SUSE Image Update Advisory: ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:844-1 Image Tags : Image Release : Severity : important Type : security References : 1065729 1141157 1160293 1174585 1188441 1190569 1191949 1192107 1193983 1194288 1194869 1195775 1196869 1196956 1197915 1200313 1201308 1201489 1208149 1208690 1209627 1209657 1209799 1209834 1210335 1211592 1213551 1213863 1214960 1216124 1216702 1217083 1217169 1217515 1218148 1218447 1218668 1218917 1219004 1219224 1219559 1219680 1220485 1220492 1220492 1220664 1220783 1221044 1221400 1221563 1221645 1221854 1221958 1222011 1222015 1222075 1222075 1222086 1222254 1222559 1222619 1222678 1222721 1222976 1223057 1223084 1223107 1223111 1223138 1223191 1223384 1223384 1223390 1223430 1223469 1223481 1223501 1223505 1223512 1223520 1223532 1223626 1223715 1223766 1223894 1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223952 1223953 1223957 1223962 1223963 1223964 1223996 1224020 1224085 1224099 1224137 1224174 1224242 1224282 1224323 1224438 1224482 1224488 1224494 1224511 1224592 1224611 1224664 1224678 1224679 1224682 1224685 1224696 1224703 1224730 1224736 1224749 1224763 1224764 1224765 1224766 1224816 1224895 1224898 1224900 1224901 1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911 1224912 1224913 1224914 1224915 1224920 1224928 1224931 1224932 1224935 1224937 1224942 1224944 1224945 1224947 1224956 1224988 1225000 1225003 1225005 1225009 1225022 1225031 1225032 1225036 1225044 1225076 1225077 1225082 1225086 1225092 1225095 1225096 1225098 1225106 1225108 1225109 1225118 1225121 1225122 1225123 1225125 1225126 1225127 1225129 1225131 1225132 1225145 1225151 1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180 1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192 1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207 1225208 1225209 1225210 1225214 1225223 1225224 1225225 1225227 1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237 1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245 1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253 1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261 1225262 1225263 1225268 1225301 1225303 1225304 1225306 1225316 1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328 1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336 1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347 1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374 1225375 1225376 1225377 1225379 1225380 1225383 1225384 1225386 1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404 1225405 1225409 1225410 1225411 1225425 1225427 1225431 1225435 1225436 1225437 1225438 1225439 1225441 1225445 1225446 1225447 1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467 1225471 1225472 1225478 1225479 1225482 1225483 1225486 1225487 1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225508 1225510 1225518 1225529 1225530 1225532 1225534 1225549 1225550 1225551 1225553 1225554 1225557 1225559 1225560 1225565 1225566 1225569 1225570 1225571 1225572 1225577 1225583 1225584 1225588 1225589 1225590 1225591 1225592 1225595 1225599 1225611 1225732 1225737 1225749 1225840 1225866 1225912 1225963 1225976 1226125 1226128 1226145 1226192 1226211 1226212 1226270 1226419 1226447 1226448 1226469 1226587 1226595 1226634 1226664 1226758 1226785 1226786 1226789 1226953 1226962 1227067 1227106 1227150 1227181 1227186 1227187 1227429 1227681 1227711 1228256 1228257 1228258 1228322 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2019-13225 CVE-2020-36788 CVE-2021-39698 CVE-2021-4148 CVE-2021-43056 CVE-2021-43527 CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362 CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367 CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372 CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378 CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388 CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398 CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403 CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408 CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414 CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419 CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429 CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450 CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455 CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460 CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465 CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470 CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475 CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480 CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485 CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491 CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47513 CVE-2021-47514 CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528 CVE-2021-47529 CVE-2021-47533 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536 CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544 CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47553 CVE-2021-47554 CVE-2021-47555 CVE-2021-47556 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560 CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47571 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48652 CVE-2022-48662 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48699 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2022-48708 CVE-2022-48709 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-24023 CVE-2023-2860 CVE-2023-45288 CVE-2023-47233 CVE-2023-52425 CVE-2023-52591 CVE-2023-52654 CVE-2023-52655 CVE-2023-52670 CVE-2023-52676 CVE-2023-52686 CVE-2023-52690 CVE-2023-52702 CVE-2023-52703 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730 CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740 CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745 CVE-2023-52747 CVE-2023-52752 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52759 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52774 CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52837 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52846 CVE-2023-52847 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-52881 CVE-2023-6531 CVE-2024-0397 CVE-2024-0450 CVE-2024-0639 CVE-2024-1737 CVE-2024-1975 CVE-2024-26739 CVE-2024-26745 CVE-2024-26764 CVE-2024-26828 CVE-2024-26840 CVE-2024-26852 CVE-2024-26862 CVE-2024-26921 CVE-2024-26923 CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-27398 CVE-2024-27413 CVE-2024-34459 CVE-2024-35789 CVE-2024-35811 CVE-2024-35815 CVE-2024-35817 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35895 CVE-2024-35904 CVE-2024-35905 CVE-2024-35914 CVE-2024-35950 CVE-2024-36894 CVE-2024-36899 CVE-2024-36904 CVE-2024-36926 CVE-2024-36940 CVE-2024-36964 CVE-2024-36971 CVE-2024-37370 CVE-2024-37371 CVE-2024-37891 CVE-2024-38428 CVE-2024-38541 CVE-2024-38545 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38578 CVE-2024-4032 CVE-2024-4076 CVE-2024-4741 ----------------------------------------------------------------- The container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2021-1 Released: Thu Jun 13 16:10:15 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: This update for iputils fixes the following issue: - After upstream merged the fix, update git commit hashes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2022-1 Released: Thu Jun 13 16:13:20 2024 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1213551 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2023-1 Released: Thu Jun 13 16:14:30 2024 Summary: Recommended update for socat Type: recommended Severity: moderate References: 1160293 This update for socat fixes the following issues: socat is updated to 1.8.0.0: Primary feature is enabling TLS 1.3 support. (jsc#PED-8413) * Support for network namespaces (option netns) * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following) * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL * New script socat-mux.sh allows n-to-1 / 1-to-n communications * New script socat-broker.sh allows group communications * Experimental socks5 client feature * Address ACCEPT-FD for systemd 'inetd' mode * UDP-Lite and DCCP address types * Addresses SOCKETPAIR and SHELL * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets * Simple statistics output with Socat option --statistics and with SIGUSR1 * A couple of new options, many fixes and corrections, see file CHANGES Update to 1.7.4.4: * FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position. * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived. * FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses. * FIX: bad parser error message on 'socat /tmp/x\'x/x -' Update to 1.7.4.3: * fixes the TCP_INFO issue that broke building on non-Linux platforms. * building on AIX works again. * A few more corrections and improvements have been added Update to version 1.7.4.2: * Fixes a lot of bugs, e.g., for options -r and -R. * Further bugfixes, see the CHANGES file Update to 1.7.4.1: Security: * Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter. * Many further bugfixes and new features, see the CHANGES file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:11 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2089-1 Released: Wed Jun 19 12:38:06 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2108-1 Released: Thu Jun 20 19:35:51 2024 Summary: Security update for containerd Type: security Severity: important References: 1221400,1224323,CVE-2023-45288 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2174-1 Released: Mon Jun 24 07:20:48 2024 Summary: Security update for wget Type: security Severity: moderate References: 1226419,CVE-2024-38428 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2189-1 Released: Tue Jun 25 08:34:42 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1174585,1190569,1191949,1192107,1193983,1194288,1194869,1196869,1196956,1197915,1200313,1201308,1201489,1208149,1209657,1209799,1209834,1210335,1211592,1213863,1216702,1217169,1217515,1218447,1218917,1220492,1220783,1221044,1221645,1221958,1222011,1222559,1222619,1222721,1222976,1223057,1223084,1223111,1223138,1223191,1223384,1223390,1223481,1223501,1223505,1223512,1223520,1223532,1223626,1223715,1223894,1223921,1223922,1223923,1223924,1223929,1223931,1223932,1223934,1223941,1223948,1223952,1223953,1223957,1223962,1223963,1223964,1223996,1224085,1224099,1224137,1224174,1224438,1224482,1224488,1224494,1224511,1224592,1224611,1224664,1224678,1224682,1224685,1224730,1224736,1224763,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224931,1224932,1224937,1224942,1224944,1224945,1224947,1224956,1224988,1225000,1225003,1225005,1225009,1225022,1225031,1225032,1225036,1225044,1225076,1225077,1225082,1225086,1225092,1225095,1225096,1225106,1225108,1225109,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,1225183,1225184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225409,1225410,1225411,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225471,1225472,1225478,1225479,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225508,1225510,1225529,1225530,1225532,1225534,1225549,1225550,1225553,1225554,1225557,1225559,1225560,1225565,1225566,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225588,1225589,1225590,1225591,1225592,1225595,1225599,CVE-2020-36788,CVE-2021-39698,CVE-2021-4148,CVE-2021-43056,CVE-2021-43527,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021-47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CVE-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,CVE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-47439,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47553,CVE-2021-47554,CVE-2021-47556,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48652,CVE-2022-48662,CVE-2022-48671,CVE-2022-48672,CVE-2022-48673,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48699,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-2860,CVE-2023-47233,CVE-2023-52591,CVE-2023-52654,CVE-2023-52655,CVE-2023-52676,CVE-2023-52686,CVE-2023-52690,CVE-2023-52702,CVE-2023-52703,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52759,CVE-2023-52763,CVE-2023-52764,CVE-2023-52766,CVE-2023-52774,CVE-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52864,CVE-2023-52865,CVE-2023-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-0639,CVE-2024-26739,CVE-2024-26764,CVE-2024-26828,CVE-2024-26840,CVE-2024-26852,CVE-2024-26862,CVE-2024-26921,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-27398,CVE-2024-27413,CVE-2024-35811,CVE-2024-35815,CVE-2024-35817,CVE-2024-35863,CVE-2024-35867,CVE-2024-35868,CVE-2024-35895,CVE-2024-35904,CVE-2024-35905,CVE-2024-35914,CVE-2024-36926 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494). - CVE-2024-26929: Fixed double free of fcport (bsc#1223715). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626). - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). The following non-security bugs were fixed: - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - filemap: remove use of wait bookmarks (bsc#1224085). - idpf: extend tx watchdog timeout (bsc#1224137). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2196-1 Released: Tue Jun 25 12:37:11 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2222-1 Released: Tue Jun 25 18:10:29 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1219680,1223469 This update for cloud-init fixes the following issues: - Brute force approach to skip renames if the device is already present (bsc#1219680) - Handle the existence of /usr/etc/sudoers to search for the expected include location (bsc#1223469) - Do not enable cloud-init on systems where there is no DMI just because no data source has been found. No data source means cloud-init will not run. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2232-1 Released: Wed Jun 26 08:23:03 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 1225963 This update for iputils fixes the following issues: - Fix exit code if receive more replies than sent (bsc#1225963) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2325-1 Released: Mon Jul 8 15:07:46 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1227150 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2495-1 Released: Tue Jul 16 09:29:49 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1195775,1216124,1218148,1219224,1220492,1222015,1222254,1222678,1223384,1224020,1224679,1224696,1224703,1224749,1224764,1224765,1224766,1224935,1225098,1225467,1225487,1225518,1225611,1225732,1225737,1225749,1225840,1225866,1226145,1226211,1226212,1226270,1226587,1226595,1226634,1226758,1226785,1226786,1226789,1226953,1226962,CVE-2021-47555,CVE-2021-47571,CVE-2023-24023,CVE-2023-52670,CVE-2023-52752,CVE-2023-52837,CVE-2023-52846,CVE-2023-52881,CVE-2024-26745,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35950,CVE-2024-36894,CVE-2024-36899,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-36971,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38578 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). The following non-security bugs were fixed: - Revert 'build initrd without systemd' (bsc#1195775)' - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2664-1 Released: Tue Jul 30 15:47:13 2024 Summary: Recommended update for open-vm-tools Type: recommended Severity: moderate References: 1227181 This update for open-vm-tools fixes the following issues: - There are no new features in the open-vm-tools release (bsc#1227181). This is primarily a maintenance release that addresses a few critical problems, including: - A Github pull request and associated issue has been handled. Please see the Resolved Issues section of the Release Notes - A number of issues flagged by Coverity and ShellCheck have been addressed - A vmtoolsd process hang related to nested logging from an RPC Channel error has been fixed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2671-1 Released: Tue Jul 30 21:10:57 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226192 This update for cups fixes the following issues: - Require the exact matching version-release of all libcups* sub-packages (bsc#1226192) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2675-1 Released: Wed Jul 31 06:57:49 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 07:00:59 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2697-1 Released: Thu Aug 1 15:28:06 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1217083,1220485 This update for dracut fixes the following issues: - Version update: * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) * fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485) * fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2744-1 Released: Mon Aug 5 17:53:57 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2863-1 Released: Fri Aug 9 09:21:05 2024 Summary: Security update for bind Type: security Severity: important References: 1228256,1228257,1228258,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones. - Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258) The following package changes have been done: - bind-utils-9.16.50-150400.5.43.1 updated - chrony-pool-suse-4.1-150400.21.5.7 updated - chrony-4.1-150400.21.5.7 updated - cloud-init-config-suse-23.3-150100.8.82.3 updated - cloud-init-23.3-150100.8.82.3 updated - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - cups-config-2.2.7-150000.3.62.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-055+suse.357.g905645c2-150400.3.34.2 updated - iputils-20211215-150400.3.14.1 updated - kernel-default-5.14.21-150400.24.125.1 updated - krb5-1.19.2-150400.3.12.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcups2-2.2.7-150000.3.62.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libltdl7-2.4.6-150000.3.8.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libopenssl1_1-1.1.1l-150400.7.69.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libsolv-tools-0.7.29-150400.3.22.4 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libvmtools0-12.4.5-150300.52.6 updated - libxml2-2-2.9.14-150400.5.32.1 updated - libxmlsec1-1-1.2.37-150400.14.5.1 updated - libxmlsec1-openssl1-1.2.37-150400.14.5.1 updated - libzypp-17.34.1-150400.3.71.7 updated - login_defs-4.8.1-150400.10.21.1 updated - open-vm-tools-12.4.5-150300.52.6 updated - openssl-1_1-1.1.1l-150400.7.69.1 updated - procps-3.3.17-150000.7.39.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-bind-9.16.50-150400.5.43.1 updated - python3-cssselect-1.0.3-150400.3.7.4 updated - python3-requests-2.25.1-150300.3.12.2 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - python3-3.6.15-150300.10.65.2 updated - runc-1.1.13-150000.67.1 updated - shadow-4.8.1-150400.10.21.1 updated - socat-1.8.0.0-150400.14.3.1 updated - suse-build-key-12.0-150000.8.49.2 updated - suseconnect-ng-1.11.0-150400.3.36.4 updated - wget-1.20.3-150000.3.20.1 updated - wicked-service-0.6.76-150400.3.30.1 updated - wicked-0.6.76-150400.3.30.1 updated - xfsprogs-5.13.0-150400.3.10.2 updated - zypper-1.14.73-150400.3.50.10 updated