16 19:07:00 2023 Summary: Security update for vim Type: security Severity: important References: 1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:784-1 Released: Thu Mar 16 19:33:52 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1205200,1205554 This update for grub2 fixes the following issues: - Remove zfs modules (bsc#1205554) - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:794-1 Released: Fri Mar 17 08:42:12 2023 Summary: Security update for python-PyJWT Type: security Severity: critical References: 1176785,1199282,1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756). - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 2.4.0 (bsc#1199756) - Explicit check the key for ECAlgorithm - Don't use implicit optionals - documentation fix: show correct scope - fix: Update copyright information - Don't mutate options dictionary in .decode_complete() - Add support for Python 3.10 - api_jwk: Add PyJWKSet.__getitem__ - Update usage.rst - Docs: mention performance reasons for reusing RSAPrivateKey when encoding - Fixed typo in usage.rst - Add detached payload support for JWS encoding and decoding - Replace various string interpolations with f-strings by ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:795-1 Released: Fri Mar 17 09:13:12 2023 Summary: Security update for docker Type: security Severity: moderate References: 1205375,1206065,CVE-2022-36109 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:847-1 Released: Tue Mar 21 13:27:57 2023 Summary: Security update for xen Type: security Severity: important References: 1209017,1209018,1209019,1209188,CVE-2022-42331,CVE-2022-42332,CVE-2022-42333,CVE-2022-42334 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1586-1 Released: Mon Mar 27 13:02:52 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1200710,1203746,1206781,1207022,1207843 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1628-1 Released: Tue Mar 28 12:28:51 2023 Summary: Security update for containerd Type: security Severity: important References: 1206235,CVE-2022-23471 This update for containerd fixes the following issues: - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - Re-build containerd to use updated golang-packaging (jsc#1342). - Update to containerd v1.6.16 for Docker v23.0.0-ce. * https://github.com/containerd/containerd/releases/tag/v1.6.16 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1687-1 Released: Wed Mar 29 17:52:28 2023 Summary: Security update for ldb, samba Type: security Severity: important References: 1201490,1207416,1209481,1209483,1209485,CVE-2022-32746,CVE-2023-0225,CVE-2023-0614,CVE-2023-0922 This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). samba: - CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481). - CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). The following non-security bug was fixed: - Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1691-1 Released: Thu Mar 30 09:51:28 2023 Summary: Security update for grub2 Type: security Severity: moderate References: 1209188 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1698-1 Released: Thu Mar 30 12:16:57 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1209361,1209362,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security fixes: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Other fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1763-1 Released: Tue Apr 4 14:35:52 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1810-1 Released: Tue Apr 11 12:06:13 2023 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1191467,1191525,1198932,1200321,1201234,1203446 This update for cups fixes the following issues: - Fix print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable) (bsc#1191525) - Fix '/usr/bin/lpr: Error - The printer or class does not exist (bsc#1203446) - Improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error (bsc#1191467, bsc#1198932) - Add 'After=network.target sssd.service' to the systemd unit (bsc#1201234, bsc#1200321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1811-1 Released: Tue Apr 11 12:11:23 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1207168,1207560,1208137,1208179,1208598,1208599,1208601,1208777,1208787,1208843,1209008,1209052,1209256,1209288,1209289,1209290,1209291,1209366,1209532,1209547,1209549,1209634,1209635,1209636,1209672,1209683,1209778,1209785,CVE-2017-5753,CVE-2021-3923,CVE-2022-4744,CVE-2023-0461,CVE-2023-1075,CVE-2023-1076,CVE-2023-1078,CVE-2023-1095,CVE-2023-1281,CVE-2023-1382,CVE-2023-1390,CVE-2023-1513,CVE-2023-1582,CVE-2023-23004,CVE-2023-25012,CVE-2023-28327,CVE-2023-28328,CVE-2023-28464,CVE-2023-28466,CVE-2023-28772 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). - Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1209785). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). - net: ena: optimize data access in fast-path code (bsc#1208137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1827-1 Released: Thu Apr 13 10:18:16 2023 Summary: Security update for containerd Type: security Severity: moderate References: 1208423,1208426,CVE-2023-25153,CVE-2023-25173 This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: - CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). - CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1886-1 Released: Tue Apr 18 11:15:49 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1204929,1208929 This update for dracut fixes the following issues: - Update to version 049.1+suse.251.g0b8dad5: * omission updates in conf files (bsc#1208929) * chown using rpc default group (bsc#1204929) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1932-1 Released: Thu Apr 20 18:40:58 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187810,1189036,1207064,1209165,1209234,1209372,1209667 This update for grub2 fixes the following issues: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) - Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1993-1 Released: Tue Apr 25 13:50:58 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1210328,CVE-2023-1981 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2003-1 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Type: security Severity: important References: 1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2148-1 Released: Tue May 9 17:05:48 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1202353,1205128,1206992,1207088,1209687,1209739,1209777,1209871,1210202,1210203,1210301,1210329,1210336,1210337,1210414,1210453,1210469,1210498,1210506,1210629,1210647,CVE-2020-36691,CVE-2022-2196,CVE-2022-43945,CVE-2023-1611,CVE-2023-1670,CVE-2023-1838,CVE-2023-1855,CVE-2023-1872,CVE-2023-1989,CVE-2023-1990,CVE-2023-1998,CVE-2023-2008,CVE-2023-2124,CVE-2023-2162,CVE-2023-2176,CVE-2023-30772 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - cifs: fix negotiate context parsing (bsc#1210301). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2166-1 Released: Wed May 10 20:18:51 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1209026 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.7 (bsc#1209026) + Include information about the cached registration data + Collect the data that is sent to the update infrastructure during registration ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2215-1 Released: Tue May 16 11:24:41 2023 Summary: Security update for dmidecode Type: security Severity: moderate References: 1210418,CVE-2023-30630 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2254-1 Released: Fri May 19 15:20:23 2023 Summary: Security update for containerd Type: security Severity: important References: 1210298 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important References: 1200441 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2278-1 Released: Wed May 24 07:56:35 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1210640 This update for dracut fixes the following issues: - Update to version 049.1+suse.253.g1008bf13: * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2347-1 Released: Thu Jun 1 14:33:10 2023 Summary: Security update for cups Type: security Severity: important References: 1211643,CVE-2023-32324 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2355-1 Released: Fri Jun 2 12:48:25 2023 Summary: Recommended update for librelp Type: recommended Severity: moderate References: 1210649 This update for librelp fixes the following issues: - update to librelp 1.11.0 (bsc#1210649) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2430-1 Released: Tue Jun 6 22:55:28 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: critical References: This update for supportutils-plugin-suse-public-cloud fixes the following issues: - This update will be delivered to SLE Micro. (SMO-219) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] The following package changes have been done: - containerd-ctr-1.6.19-150000.90.3 updated - containerd-1.6.19-150000.90.3 updated - cups-config-2.2.7-150000.3.43.1 updated - curl-7.66.0-150200.4.57.1 updated - dmidecode-3.2-150100.9.16.1 updated - docker-20.10.23_ce-150000.175.1 updated - dracut-049.1+suse.253.g1008bf13-150200.3.69.1 updated - elfutils-0.177-150300.11.6.1 updated - glibc-locale-base-2.31-150300.46.1 updated - glibc-locale-2.31-150300.46.1 updated - glibc-2.31-150300.46.1 updated - grub2-i386-pc-2.04-150300.22.37.1 updated - grub2-2.04-150300.22.37.1 updated - hwdata-0.368-150000.3.57.1 updated - kernel-default-5.3.18-150300.59.121.2 updated - libasm1-0.177-150300.11.6.1 updated - libavahi-client3-0.7-150100.3.24.1 updated - libavahi-common3-0.7-150100.3.24.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcares2-1.19.1-150000.3.23.1 updated - libcups2-2.2.7-150000.3.43.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libldb2-2.4.4-150300.3.23.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - librelp0-1.11.0-150000.3.3.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.13-150200.66.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - nfs-client-2.1.1-150100.10.32.1 updated - openssh-clients-8.4p1-150300.3.18.2 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-server-8.4p1-150300.3.18.2 updated - openssh-8.4p1-150300.3.18.2 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - procps-3.3.15-150000.7.31.1 updated - python3-PyJWT-2.4.0-150200.3.6.2 updated - python3-base-3.6.15-150300.10.45.1 updated - python3-cryptography-3.3.2-150200.19.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-3.6.15-150300.10.45.1 updated - rsyslog-module-relp-8.2106.0-150200.4.35.1 added - runc-1.1.5-150000.43.1 updated - samba-client-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 updated - samba-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 updated - shadow-4.8.1-150300.4.6.1 updated - sudo-1.9.5p2-150300.3.24.1 updated - supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - terminfo-base-6.1-150000.5.15.1 updated - terminfo-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-systemd-2.36.2-150300.4.35.1 updated - util-linux-2.36.2-150300.4.35.1 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xen-libs-4.14.5_12-150300.3.48.1 updated - xxd-9.0.1443-150000.5.43.1 added - zypper-1.14.60-150200.51.1 updated - python3-ecdsa-0.13.3-3.7.1 removed