SUSE Image Update Advisory: ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1208-1 Image Tags : Image Release : Severity : critical Type : security References : 1065729 1081596 1141157 1156395 1160293 1174585 1188441 1190336 1190569 1191949 1191958 1192107 1193454 1193554 1193787 1193883 1193983 1194288 1194324 1194818 1194818 1194826 1194869 1194869 1195065 1195254 1195341 1195349 1195357 1195668 1195775 1195927 1195957 1196018 1196746 1196823 1196869 1196956 1197146 1197246 1197762 1197915 1197915 1198014 1199295 1200313 1200528 1201308 1201489 1202346 1202686 1202767 1202780 1207230 1208149 1208690 1209627 1209636 1209657 1209799 1209834 1210335 1211592 1213123 1213551 1213863 1214855 1214960 1215587 1216124 1216702 1216834 1217070 1217083 1217102 1217169 1217515 1218148 1218297 1218447 1218668 1218820 1218917 1219004 1219224 1219267 1219268 1219438 1219559 1219680 1220185 1220186 1220187 1220356 1220485 1220492 1220492 1220664 1220783 1221044 1221044 1221243 1221400 1221479 1221563 1221645 1221677 1221854 1221916 1221958 1222011 1222011 1222015 1222021 1222075 1222075 1222086 1222254 1222559 1222619 1222678 1222721 1222728 1222809 1222810 1222976 1222985 1223057 1223084 1223094 1223107 1223111 1223138 1223191 1223384 1223384 1223390 1223409 1223430 1223469 1223481 1223501 1223505 1223512 1223520 1223532 1223535 1223571 1223626 1223635 1223715 1223766 1223863 1223894 1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223952 1223953 1223957 1223962 1223963 1223964 1223996 1224014 1224016 1224020 1224044 1224085 1224099 1224117 1224137 1224174 1224242 1224282 1224323 1224438 1224482 1224488 1224488 1224494 1224495 1224511 1224592 1224611 1224664 1224671 1224678 1224679 1224682 1224685 1224696 1224703 1224730 1224736 1224749 1224763 1224764 1224765 1224766 1224771 1224816 1224895 1224898 1224900 1224901 1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911 1224912 1224913 1224914 1224915 1224920 1224928 1224931 1224932 1224935 1224937 1224942 1224944 1224945 1224947 1224956 1224988 1225000 1225003 1225005 1225009 1225022 1225031 1225032 1225036 1225044 1225076 1225077 1225082 1225086 1225092 1225095 1225096 1225098 1225106 1225108 1225109 1225118 1225121 1225122 1225123 1225125 1225126 1225127 1225129 1225131 1225132 1225145 1225151 1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180 1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192 1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207 1225208 1225209 1225210 1225214 1225223 1225224 1225225 1225227 1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237 1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245 1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253 1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261 1225262 1225263 1225267 1225268 1225301 1225303 1225304 1225306 1225316 1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328 1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336 1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347 1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374 1225375 1225376 1225377 1225379 1225380 1225383 1225384 1225386 1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404 1225405 1225409 1225410 1225411 1225425 1225427 1225431 1225435 1225436 1225437 1225438 1225439 1225441 1225445 1225446 1225447 1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467 1225471 1225472 1225478 1225479 1225482 1225483 1225486 1225487 1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225508 1225510 1225518 1225529 1225530 1225532 1225534 1225549 1225550 1225551 1225553 1225554 1225557 1225559 1225560 1225565 1225566 1225569 1225570 1225571 1225572 1225573 1225577 1225583 1225584 1225588 1225589 1225590 1225591 1225592 1225595 1225599 1225611 1225732 1225737 1225749 1225829 1225840 1225866 1225912 1225963 1225976 1226014 1226030 1226100 1226125 1226128 1226145 1226168 1226192 1226211 1226212 1226226 1226227 1226270 1226414 1226419 1226447 1226448 1226463 1226469 1226493 1226519 1226537 1226539 1226550 1226553 1226554 1226556 1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226567 1226569 1226572 1226574 1226575 1226576 1226577 1226580 1226583 1226585 1226587 1226587 1226595 1226601 1226602 1226603 1226607 1226614 1226617 1226618 1226619 1226621 1226624 1226626 1226628 1226629 1226634 1226643 1226644 1226645 1226650 1226653 1226662 1226664 1226669 1226670 1226672 1226673 1226674 1226675 1226679 1226683 1226685 1226686 1226690 1226691 1226692 1226696 1226697 1226698 1226699 1226701 1226702 1226703 1226705 1226708 1226709 1226710 1226711 1226712 1226713 1226715 1226716 1226719 1226720 1226721 1226732 1226758 1226758 1226762 1226785 1226785 1226786 1226789 1226953 1226962 1227067 1227090 1227106 1227115 1227127 1227138 1227150 1227186 1227187 1227205 1227308 1227383 1227429 1227487 1227525 1227549 1227625 1227681 1227711 1227716 1227750 1227764 1227793 1227808 1227810 1227823 1227829 1227836 1227917 1227920 1227921 1227922 1227923 1227924 1227925 1227928 1227931 1227932 1227933 1227935 1227938 1227941 1227942 1227944 1227945 1227948 1227949 1227952 1227953 1227954 1227956 1227963 1227964 1227965 1227968 1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982 1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227993 1227995 1227996 1227997 1228000 1228002 1228004 1228005 1228006 1228007 1228008 1228009 1228010 1228013 1228014 1228015 1228019 1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228043 1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063 1228064 1228066 1228091 1228105 1228114 1228124 1228138 1228206 1228208 1228247 1228256 1228257 1228258 1228265 1228322 1228324 1228328 1228420 1228440 1228535 1228553 1228561 1228644 1228680 1228743 1228770 1228787 1228801 1228847 1229339 1229930 1229931 1229932 1230020 1230034 1230092 1230093 222971 916845 CVE-2013-4235 CVE-2013-4235 CVE-2019-13225 CVE-2020-36788 CVE-2021-39698 CVE-2021-4148 CVE-2021-43056 CVE-2021-43527 CVE-2021-4439 CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362 CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367 CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372 CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378 CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388 CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398 CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403 CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408 CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414 CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419 CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429 CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450 CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455 CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460 CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465 CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470 CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475 CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480 CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485 CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491 CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47513 CVE-2021-47514 CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528 CVE-2021-47529 CVE-2021-47533 CVE-2021-47534 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536 CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544 CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47553 CVE-2021-47554 CVE-2021-47555 CVE-2021-47556 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560 CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47571 CVE-2021-47576 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47589 CVE-2021-47592 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47624 CVE-2022-0854 CVE-2022-1996 CVE-2022-20368 CVE-2022-28748 CVE-2022-2964 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48652 CVE-2022-48662 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48699 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2022-48708 CVE-2022-48709 CVE-2022-48710 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48715 CVE-2022-48717 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48771 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48847 CVE-2022-48849 CVE-2022-48851 CVE-2022-48853 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48866 CVE-2023-0160 CVE-2023-1582 CVE-2023-1829 CVE-2023-24023 CVE-2023-2860 CVE-2023-37453 CVE-2023-45142 CVE-2023-45288 CVE-2023-47108 CVE-2023-47233 CVE-2023-52425 CVE-2023-52591 CVE-2023-52591 CVE-2023-52654 CVE-2023-52655 CVE-2023-52670 CVE-2023-52676 CVE-2023-52686 CVE-2023-52690 CVE-2023-52702 CVE-2023-52703 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730 CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740 CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745 CVE-2023-52747 CVE-2023-52752 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52759 CVE-2023-52762 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52766 CVE-2023-52774 CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52800 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52837 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52846 CVE-2023-52847 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-52881 CVE-2023-52885 CVE-2023-52886 CVE-2023-6531 CVE-2023-7008 CVE-2023-7256 CVE-2024-0397 CVE-2024-0450 CVE-2024-0639 CVE-2024-1737 CVE-2024-1753 CVE-2024-1975 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-24786 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26739 CVE-2024-26745 CVE-2024-26764 CVE-2024-26800 CVE-2024-26813 CVE-2024-26814 CVE-2024-26828 CVE-2024-26840 CVE-2024-26852 CVE-2024-26862 CVE-2024-26921 CVE-2024-26923 CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-26976 CVE-2024-27398 CVE-2024-27413 CVE-2024-28180 CVE-2024-34397 CVE-2024-34459 CVE-2024-35789 CVE-2024-35811 CVE-2024-35815 CVE-2024-35817 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35878 CVE-2024-35895 CVE-2024-35901 CVE-2024-35904 CVE-2024-35905 CVE-2024-35905 CVE-2024-35914 CVE-2024-35950 CVE-2024-36894 CVE-2024-36899 CVE-2024-36904 CVE-2024-36926 CVE-2024-36926 CVE-2024-36940 CVE-2024-36964 CVE-2024-36971 CVE-2024-36974 CVE-2024-3727 CVE-2024-37370 CVE-2024-37371 CVE-2024-37891 CVE-2024-38428 CVE-2024-38541 CVE-2024-38541 CVE-2024-38545 CVE-2024-38555 CVE-2024-38559 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38578 CVE-2024-39463 CVE-2024-39494 CVE-2024-4032 CVE-2024-4076 CVE-2024-40902 CVE-2024-40937 CVE-2024-40954 CVE-2024-40956 CVE-2024-40989 CVE-2024-40994 CVE-2024-41011 CVE-2024-41012 CVE-2024-41059 CVE-2024-41069 CVE-2024-41090 CVE-2024-41110 CVE-2024-42093 CVE-2024-42145 CVE-2024-42230 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-4741 CVE-2024-5535 CVE-2024-6345 CVE-2024-7264 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2021-1 Released: Thu Jun 13 16:10:15 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: This update for iputils fixes the following issue: - After upstream merged the fix, update git commit hashes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2022-1 Released: Thu Jun 13 16:13:20 2024 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1213551 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2023-1 Released: Thu Jun 13 16:14:30 2024 Summary: Recommended update for socat Type: recommended Severity: moderate References: 1160293 This update for socat fixes the following issues: socat is updated to 1.8.0.0: Primary feature is enabling TLS 1.3 support. (jsc#PED-8413) * Support for network namespaces (option netns) * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following) * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL * New script socat-mux.sh allows n-to-1 / 1-to-n communications * New script socat-broker.sh allows group communications * Experimental socks5 client feature * Address ACCEPT-FD for systemd 'inetd' mode * UDP-Lite and DCCP address types * Addresses SOCKETPAIR and SHELL * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets * Simple statistics output with Socat option --statistics and with SIGUSR1 * A couple of new options, many fixes and corrections, see file CHANGES Update to 1.7.4.4: * FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position. * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived. * FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses. * FIX: bad parser error message on 'socat /tmp/x\'x/x -' Update to 1.7.4.3: * fixes the TCP_INFO issue that broke building on non-Linux platforms. * building on AIX works again. * A few more corrections and improvements have been added Update to version 1.7.4.2: * Fixes a lot of bugs, e.g., for options -r and -R. * Further bugfixes, see the CHANGES file Update to 1.7.4.1: Security: * Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter. * Many further bugfixes and new features, see the CHANGES file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:11 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2089-1 Released: Wed Jun 19 12:38:06 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2108-1 Released: Thu Jun 20 19:35:51 2024 Summary: Security update for containerd Type: security Severity: important References: 1221400,1224323,CVE-2023-45288 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2174-1 Released: Mon Jun 24 07:20:48 2024 Summary: Security update for wget Type: security Severity: moderate References: 1226419,CVE-2024-38428 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2189-1 Released: Tue Jun 25 08:34:42 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1174585,1190569,1191949,1192107,1193983,1194288,1194869,1196869,1196956,1197915,1200313,1201308,1201489,1208149,1209657,1209799,1209834,1210335,1211592,1213863,1216702,1217169,1217515,1218447,1218917,1220492,1220783,1221044,1221645,1221958,1222011,1222559,1222619,1222721,1222976,1223057,1223084,1223111,1223138,1223191,1223384,1223390,1223481,1223501,1223505,1223512,1223520,1223532,1223626,1223715,1223894,1223921,1223922,1223923,1223924,1223929,1223931,1223932,1223934,1223941,1223948,1223952,1223953,1223957,1223962,1223963,1223964,1223996,1224085,1224099,1224137,1224174,1224438,1224482,1224488,1224494,1224511,1224592,1224611,1224664,1224678,1224682,1224685,1224730,1224736,1224763,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224931,1224932,1224937,1224942,1224944,1224945,1224947,1224956,1224988,1225000,1225003,1225005,1225009,1225022,1225031,1225032,1225036,1225044,1225076,1225077,1225082,1225086,1225092,1225095,1225096,1225106,1225108,1225109,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,1225183,1225184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225409,1225410,1225411,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225471,1225472,1225478,1225479,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225508,1225510,1225529,1225530,1225532,1225534,1225549,1225550,1225553,1225554,1225557,1225559,1225560,1225565,1225566,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225588,1225589,1225590,1225591,1225592,1225595,1225599,CVE-2020-36788,CVE-2021-39698,CVE-2021-4148,CVE-2021-43056,CVE-2021-43527,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021-47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CVE-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,CVE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-47439,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47553,CVE-2021-47554,CVE-2021-47556,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48652,CVE-2022-48662,CVE-2022-48671,CVE-2022-48672,CVE-2022-48673,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48699,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-2860,CVE-2023-47233,CVE-2023-52591,CVE-2023-52654,CVE-2023-52655,CVE-2023-52676,CVE-2023-52686,CVE-2023-52690,CVE-2023-52702,CVE-2023-52703,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52759,CVE-2023-52763,CVE-2023-52764,CVE-2023-52766,CVE-2023-52774,CVE-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52864,CVE-2023-52865,CVE-2023-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-0639,CVE-2024-26739,CVE-2024-26764,CVE-2024-26828,CVE-2024-26840,CVE-2024-26852,CVE-2024-26862,CVE-2024-26921,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-27398,CVE-2024-27413,CVE-2024-35811,CVE-2024-35815,CVE-2024-35817,CVE-2024-35863,CVE-2024-35867,CVE-2024-35868,CVE-2024-35895,CVE-2024-35904,CVE-2024-35905,CVE-2024-35914,CVE-2024-36926 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494). - CVE-2024-26929: Fixed double free of fcport (bsc#1223715). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626). - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). The following non-security bugs were fixed: - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - filemap: remove use of wait bookmarks (bsc#1224085). - idpf: extend tx watchdog timeout (bsc#1224137). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2196-1 Released: Tue Jun 25 12:37:11 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2222-1 Released: Tue Jun 25 18:10:29 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1219680,1223469 This update for cloud-init fixes the following issues: - Brute force approach to skip renames if the device is already present (bsc#1219680) - Handle the existence of /usr/etc/sudoers to search for the expected include location (bsc#1223469) - Do not enable cloud-init on systems where there is no DMI just because no data source has been found. No data source means cloud-init will not run. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2232-1 Released: Wed Jun 26 08:23:03 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 1225963 This update for iputils fixes the following issues: - Fix exit code if receive more replies than sent (bsc#1225963) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2325-1 Released: Mon Jul 8 15:07:46 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1227150 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2495-1 Released: Tue Jul 16 09:29:49 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1195775,1216124,1218148,1219224,1220492,1222015,1222254,1222678,1223384,1224020,1224679,1224696,1224703,1224749,1224764,1224765,1224766,1224935,1225098,1225467,1225487,1225518,1225611,1225732,1225737,1225749,1225840,1225866,1226145,1226211,1226212,1226270,1226587,1226595,1226634,1226758,1226785,1226786,1226789,1226953,1226962,CVE-2021-47555,CVE-2021-47571,CVE-2023-24023,CVE-2023-52670,CVE-2023-52752,CVE-2023-52837,CVE-2023-52846,CVE-2023-52881,CVE-2024-26745,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35950,CVE-2024-36894,CVE-2024-36899,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-36971,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38578 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). The following non-security bugs were fixed: - Revert 'build initrd without systemd' (bsc#1195775)' - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2671-1 Released: Tue Jul 30 21:10:57 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226192 This update for cups fixes the following issues: - Require the exact matching version-release of all libcups* sub-packages (bsc#1226192) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2675-1 Released: Wed Jul 31 06:57:49 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 07:00:59 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2697-1 Released: Thu Aug 1 15:28:06 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1217083,1220485 This update for dracut fixes the following issues: - Version update: * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) * fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485) * fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2744-1 Released: Mon Aug 5 17:53:57 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2863-1 Released: Fri Aug 9 09:21:05 2024 Summary: Security update for bind Type: security Severity: important References: 1228256,1228257,1228258,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones. - Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2877-1 Released: Mon Aug 12 13:35:20 2024 Summary: Optional update for sles-release Type: optional Severity: low References: 1227115 This update for sles-release fixes the following issue: - Adjust codestream lifecycle ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2922-1 Released: Thu Aug 15 07:01:20 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1207230,1217102,1223535,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) - Enhancement to PPC secure boot's root device discovery config (bsc#1207230) - Fix regex for Open Firmware device specifier with encoded commas - Fix regular expression in PPC secure boot config to prevent escaped commas from being treated as delimiters when retrieving partition substrings - Use prep_load_env in PPC secure boot config to handle unset host-specific environment variables and ensure successful command execution ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2929-1 Released: Thu Aug 15 11:31:30 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1156395,1190336,1191958,1193454,1193554,1193787,1193883,1194324,1194826,1194869,1195065,1195254,1195341,1195349,1195357,1195668,1195927,1195957,1196018,1196746,1196823,1197146,1197246,1197762,1197915,1198014,1199295,1202346,1202686,1202767,1202780,1209636,1213123,1215587,1216834,1218820,1220185,1220186,1220187,1221044,1222011,1222728,1222809,1222810,1223635,1223863,1224488,1224495,1224671,1225573,1225829,1226168,1226226,1226519,1226537,1226539,1226550,1226553,1226554,1226556,1226557,1226558,1226559,1226561,1226562,1226563,1226564,1226567,1226569,1226572,1226574,1226575,1226576,1226577,1226580,1226583,1226585,1226587,1226601,1226602,1226603,1226607,1226614,1226617,1226618,1226619,1226621,1226624,1226626,1226628,1226629,1226643,1226644,1226645,1226650,1226653,1226662,1226669,1226670,1226672,1226673,1226674,1226675,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226705,1226708,1226709,1226710,1226711,1226712,1226713,1226715,1226716,1226719,1226720,1226721,1226732,1226758,1226762,1226785,1227090,1227383,1227487,1227549,1227716,1227750,1227764,1227808,1227810,1227823,1227829,1227836,1227917,1227920,1227921,1227922,1227923,1227924,1227925,1227928,1227931,1227932,1227933,1227935,1227938,1227941,1227942,1227944,1227945,1227948,1227949,1227952,1227953,1227954,1227956,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227993,1227995,1227996,1227997,1228000,1228002,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228013,1228014,1228015,1228019,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228114,1228247,1228328,1228440,1228561,1228644,1228680,1228743,1228801,CVE-2021-4439,CVE-2021-47534,CVE-2021-47576,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021-47586,CVE-2021-47587,CVE-2021-47589,CVE-2021-47592,CVE-2021-47596,CVE-2021-47597,CVE-2021-47598,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2021-47622,CVE-2021-47624,CVE-2022-0854,CVE-2022-20368,CVE-2022-28748,CVE-2022-2964,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48715,CVE-2022-48717,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48754,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CVE-2022-48763,CVE-2022-48765,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48771,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022-48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022-48847,CVE-2022-48849,CVE-2022-48851,CVE-2022-48853,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48866,CVE-2023-1582,CVE-2023-37453,CVE-2023-52591,CVE-2023-52762,CVE-2023-52766,CVE-2023-52800,CVE-2023-52885,CVE-2023-52886,CVE-2024-26583,CVE-2024-26584,CVE-2024-26585,CVE-2024-26800,CVE-2024-26813,CVE-2024-26814,CVE-2024-26976,CVE-2024-35878,CVE-2024-35901,CVE-2024-35905,CVE-2024-36926,CVE-2024-36974,CVE-2024-38541,CVE-2024-38555,CVE-2024-38559,CVE-2024-39463,CVE-2024-39494,CVE-2024-40902,CVE-2024-40937,CVE-2024-40954,CVE-2024-40956,CVE-2024-40989,CVE-2024-40994,CVE-2024-41011,CVE-2024-41012,CVE-2024-41059,CVE-2024-41069,CVE-2024-41090,CVE-2024-42093,CVE-2024-42145,CVE-2024-42230 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). The following non-security bugs were fixed: - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863). - X.509: Fix the parser of extended key usage for length (bsc#1218820). - btrfs: sysfs: update fs features directory asynchronously (bsc#1226168). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI: rtas: Workaround false positive due to lost definition (bsc#1227487). - kernel-binary: vdso: Own module_dir - net/dcb: check for detached device before executing callbacks (bsc#1215587). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2966-1 Released: Mon Aug 19 15:37:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3071-1 Released: Mon Sep 2 15:17:11 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3080-1 Released: Mon Sep 2 16:43:54 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3086-1 Released: Tue Sep 3 08:57:32 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3120-1 Released: Tue Sep 3 17:12:57 2024 Summary: Security update for buildah, docker Type: security Severity: critical References: 1214855,1219267,1219268,1219438,1221243,1221677,1221916,1223409,1224117,1228324,CVE-2024-1753,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653,CVE-2024-24786,CVE-2024-28180,CVE-2024-3727,CVE-2024-41110 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3145-1 Released: Thu Sep 5 09:09:27 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228847 This update for dracut fixes the following issue: - Version update * fix(convertfs): error in conditional expressions (bsc#1228847). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3149-1 Released: Thu Sep 5 17:05:36 2024 Summary: Security update for systemd Type: security Severity: moderate References: 1218297,1221479,1226414,1228091,CVE-2023-7008 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3167-1 Released: Mon Sep 9 12:31:59 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228043 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3185-1 Released: Tue Sep 10 08:15:38 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226227 This update for cups fixes the following issues: - Fixed cupsd failing to authenticate users when group membership is required (bsc#1226227) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3210-1 Released: Wed Sep 11 17:39:30 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3211-1 Released: Wed Sep 11 17:40:13 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) The following package changes have been done: - bind-utils-9.16.50-150400.5.43.1 updated - ca-certificates-mozilla-2.68-150200.33.1 updated - chrony-pool-suse-4.1-150400.21.5.7 updated - chrony-4.1-150400.21.5.7 updated - cloud-init-config-suse-23.3-150100.8.82.3 updated - cloud-init-23.3-150100.8.82.3 updated - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - cups-config-2.2.7-150000.3.65.1 updated - curl-8.0.1-150400.5.50.1 updated - dmidecode-3.6-150400.16.11.2 updated - docker-25.0.6_ce-150000.207.1 updated - dracut-055+suse.359.geb85610b-150400.3.37.2 updated - glibc-locale-base-2.31-150300.86.3 updated - glibc-locale-2.31-150300.86.3 updated - glibc-2.31-150300.86.3 updated - grub2-i386-pc-2.06-150400.11.46.1 updated - grub2-2.06-150400.11.46.1 updated - iputils-20211215-150400.3.14.1 updated - kernel-default-5.14.21-150400.24.128.1 updated - krb5-1.19.2-150400.3.12.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libblkid1-2.37.2-150400.8.32.2 updated - libcups2-2.2.7-150000.3.65.1 updated - libcurl4-8.0.1-150400.5.50.1 updated - libexpat1-2.4.4-150400.3.22.1 updated - libfdisk1-2.37.2-150400.8.32.2 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libglib-2_0-0-2.70.5-150400.3.14.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libmount1-2.37.2-150400.8.32.2 updated - libonig4-6.7.0-150000.3.6.1 updated - libopenssl1_1-1.1.1l-150400.7.72.1 updated - libpcap1-1.10.1-150400.3.3.2 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsmartcols1-2.37.2-150400.8.32.2 updated - libsolv-tools-base-0.7.30-150400.3.27.2 added - libsolv-tools-0.7.30-150400.3.27.2 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libsystemd0-249.17-150400.8.43.1 updated - libudev1-249.17-150400.8.43.1 updated - libuuid1-2.37.2-150400.8.32.2 updated - libxml2-2-2.9.14-150400.5.32.1 updated - libyaml-0-2-0.1.7-150000.3.2.1 added - libzypp-17.35.8-150400.3.85.1 updated - login_defs-4.8.1-150400.10.21.1 updated - openssl-1_1-1.1.1l-150400.7.72.1 updated - pam-1.3.0-150000.6.71.2 updated - procps-3.3.17-150000.7.39.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-bind-9.16.50-150400.5.43.1 updated - python3-cssselect-1.0.3-150400.3.7.4 updated - python3-requests-2.25.1-150300.3.12.2 updated - python3-setuptools-44.1.1-150400.9.9.1 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - python3-3.6.15-150300.10.65.2 updated - runc-1.1.14-150000.70.1 updated - shadow-4.8.1-150400.10.21.1 updated - sles-release-15.4-150400.58.10.2 updated - socat-1.8.0.0-150400.14.3.1 updated - supportutils-3.2.8-150300.7.35.33.1 updated - suse-build-key-12.0-150000.8.52.3 updated - suseconnect-ng-1.11.0-150400.3.36.4 updated - systemd-sysvinit-249.17-150400.8.43.1 updated - systemd-249.17-150400.8.43.1 updated - udev-249.17-150400.8.43.1 updated - util-linux-systemd-2.37.2-150400.8.32.2 updated - util-linux-2.37.2-150400.8.32.2 updated - wget-1.20.3-150000.3.20.1 updated - wicked-service-0.6.76-150400.3.30.1 updated - wicked-0.6.76-150400.3.30.1 updated - xfsprogs-5.13.0-150400.3.10.2 updated - zypper-1.14.76-150400.3.57.16 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - libprotobuf-lite25_1_0-25.1-150400.9.6.1 removed