SUSE Image Update Advisory: ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1139-1 Image Tags : Image Release : Severity : important Type : security References : 1179465 1184124 1184689 1186787 1187655 1188086 1188607 1189560 1190651 1191833 1192252 1192478 1192508 1192648 1196076 1197284 1197428 1197998 1198165 1198625 1198894 1199074 1200330 1200505 1200657 1200803 1200901 1200994 1201053 1202014 1202269 1202337 1202417 1202750 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203267 1203272 1203341 1203368 1203482 1203508 1203509 1203600 1203749 1203796 1203797 1203799 1203818 1203820 1203894 1203924 1203957 1204440 1204577 1204706 1204720 1204779 1204821 1204844 1205126 1205178 1205182 1205275 1206065 1206235 876845 877776 885007 896188 988954 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-23471 CVE-2022-2601 CVE-2022-27191 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVE-2022-37454 CVE-2022-3775 CVE-2022-42898 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4141-1 Released: Mon Nov 21 09:28:07 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4162-1 Released: Tue Nov 22 10:56:10 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1202014,1203267,1203368,1203749,1203894 This update for dracut fixes the following issues: - A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368) - network-manager: always install the library plugins directory (bsc#1202014) - dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894) - systemd: add missing modprobe@.service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4217-1 Released: Fri Nov 25 07:23:35 2022 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1204720 This update for wget fixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4226-1 Released: Fri Nov 25 18:16:59 2022 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1196076,1198625,1200803,1200994,1203341,1204821 This update for suseconnect-ng fixes the following issues: - Fix System-Token support in ruby binding (bsc#1203341) - Use system-wide proxy settings (bsc#1200994) - Add timer for SUSEConnect --keepalive (bsc#1196076) - Added support for the System-Token header - Add Keepalive command line option - Print nested zypper errors (bsc#1200803) - Fix migration json error with SMT (bsc#1198625) - Packaging adjustments (bsc#1204821) - Add option to run local scc tests ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4227-1 Released: Fri Nov 25 18:17:31 2022 Summary: Recommended update for release-notes-sle-micro Type: recommended Severity: low References: 1204440 This update for samba fixes the following issue: - Make samba-tool available in the basesystem (bsc#1204440) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4328-1 Released: Tue Dec 6 12:25:12 2022 Summary: Recommended update for audit-secondary Type: recommended Severity: moderate References: 1204844 This update for audit-secondary fixes the following issues: - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4340-1 Released: Wed Dec 7 12:54:47 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1184124,1186787,1187655,1189560,1192508,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Remove libiw dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4370-1 Released: Thu Dec 8 17:19:14 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1191833,1205275 This update for rsyslog fixes the following issues: - Parsing of legacy config syntax (bsc#1205275) - Remove $klogConsoleLogLevel setting from rsyslog.conf as this legacy setting from pre-systemd times is obsolete and can block important systemd messages (bsc#1191833) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4383-1 Released: Fri Dec 9 04:01:50 2022 Summary: Recommended update for iputils Type: recommended Severity: important References: 1203957 This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4463-1 Released: Tue Dec 13 17:04:31 2022 Summary: Security update for containerd Type: security Severity: important References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4469-1 Released: Wed Dec 14 06:05:13 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - audit-3.0.6-150400.4.6.1 updated - containerd-ctr-1.6.12-150000.79.1 updated - containerd-1.6.12-150000.79.1 updated - dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 updated - dracut-055+suse.323.gca0e74f0-150400.3.13.1 updated - grub2-i386-pc-2.06-150400.11.17.1 updated - grub2-2.06-150400.11.17.1 updated - iputils-20211215-150400.3.3.2 updated - krb5-1.19.2-150400.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - rpm-ndb-4.14.3-150300.52.1 updated - rsyslog-8.2106.0-150400.5.11.1 updated - samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 updated - sudo-1.9.9-150400.4.9.1 updated - supportutils-3.1.21-150300.7.35.15.1 updated - suse-build-key-12.0-150000.8.28.1 updated - suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 updated - system-group-audit-3.0.6-150400.4.6.1 updated - tar-1.34-150000.3.22.3 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated - wget-1.20.3-150000.3.15.1 updated - wicked-service-0.6.70-150400.3.3.1 updated - wicked-0.6.70-150400.3.3.1 updated