SUSE Container Update Advisory: rancher/elemental-builder-image/5.3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:957-1 Container Tags : rancher/elemental-builder-image/5.3:0.1.3 , rancher/elemental-builder-image/5.3:0.1.3-3.2.11 , rancher/elemental-builder-image/5.3:latest Container Release : 3.2.11 Severity : critical Type : security References : 1029961 1029961 1040589 1040589 1047178 1047218 1059627 1071321 1073299 1079603 1084812 1084842 1087072 1087550 1090638 1091109 1093392 1094222 1096974 1096984 1100687 1101797 1102564 1103320 1103320 1104700 1106014 1110304 1110700 1112310 1113013 1113554 1114592 1115640 1115929 1117969 1120402 1121624 1123043 1124211 1126117 1126118 1126119 1129576 1130557 1134524 1135254 1135709 1136136 1136717 1137373 1137624 1138793 1140016 1141059 1141897 1142649 1142654 1148517 1149145 1149792 1149995 1150451 1152590 1152692 1154036 1154037 1154661 1154884 1154887 1155271 1155327 1156913 1164562 1165050 1165121 1166260 1166510 1166510 1166637 1166881 1167898 1168345 1169444 1169512 1169582 1171479 1172055 1172396 1172442 1172798 1172846 1172863 1172863 1172973 1172974 1173034 1173972 1174551 1174593 1174736 1174753 1174817 1175168 1175448 1175449 1175811 1175825 1175830 1175831 1176123 1176201 1176932 1177039 1177047 1177460 1177460 1177460 1177460 1177460 1177460 1177858 1177914 1178346 1178350 1178353 1178481 1178577 1178624 1178675 1178727 1179020 1180138 1180603 1180603 1180713 1181358 1181443 1181658 1182016 1182604 1182661 1182959 1182983 1183012 1183051 1184008 1184124 1184358 1185540 1185562 1185637 1186049 1186282 1186489 1186642 1186642 1187091 1187153 1187273 1187332 1187654 1187911 1188127 1188348 1188401 1188623 1189537 1189683 1189996 1190052 1190190 1190700 1190793 1191020 1191157 1191184 1191185 1191186 1191592 1191736 1191987 1192104 1192688 1192717 1192951 1193282 1193282 1193430 1193489 1193659 1194265 1194265 1194640 1194708 1194768 1194770 1194785 1195059 1195061 1195149 1195157 1195283 1195391 1195628 1195654 1195792 1195856 1196025 1196026 1196036 1196093 1196107 1196168 1196169 1196171 1196275 1196406 1196490 1196647 1196668 1196784 1196861 1197004 1197024 1197065 1197178 1197459 1197570 1197718 1197771 1197794 1197948 1198062 1198062 1198176 1198197 1198341 1198446 1198460 1198493 1198495 1198496 1198523 1198581 1198627 1198720 1198731 1198732 1198751 1198752 1198823 1198828 1198830 1198832 1198922 1199074 1199132 1199140 1199140 1199166 1199232 1199240 1199492 1199944 1200107 1200170 1200334 1200550 1200723 1200734 1200735 1200736 1200737 1200747 1200800 1200855 1200855 1201099 1201276 1201361 1201385 1201560 1201640 1201680 1201795 1201840 1201942 1202011 1202117 1202175 1202310 1202344 1202593 1202853 1202970 1203018 1203092 1203216 1203438 1203482 1204111 1204112 1204113 1204179 1204423 1204538 1204708 1204944 1204968 1205000 1205000 1205178 1205182 1205200 1205266 1205272 1205284 1205377 1205554 1207264 1207571 1207853 1207957 1207975 1208358 1209188 953659 CVE-2017-17833 CVE-2017-6512 CVE-2018-10360 CVE-2018-10906 CVE-2018-13785 CVE-2018-17953 CVE-2018-19211 CVE-2018-25032 CVE-2018-6942 CVE-2019-12290 CVE-2019-14250 CVE-2019-15847 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-18224 CVE-2019-20838 CVE-2019-5021 CVE-2019-6706 CVE-2019-7317 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 CVE-2020-11080 CVE-2020-11501 CVE-2020-12762 CVE-2020-13844 CVE-2020-14155 CVE-2020-15999 CVE-2020-24370 CVE-2020-24371 CVE-2020-8927 CVE-2021-33574 CVE-2021-35942 CVE-2021-3695 CVE-2021-3696 CVE-2021-3697 CVE-2021-39537 CVE-2021-3999 CVE-2021-43618 CVE-2021-46828 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1664 CVE-2022-2068 CVE-2022-2097 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-2601 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-28733 CVE-2022-28734 CVE-2022-28735 CVE-2022-28736 CVE-2022-29154 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-35252 CVE-2022-37434 CVE-2022-3775 CVE-2022-3821 CVE-2022-40674 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-43680 CVE-2022-4415 CVE-2022-4415 CVE-2023-0687 SLE-5807 SLE-6533 SLE-6536 ----------------------------------------------------------------- The container rancher/elemental-builder-image/5.3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1292-1 Released: Mon Jul 9 11:57:14 2018 Summary: Security update for openslp Type: security Severity: important References: 1090638,CVE-2017-17833 This update for openslp fixes the following issues: - CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability (bsc#1090638) - Prevent out of bounds reads in message parsing ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1999-1 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1071321 This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2340-1 Released: Fri Oct 19 16:05:53 2018 Summary: Security update for fuse Type: security Severity: moderate References: 1101797,CVE-2018-10906 This update for fuse fixes the following issues: - CVE-2018-10906: fusermount was vulnerable to a restriction bypass when SELinux is active. This allowed non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects (bsc#1101797) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2569-1 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1110700 This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2607-1 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Type: recommended Severity: low References: 1084812,1084842,1087550,1094222,1102564 The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2825-1 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Type: security Severity: important References: 1115640,CVE-2018-17953 This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2861-1 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Type: security Severity: important References: 1103320,1115929,CVE-2018-19211 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:44-1 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Type: recommended Severity: low References: 953659 This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:247-1 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Type: security Severity: moderate References: 1123043,CVE-2019-6706 This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:571-1 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Type: security Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1002-1 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1110304,1129576 This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1368-1 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Type: security Severity: important References: 1134524,CVE-2019-5021 This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1398-1 Released: Fri May 31 12:54:22 2019 Summary: Security update for libpng16 Type: security Severity: low References: 1100687,1121624,1124211,CVE-2018-13785,CVE-2019-7317 This update for libpng16 fixes the following issues: Security issues fixed: - CVE-2019-7317: Fixed a use-after-free vulnerability, triggered when png_image_free() was called under png_safe_execute (bsc#1124211). - CVE-2018-13785: Fixed a wrong calculation of row_factor in the png_check_chunk_length function in pngrutil.c, which could haved triggered and integer overflow and result in an divide-by-zero while processing a crafted PNG file, leading to a denial of service (bsc#1100687) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1631-1 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Type: recommended Severity: low References: 1135709 This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1892-1 Released: Thu Jul 18 15:54:35 2019 Summary: Recommended update for openslp Type: recommended Severity: moderate References: 1117969,1136136 This update for openslp fixes the following issues: - Use tcp connects to talk with other directory agents (DAs) (bsc#1117969) - Fix segfault in predicate match if a registered service has a malformed attribute list (bsc#1136136) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2134-1 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1136717,1137624,1141059,SLE-5807 This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2997-1 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3061-1 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:52-1 Released: Thu Jan 9 10:09:11 2020 Summary: Optional update for openslp Type: optional Severity: low References: 1149792 This update for openslp doesn't fix any user visible bugs. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:525-1 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1164562 This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:689-1 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:825-1 Released: Tue Mar 31 13:30:37 2020 Summary: Recommended update for openslp Type: recommended Severity: moderate References: 1165050,1165121 This update for openslp fixes the following issues: - Add missing group prerequisites to the openslp-server package. (bsc#1165050) - Add missing openslp prerequisites to the openslp-server package. (bsc#1165121) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:917-1 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:948-1 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Type: security Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1226-1 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Type: recommended Severity: moderate References: 1149995,1152590,1167898 This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1294-1 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Type: security Severity: moderate References: 1154661,1169512,CVE-2019-18218 This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1328-1 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1155271 This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1353-1 Released: Wed May 20 13:02:32 2020 Summary: Security update for freetype2 Type: security Severity: moderate References: 1079603,1091109,CVE-2018-6942 This update for freetype2 to version 2.10.1 fixes the following issues: Security issue fixed: - CVE-2018-6942: Fixed a NULL pointer dereference within ttinerp.c (bsc#1079603). Non-security issues fixed: - Update to version 2.10.1 * The bytecode hinting of OpenType variation fonts was flawed, since the data in the `CVAR' table wasn't correctly applied. * Auto-hinter support for Mongolian. * The handling of the default character in PCF fonts as introduced in version 2.10.0 was partially broken, causing premature abortion of charmap iteration for many fonts. * If `FT_Set_Named_Instance' was called with the same arguments twice in a row, the function returned an incorrect error code the second time. * Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug introduced in version 2.10.0). * Increased precision while computing OpenType font variation instances. * The flattening algorithm of cubic Bezier curves was slightly changed to make it faster. This can cause very subtle rendering changes, which aren't noticeable by the eye, however. * The auto-hinter now disables hinting if there are blue zones defined for a `style' (i.e., a certain combination of a script and its related typographic features) but the font doesn't contain any characters needed to set up at least one blue zone. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * A bunch of new functions has been added to access and process COLR/CPAL data of OpenType fonts with color-layered glyphs. * As a GSoC 2018 project, Nikhil Ramakrishnan completely overhauled and modernized the API reference. * The logic for computing the global ascender, descender, and height of OpenType fonts has been slightly adjusted for consistency. * `TT_Set_MM_Blend' could fail if called repeatedly with the same arguments. * The precision of handling deltas in Variation Fonts has been increased.The problem did only show up with multidimensional designspaces. * New function `FT_Library_SetLcdGeometry' to set up the geometry of LCD subpixels. * FreeType now uses the `defaultChar' property of PCF fonts to set the glyph for the undefined character at glyph index 0 (as FreeType already does for all other supported font formats). As a consequence, the order of glyphs of a PCF font if accessed with FreeType can be different now compared to previous versions. This change doesn't affect PCF font access with cmaps. * `FT_Select_Charmap' has been changed to allow parameter value `FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT formats to access built-in cmaps that don't have a predefined `FT_Encoding' value. * A previously reserved field in the `FT_GlyphSlotRec' structure now holds the glyph index. * The usual round of fuzzer bug fixes to better reject malformed fonts. * `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have been removed.These two functions were public by oversight only and were never documented. * A new function `FT_Error_String' returns descriptions of error codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is defined. * `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new functions limited to Adobe MultiMaster fonts to directly set and get the weight vector. - Enable subpixel rendering with infinality config: - Re-enable freetype-config, there is just too many fallouts. - Update to version 2.9.1 * Type 1 fonts containing flex features were not rendered correctly (bug introduced in version 2.9). * CVE-2018-6942: Older FreeType versions can crash with certain malformed variation fonts. * Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage. * Emboldening of bitmaps didn't work correctly sometimes, showing various artifacts (bug introduced in version 2.8.1). * The auto-hinter script ranges have been updated for Unicode 11. No support for new scripts have been added, however, with the exception of Georgian Mtavruli. - freetype-config is now deprecated by upstream and not enabled by default. - Update to version 2.10.1 * The `ftmulti' demo program now supports multiple hidden axes with the same name tag. * `ftview', `ftstring', and `ftgrid' got a `-k' command line option to emulate a sequence of keystrokes at start-up. * `ftview', `ftstring', and `ftgrid' now support screen dumping to a PNG file. * The bytecode debugger, `ttdebug', now supports variation TrueType fonts; a variation font instance can be selected with the new `-d' command line option. - Add tarball signatures and freetype2.keyring - Update to version 2.10.0 * The `ftdump' demo program has new options `-c' and `-C' to display charmaps in compact and detailed format, respectively. Option `-V' has been removed. * The `ftview', `ftstring', and `ftgrid' demo programs use a new command line option `-d' to specify the program window's width, height, and color depth. * The `ftview' demo program now displays red boxes for zero-width glyphs. * `ftglyph' has limited support to display fonts with color-layered glyphs.This will be improved later on. * `ftgrid' can now display bitmap fonts also. * The `ttdebug' demo program has a new option `-f' to select a member of a TrueType collection (TTC). * Other various improvements to the demo programs. - Remove 'Supplements: fonts-config' to avoid accidentally pulling in Qt dependencies on some non-Qt based desktops.(bsc#1091109) fonts-config is fundamental but ft2demos seldom installs by end users. only fonts-config maintainers/debuggers may use ft2demos along to debug some issues. - Update to version 2.9.1 * No changelog upstream. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1404-1 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1138793,1166260 This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1852-1 Released: Mon Jul 6 16:50:23 2020 Summary: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Type: recommended Severity: moderate References: 1169444 This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1954-1 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1172396 This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2735-1 Released: Thu Sep 24 13:32:25 2020 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1173034 This update for systemd-rpm-macros fixes the following issues: - Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2782-1 Released: Tue Sep 29 11:40:22 2020 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: important References: 1176932 This update for systemd-rpm-macros fixes the following issues: - Backport missing macros of directory paths from upstream + %_environmentdir + %_modulesloaddir + %_modprobedir - Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the empty string. (bsc#1176932) Otherwise sequences like the following code: if [ ... ]; then %_restart_on_update_never fi would result in the following incorrect shell syntax: if [ ... ]; then fi ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2995-1 Released: Thu Oct 22 10:03:09 2020 Summary: Security update for freetype2 Type: security Severity: important References: 1177914,CVE-2020-15999 This update for freetype2 fixes the following issues: - CVE-2020-15999: fixed a heap buffer overflow found in the handling of embedded PNG bitmaps (bsc#1177914). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3795-1 Released: Mon Dec 14 17:43:26 2020 Summary: Optional update for systemd-rpm-macros Type: optional Severity: low References: 1059627,1178481,1179020 This update for systemd-rpm-macros fixes the following issues: - Deprecate '-f'/'-n' options When used with %service_del_preun, support for these options will be dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the next version of SLE (jsc#SLE-8968) When used with %service_del_postun, they should be replaced with their counterpart %service_del_postun_with_restart/%service_del_postun_without_restart - Introduced %service_del_postun_with_restart() It's the counterpart of %service_del_postun_without_restart() and replaces the '-f' option of %service_del_postun(). - Does no longer apply presets when migrating from a disabled initscript (bsc#1178481) - Fix importing of %{_unitdir} ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:707-1 Released: Thu Mar 4 09:19:36 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1177039 This update for systemd-rpm-macros fixes the following issues: - Bump to version 6 - Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts. Packagers can now choose to use the upstream or the SUSE variants indifferently. For consistency the SUSE variants should be preferred since almost all SUSE packages already use them but the upstream versions might be usefull in certain cases where packages need to support multiple distros based on RPM. - Improve the logic used to apply the presets. (bsc#1177039) Before presests were applied at a) package installation b) new units introduced via a package update (but after making sure that it was not a SysV initscript being converted). The problem is that a) didn't handle package a renaming or split properly since the package with the new name is installed rather being updated and therefore the presets were applied even if they were already with the old name. We now cover this case (and the other ones) by applying presets only if the units are new and the services are not being migrated. This regardless of whether this happens during an install or an update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:795-1 Released: Tue Mar 16 10:28:02 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1182661,1183012,1183051 This update for systemd-rpm-macros fixes the following issues: - Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012) - Fixed an issue with %systemd_user_post, where the --global parameter was treated like if it was another service (bsc#1183051, bsc#1182661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1424-1 Released: Thu Apr 29 06:22:32 2021 Summary: Recommended update for openslp Type: recommended Severity: moderate References: 1166637,1184008 This update for openslp fixes the following issues: - Added automated active discovery retries so that DAs do not get dropped, if they are not reachable for some time (bsc#1166637, bsc#1184008) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2179-1 Released: Mon Jun 28 17:36:37 2021 Summary: Recommended update for thin-provisioning-tools Type: recommended Severity: moderate References: 1184124 This update for thin-provisioning-tools fixes the following issues: - Link as position-independent executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2286-1 Released: Fri Jul 9 17:38:53 2021 Summary: Recommended update for dosfstools Type: recommended Severity: moderate References: 1172863 This update for dosfstools fixes the following issue: - Fixed a bug that was causing an installation issue when trying to create an EFI partition on an NVMe-over-Fabrics device (bsc#1172863) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2456-1 Released: Thu Jul 22 15:28:39 2021 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1187091 This update for pam-config fixes the following issues: - Add 'revoke' to the option list for 'pam_keyinit'. - Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2627-1 Released: Thu Aug 5 12:10:46 2021 Summary: Recommended maintenance update for systemd-default-settings Type: recommended Severity: moderate References: 1188348 This update for systemd-default-settings fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2899-1 Released: Wed Sep 1 08:30:58 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1186282,1187332 This update for systemd-rpm-macros fixes the following issues: - Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332) - Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead. - %sysusers_create_inline: use here-docs instead of echo (bsc#1186282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3203-1 Released: Thu Sep 23 14:41:35 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1189537,1190190 This update for kmod fixes the following issues: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). - Enable support for ZSTD compressed modules - Display module information even for modules built into the running kernel (bsc#1189537) - '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well. - Remove test patches included in release 29 - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3291-1 Released: Wed Oct 6 16:45:36 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1192104 This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4009-1 Released: Mon Dec 13 11:24:43 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: This update for systemd-rpm-macros fixes the following issues: - Introduce rpm macro %_systemd_util_dir ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1193430 This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:84-1 Released: Mon Jan 17 04:40:30 2022 Summary: Recommended update for dosfstools Type: recommended Severity: moderate References: 1172863,1188401 This update for dosfstools fixes the following issues: - To be able to create filesystems compatible with previous version, add -g command line option to mkfs (bsc#1188401) - BREAKING CHANGES: After fixing of bsc#1172863 in the last update, mkfs started to create different images than before. Applications that depend on exact FAT file format (e. g. embedded systems) may be broken in two ways: * The introduction of the alignment may create smaller images than before, with a different positions of important image elements. It can break existing software that expect images in doststools <= 4.1 style. To work around these problems, use '-a' command line argument. * The new image may contain a different geometry values. Geometry sensitive applications expecting doststools <= 4.1 style images can fails to accept different geometry values. There is no direct work around for this problem. But you can take the old image, use 'file -s $IMAGE', check its 'sectors/track' and 'heads', and use them in the newly introduced '-g' command line argument. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:184-1 Released: Tue Jan 25 18:20:56 2022 Summary: Security update for json-c Type: security Severity: important References: 1171479,CVE-2020-12762 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:353-1 Released: Tue Feb 8 17:41:48 2022 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Bump version to 10 - %sysusers_create_inline was wrongly marked as deprecated - %sysusers_create can be useful in certain cases and won't go away until we'll move to file triggers. So don't mark it as deprecated too ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:31:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2035-1 Released: Fri Jun 10 10:16:40 2022 Summary: Security update for grub2 Type: security Severity: important References: 1191184,1191185,1191186,1193282,1197948,1198460,1198493,1198495,1198496,1198581,CVE-2021-3695,CVE-2021-3696,CVE-2021-3697,CVE-2022-28733,CVE-2022-28734,CVE-2022-28735,CVE-2022-28736 This update for grub2 fixes the following issues: This update provides security fixes and hardenings for Boothole 3 / Boothole 2022 (bsc#1198581) - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184) - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185) - CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186) - CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460) - CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493) - CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495) - CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496) - Update SBAT security contact (bsc#1193282) - Bump grub's SBAT generation to 2 - Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2825-1 Released: Tue Aug 16 17:12:47 2022 Summary: Security update for rsync Type: security Severity: important References: 1201840,CVE-2022-29154 This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write when connecting to a malicious server (bsc#1201840). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3118-1 Released: Tue Sep 6 15:43:53 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1202011 This update for lvm2 fixes the following issues: - Do not use udev for device listing or device information (bsc#1202011) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3252-1 Released: Mon Sep 12 09:07:53 2022 Summary: Security update for freetype2 Type: security Severity: moderate References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3449-1 Released: Tue Sep 27 20:12:03 2022 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1198197,1198828 This update for perl-Bootloader fixes the following issues: - Fix sysconfig parsing (bsc#1198828) - grub2/install: Reset error code when passing through recover code. (bsc#1198197) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3521-1 Released: Tue Oct 4 14:18:56 2022 Summary: Recommended update for lvm2 Type: recommended Severity: critical References: 1198523 This update for lvm2 fixes the following issues: - Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3604-1 Released: Mon Oct 17 22:29:59 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: 1195061 This update for sles15-image fixes the following issues: - Make the title match BCI (bsc#1195061) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:3845-1 Released: Wed Nov 2 07:22:59 2022 Summary: Feature update for grub2 Type: feature Severity: important References: 1196668,1201361 This feature update for grub2 fixes the following issues: - Include loopback into signed grub2 image (jsc#PED-2151, jsc#PED-2150) - Enable 'Automatic TPM Disk Unlock' mechanism (jsc#PED-1423, jsc#PED-1091, bsc#1196668) - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3851-1 Released: Wed Nov 2 12:34:17 2022 Summary: Recommended update for rsync Type: recommended Severity: important References: 1202970,1204538 This update for rsync fixes the following issues: - Fix regression with `--delay-updates` where files never update after interruption (bsc#1204538) - Add support for `--trust-sender` parameter (bsc#1202970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4141-1 Released: Mon Nov 21 09:28:07 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:51-1 Released: Mon Jan 9 10:42:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1195391,1200107,1203092,1204423 This update for suse-module-tools fixes the following issues: - 80-hotplug-cpu-mem.rules: Restrict udev rule for Hotplug physical CPU to x86_64 architecture (bsc#1204423) - driver-check.sh, unblacklist: Convert `egrep` to `grep -E` (bsc#1203092) - driver-check.sh: Avoid false positive error messages (bsc#1200107) - kernel-scriptlets: Don't pass flags to weak-modules2 (bsc#1195391) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:52-1 Released: Mon Jan 9 10:43:57 2023 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1205266,1205272,1205284,1205377 This update for xfsprogs fixes the following issues: - mkfs: don't trample the gid set in the protofile (bsc#1205266) - mkfs: prevent corruption of passed-in suboption string values (bsc#1205377) - mkfs: terminate getsubopt arrays properly (bsc#1205284) - xfs_repair: ignore empty xattr leaf blocks (bsc#1205272) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:709-1 Released: Fri Mar 10 16:04:39 2023 Summary: Recommended update for console-setup Type: recommended Severity: moderate References: 1202853 This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:785-1 Released: Thu Mar 16 19:34:43 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1205200,1205554 This update for grub2 fixes the following issues: - Remove zfs modules (bsc#1205554) - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1636-1 Released: Tue Mar 28 13:26:02 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1207853 This update for suse-module-tools fixes the following issues: - Update to version 15.4.16: * modprobe.conf: s390x: remove softdep on fbcon (bsc#1207853) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1717-1 Released: Fri Mar 31 15:18:35 2023 Summary: Security update for grub2 Type: security Severity: moderate References: 1209188 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - file-magic-5.32-7.14.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.8.1 added - cracklib-dict-small-2.9.7-11.6.1 added - libldap-data-2.4.46-150200.14.11.2 added - libtirpc-netconfig-1.2.6-150300.3.14.1 added - glibc-2.31-150300.41.1 added - libsasl2-3-2.1.27-150300.4.6.1 added - libcrypt1-4.4.15-150300.4.4.3 added - perl-base-5.26.1-150300.17.11.1 added - libssh-config-0.9.6-150400.1.5 added - libzstd1-1.5.0-150400.1.71 added - libsepol1-3.1-150400.1.70 added - liblz4-1-1.9.3-150400.1.7 added - libgpg-error0-1.42-150400.1.101 added - libeconf0-0.4.4+git20220104.962774f-150400.1.38 added - libcap2-2.63-150400.1.7 added - libbz2-1-1.0.8-150400.1.122 added - libaudit1-3.0.6-150400.2.13 added - libnghttp2-14-1.40.0-6.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libuuid1-2.37.2-150400.8.3.1 added - libudev1-249.12-150400.8.10.1 added - libsmartcols1-2.37.2-150400.8.3.1 added - libcom_err2-1.46.4-150400.3.3.1 added - libblkid1-2.37.2-150400.8.3.1 added - libgcrypt20-1.9.4-150400.6.5.1 added - libgcrypt20-hmac-1.9.4-150400.6.5.1 added - libfdisk1-2.37.2-150400.8.3.1 added - libcap-ng0-0.7.9-4.37 added - libunistring2-0.9.10-1.1 added - libz1-1.2.11-150000.3.33.1 added - libpcre1-8.45-150000.20.13.1 added - liblzma5-5.2.3-150000.4.7.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.6.3-5.6.1 added - libgmp10-6.1.2-4.9.1 added - libgcc_s1-11.3.0+git1637-150000.1.11.2 added - libidn2-0-2.2.0-3.6.1 added - libmagic1-5.32-7.14.1 added - libstdc++6-11.3.0+git1637-150000.1.11.2 added - libpsl5-0.20.1-150000.3.3.1 added - libncurses6-6.1-150000.5.12.1 added - terminfo-base-6.1-150000.5.12.1 added - ncurses-utils-6.1-150000.5.12.1 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libselinux1-3.1-150400.1.69 added - libreadline7-7.0-150400.25.22 added - libsemanage1-3.1-150400.1.65 added - bash-4.4-150400.25.22 added - bash-sh-4.4-150400.25.22 added - login_defs-4.8.1-150400.8.57 added - cpio-2.13-150400.1.98 added - libopenssl1_1-1.1.1l-150400.7.7.1 added - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 added - libelf1-0.185-150400.5.3.1 added - libxml2-2-2.9.14-150400.5.7.1 added - libsystemd0-249.12-150400.8.10.1 added - libmount1-2.37.2-150400.8.3.1 added - libdw1-0.185-150400.5.3.1 added - libcrack2-2.9.7-11.6.1 added - cracklib-2.9.7-11.6.1 added - libldap-2_4-2-2.4.46-150200.14.11.2 added - libacl1-2.2.52-4.3.1 added - findutils-4.8.0-1.20 added - info-6.5-4.17 added - patterns-base-fips-20200124-150400.18.4 added - krb5-1.19.2-150400.1.9 added - coreutils-8.32-150400.7.5 added - libssh4-0.9.6-150400.1.5 added - sed-4.4-11.6 added - grep-3.1-150000.4.6.1 added - diffutils-3.6-4.3.1 added - libtirpc3-1.2.6-150300.3.14.1 added - libcurl4-7.79.1-150400.5.6.1 added - rpm-config-SUSE-1-150400.14.3.1 added - permissions-20201225-150400.5.11.1 added - libnsl2-1.2.0-2.44 added - pam-1.3.0-150000.6.58.3 added - shadow-4.8.1-150400.8.57 added - sysuser-shadow-3.1-150400.1.35 added - system-group-hardware-20170617-150400.22.33 added - libutempter0-1.1.6-3.42 added - util-linux-2.37.2-150400.8.3.1 added - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 added - netcfg-11.6-3.3.1 added - timezone-2022a-150000.75.10.1 added - libffi7-3.2.1.git259-10.8 added - libp11-kit0-0.23.22-150400.1.10 added - dosfstools-4.1-3.6.1 added - glibc-locale-base-2.31-150300.46.1 added - gzip-1.10-150200.10.1 added - kbd-legacy-2.4.0-150400.5.3.1 added - libaio1-0.3.109-1.25 added - libapparmor1-3.0.4-150400.5.3.1 added - libargon2-1-0.0+git20171227.670229c-2.14 added - libburn4-1.5.4-150400.1.1 added - libdbus-1-3-1.12.2-150400.18.5.1 added - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 added - libedit0-3.1.snap20150325-2.12 added - libexpat1-2.4.4-150400.3.12.1 added - libext2fs2-1.46.4-150400.3.3.1 added - libfuse2-2.9.7-3.3.1 added - libinih0-53-150400.1.7 added - libip4tc2-1.8.7-1.1 added - libisofs6-1.5.4-150400.1.1 added - libjson-c3-0.13-3.3.1 added - libkmod2-29-4.15.1 added - liblzo2-2-2.10-2.22 added - libpng16-16-1.6.34-3.9.1 added - libseccomp2-2.5.3-150400.2.4 added - libtextstyle0-0.20.2-1.43 added - openslp-2.0.0-6.15.1 added - pam-config-1.1-3.3.1 added - perl-Bootloader-0.939-150400.3.3.1 added - pkg-config-0.29.2-1.436 added - system-group-kvm-20170617-150400.22.33 added - systemd-default-settings-branding-SLE-0.7-3.2.1 added - systemd-default-settings-0.7-3.2.1 added - systemd-presets-common-SUSE-15-150400.1.1 added - systemd-rpm-macros-11-7.27.1 added - update-alternatives-1.19.0.4-150000.4.4.1 added - mtools-4.0.35-150400.1.11 added - kbd-2.4.0-150400.5.3.1 added - liblvm2cmd2_03-2.03.05-150400.185.1 added - libparted0-3.2-19.1 added - libdevmapper-event1_03-2.03.05_1.02.163-150400.185.1 added - thin-provisioning-tools-0.7.5-3.3.1 added - e2fsprogs-1.46.4-150400.3.3.1 added - xfsprogs-5.13.0-150400.3.3.1 added - libisoburn1-1.5.4-150400.1.1 added - libcryptsetup12-2.4.3-150400.1.110 added - libcryptsetup12-hmac-2.4.3-150400.1.110 added - squashfs-4.4-1.1 added - libfreetype6-2.10.4-150000.4.12.1 added - gettext-runtime-0.20.2-1.43 added - rsync-3.2.3-150400.3.8.1 added - systemd-presets-branding-SMO-20220103-150400.2.1 added - suse-module-tools-15.4.16-150400.3.8.1 added - kmod-29-4.15.1 added - dbus-1-1.12.2-150400.18.5.1 added - parted-3.2-19.1 added - device-mapper-2.03.05_1.02.163-150400.185.1 added - xorriso-1.5.4-150400.1.1 added - systemd-249.15-150400.8.22.1 added - grub2-2.06-150400.11.25.1 added - grub2-i386-pc-2.06-150400.11.25.1 added - udev-249.15-150400.8.22.1 added - lvm2-2.03.05-150400.185.1 added - elemental-cli-0.1.3-150400.1.2 added - container:sles15-image-15.0.0-27.12.1 added