----------------------------------------- Version 7.5.1 2024-09-17T13:29:35 ----------------------------------------- Patch: SUSE-2018-2022 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Severity: moderate References: 1103388,1104120,1106523 Description: This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------- Patch: SUSE-2018-2569 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------- Patch: SUSE-2018-2607 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------- Patch: SUSE-2018-2825 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------- Patch: SUSE-2018-2861 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------- Patch: SUSE-2019-44 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------- Patch: SUSE-2019-247 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------- Patch: SUSE-2019-571 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------- Patch: SUSE-2019-788 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------- Patch: SUSE-2019-1022 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Severity: moderate References: 1121410 Description: This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------- Patch: SUSE-2019-1113 Released: Tue Apr 30 14:08:42 2019 Summary: Recommended update for python-pycurl Severity: moderate References: 1128355 Description: This update for python-pycurl fixes the following issues: - bsc#1128355: update to the Factory package to get multibuild and better working tests. - Update to 7.43.0.2: * Added perform_rb and perform_rs methods to Curl objects to return response body as byte string and string, respectively. * Added OPT_COOKIELIST constant for consistency with other option constants. * PycURL is now able to report errors triggered by libcurl via CURLOPT_FAILONERROR mechanism when the error messages are not decodable in Python's default encoding (GitHub issue #259). * Added getinfo_raw method to Curl objects to return byte strings as is from libcurl without attempting to decode them (GitHub issue #493). * When adding a Curl easy object to CurlMulti via add_handle, the easy objects now have their reference counts increased so that the application is no longer required to keep references to them to keep them from being garbage collected (GitHub issue #171). * PycURL easy, multi and share objects can now be weak referenced. * set_ca_certs now accepts byte strings as it should have been all along. * Use OpenSSL 1.1 and 1.0 specific APIs for controlling thread locks depending on OpenSSL version (patch by Vitaly Murashev). * Fixed a crash when closesocket callback failed (patch by Gisle Vanem and toddrme2178). * Added CURLOPT_PROXY_SSLCERT, CURLOPT_PROXY_SSLCERTTYPE, CURLOPT_PROXY_SSLKEY, CURLOPT_PROXY_SSLKEYTYPE, CURLOPT_PROXY_SSL_VERIFYPEER (libcurl 7.52.0+, patch by Casey Miller). * Added CURLOPT_PRE_PROXY (libcurl 7.52.0+, patch by ziggy). * Added SOCKET_BAD constant and it is now recognized as a valid return value from OPENSOCKET callback. ----------------------------------------- Patch: SUSE-2019-1127 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------- Patch: SUSE-2019-1368 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------- Patch: SUSE-2019-2218 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------- Patch: SUSE-2019-2533 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------- Patch: SUSE-2019-2993 Released: Mon Nov 18 11:52:23 2019 Summary: Recommended update for tftp Severity: moderate References: 1153625 Description: This update for tftp fixes the following issues: - Add tftp.socket requirement to the service unit section. (bsc#1153625) ----------------------------------------- Patch: SUSE-2019-2997 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------- Patch: SUSE-2019-3061 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------- Patch: SUSE-2019-3086 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------- Patch: SUSE-2020-338 Released: Thu Feb 6 13:00:23 2020 Summary: Recommended update for apr Severity: moderate References: 1151059 Description: This update for apr fixes the following issues: - Increase timeout to fix random failure of testsuite [bsc#1151059]. ----------------------------------------- Patch: SUSE-2020-525 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Severity: moderate References: 1164562 Description: This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------- Patch: SUSE-2020-689 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-917 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-948 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 Description: This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------- Patch: SUSE-2020-1226 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Severity: moderate References: 1149995,1152590,1167898 Description: This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------- Patch: SUSE-2020-1261 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Severity: moderate References: 1168806 Description: This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------- Patch: SUSE-2020-1294 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Severity: moderate References: 1154661,1169512,CVE-2019-18218 Description: This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------- Patch: SUSE-2020-1328 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Severity: moderate References: 1155271 Description: This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------- Patch: SUSE-2020-2083 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Severity: moderate References: 1156913 Description: This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------- Patch: SUSE-2020-2947 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 Description: This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------- Patch: SUSE-2020-2983 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Severity: moderate References: 1176123 Description: This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------- Patch: SUSE-2020-3462 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Severity: moderate References: 1174593,1177858,1178727 Description: This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------- Patch: SUSE-2020-3620 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Severity: moderate References: Description: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------- Patch: SUSE-2020-3942 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Severity: moderate References: 1180138 Description: This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------- Patch: SUSE-2021-220 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Severity: moderate References: 1180603 Description: This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------- Patch: SUSE-2021-293 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Severity: moderate References: 1180603 Description: This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------- Patch: SUSE-2021-339 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Severity: low References: Description: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------- Patch: SUSE-2021-421 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Severity: low References: 1180422,1180482 Description: This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------- Patch: SUSE-2021-656 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Severity: moderate References: 1177127 Description: This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------- Patch: SUSE-2021-880 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Severity: low References: 1170160,1182482 Description: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------- Patch: SUSE-2021-924 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 Description: This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------- Patch: SUSE-2021-1643 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Severity: important References: 1181443,1184358,1185562 Description: This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------- Patch: SUSE-2021-1861 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 Description: This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------- Patch: SUSE-2021-1950 Released: Thu Jun 10 14:42:00 2021 Summary: Recommended update for hwdata Severity: moderate References: 1170160,1182482,1185697 Description: This update for hwdata fixes the following issues: - Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697) - Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160) ----------------------------------------- Patch: SUSE-2021-2096 Released: Mon Jun 21 13:35:38 2021 Summary: Recommended update for python-six Severity: moderate References: 1186642 Description: This update for python-six fixes the following issue: - python-six had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------- Patch: SUSE-2021-2103 Released: Mon Jun 21 19:23:28 2021 Summary: Recommended update for SUSE Manager Client Tools Severity: moderate References: 1173557,1177884,1177928,1180583,1180584,1180585,1185178 Description: This update fixes the following issues: POS_Image-Graphical7: - Use absolute path in bootloader service - Update install-local-bootloader.service for recent saltboot - Use linuxefi only on x86 POS_Image-JeOS7: - Use absolute path in bootloader service - Update install-local-bootloader.service for recent saltboot - Use linuxefi only on x86 golang-github-prometheus-prometheus: - Add tarball with vendor modules and web assets - Read formula data from exporters map - Add support for TLS targets - Upgrade to upstream version 2.26.0 + Changes * Alerting: Using Alertmanager v2 API by default. * Prometheus/Promtool: Binaries are now printing help and usage to stdout instead of stderr. * UI: Make the React UI default. * Remote write: The following metrics were removed/renamed in remote write. > prometheus_remote_storage_succeeded_samples_total was removed and prometheus_remote_storage_samples_total was introduced for all the samples attempted to send. > prometheus_remote_storage_sent_bytes_total was removed and replaced with prometheus_remote_storage_samples_bytes_total and prometheus_remote_storage_metadata_bytes_total. > prometheus_remote_storage_failed_samples_total -> prometheus_remote_storage_samples_failed_total. > prometheus_remote_storage_retried_samples_total -> prometheus_remote_storage_samples_retried_total. > prometheus_remote_storage_dropped_samples_total -> prometheus_remote_storage_samples_dropped_total. > prometheus_remote_storage_pending_samples -> prometheus_remote_storage_samples_pending. * Remote: Do not collect non-initialized timestamp metrics. + Features * Remote: Add support for AWS SigV4 auth method for remote_write. * PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. * UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. * Include a new `--enable-feature=` flag that enables experimental features. * Add TLS and basic authentication to HTTP endpoints. * promtool: Add check web-config subcommand to check web config files. * promtool: Add tsdb create-blocks-from openmetrics subcommand to backfill metrics data from an OpenMetrics file. + Enhancements * PromQL: Add last_over_time, sgn, clamp functions. * Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. * Scrape: Add follow_redirects option to scrape configuration. * Remote: Allow retries on HTTP 429 response code for remote_write. * Remote: Allow configuring custom headers for remote_read. * UI: Hitting Enter now triggers new query. * UI: Better handling of long rule and names on the /rules and /targets pages. * UI: Add collapse/expand all button on the /targets page. * Add optional name property to testgroup for better test failure output. * Add warnings into React Panel on the Graph page. * TSDB: Increase the number of buckets for the compaction duration metric. * Remote: Allow passing along custom remote_write HTTP headers. * Mixins: Scope grafana configuration. * Kubernetes SD: Add endpoint labels metadata. * UI: Expose total number of label pairs in head in TSDB stats page. * TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. * Cache basic authentication results to significantly improve performance of HTTP endpoints. * HTTP API: Fast-fail queries with only empty matchers. * HTTP API: Support matchers for labels API. * promtool: Improve checking of URLs passed on the command line. * SD: Expose IPv6 as a label in EC2 SD. * SD: Reuse EC2 client, reducing frequency of requesting credentials. * TSDB: Add logging when compaction takes more than the block time range. * TSDB: Avoid unnecessary GC runs after compaction. * Remote write: Added a metric prometheus_remote_storage_max_samples_per_send for remote write. * TSDB: Make the snapshot directory name always the same length. * TSDB: Create a checkpoint only once at the end of all head compactions. * TSDB: Avoid Series API from hitting the chunks. * TSDB: Cache label name and last value when adding series during compactions making compactions faster. * PromQL: Improved performance of Hash method making queries a bit faster. * promtool: tsdb list now prints block sizes. * promtool: Calculate mint and maxt per test avoiding unnecessary calculations. * SD: Add filtering of services to Docker Swarm SD. + Bug fixes * API: Fix global URL when external address has no port. * Deprecate unused flag --alertmanager.timeout. mgr-cfg: - SPEC: Updated Python definitions for RHEL8 and quoted text comparisons. mgr-custom-info: - Update package version to 4.2.0 mgr-daemon: - Update translation strings - Update the translations from weblate - Added quotes around %{_vendor} token for the if statements in spec file. - Fix removal of mgr-deamon with selinux enabled (bsc#1177928) - Updating translations from weblate mgr-osad: - Change the log file permissions as expected by logrotate (bsc#1177884) - Change deprecated path /var/run into /run for systemd (bsc#1185178) - Python fixes - Removal of RHEL5 mgr-push: - Defined __python for python2. - Excluded RHEL8 for Python 2 build. mgr-virtualization: - Update package version to 4.2.0 python-hwdata: - Modified to build on RHEL8. rhnlib: - Update package version to 4.2.0 spacecmd: - Rename system migration to system transfer - Rename SP to product migration - Update translation strings - Add group_addconfigchannel and group_removeconfigchannel - Add group_listconfigchannels and configchannel_listgroups - Fix spacecmd compat with Python 3 - Deprecated 'Software Crashes' feature - Document advanced package search on '--help' (bsc#1180583) - Fixed advanced search on 'package_listinstalledsystems' - Fixed duplicate results when using multiple search criteria (bsc#1180585) - Fixed 'non-advanced' package search when using multiple package names (bsc#1180584) - Update translations - Fix: make spacecmd build on Debian - Add Service Pack migration operations (bsc#1173557) spacewalk-client-tools: - Update the translations from weblate - Drop the --noSSLServerURL option - Updated RHEL Python requirements. - Added quotes around %{_vendor}. spacewalk-koan: - Fix for spacewalk-koan test spacewalk-oscap: - Update package version to 4.2.0 spacewalk-remote-utils: - Update package version to 4.2.0 supportutils-plugin-susemanager-client: - Update package version to 4.2.0 suseRegisterInfo: - Add support for Amazon Linux 2 - Add support for Alibaba Cloud Linux 2 - Adapted for RHEL build. uyuni-common-libs: - Cleaning up unused Python 2 build leftovers. - Disabled debug package build. ----------------------------------------- Patch: SUSE-2021-2173 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 Description: This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------- Patch: SUSE-2021-2196 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 Description: This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------- Patch: SUSE-2021-2320 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 Description: This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------- Patch: SUSE-2021-2447 Released: Thu Jul 22 08:26:29 2021 Summary: Recommended update for hwdata Severity: moderate References: 1186749,1187948 Description: This update for hwdata fixes the following issue: - Version 0.349: Updated pci, usb and vendor ids (bsc#1187948). ----------------------------------------- Patch: SUSE-2021-2627 Released: Thu Aug 5 12:10:46 2021 Summary: Recommended maintenance update for systemd-default-settings Severity: moderate References: 1188348 Description: This update for systemd-default-settings fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------- Patch: SUSE-2021-2817 Released: Mon Aug 23 15:05:18 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Severity: moderate References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137 Description: This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) ----------------------------------------- Patch: SUSE-2021-2973 Released: Tue Sep 7 16:56:08 2021 Summary: Recommended update for hwdata Severity: moderate References: 1190091 Description: This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) ----------------------------------------- Patch: SUSE-2021-2997 Released: Thu Sep 9 14:37:34 2021 Summary: Recommended update for python3 Severity: moderate References: 1187338,1189659 Description: This update for python3 fixes the following issues: - Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338) ----------------------------------------- Patch: SUSE-2021-3001 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Severity: moderate References: 1189683 Description: This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------- Patch: SUSE-2021-3182 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Severity: moderate References: 1189996 Description: This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------- Patch: SUSE-2021-3490 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Severity: moderate References: 1190793,CVE-2021-39537 Description: This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------- Patch: SUSE-2021-3494 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Severity: moderate References: 1190052 Description: This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------- Patch: SUSE-2021-3510 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Severity: important References: 1191987 Description: This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------- Patch: SUSE-2021-3529 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 Description: This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------- Patch: SUSE-2021-3799 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Severity: moderate References: 1187153,1187273,1188623 Description: This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------- Patch: SUSE-2021-3832 Released: Wed Dec 1 14:51:19 2021 Summary: Recommended update for hwdata Severity: moderate References: 1191375 Description: This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) ----------------------------------------- Patch: SUSE-2021-3891 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Severity: moderate References: 1029961,1113013,1187654 Description: This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------- Patch: SUSE-2021-3942 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Severity: moderate References: 1175825,CVE-2020-8927 Description: This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------- Patch: SUSE-2021-3946 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Severity: moderate References: 1192717,CVE-2021-43618 Description: This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------- Patch: SUSE-2021-4104 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 Description: This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------- Patch: SUSE-2022-48 Released: Tue Jan 11 09:17:57 2022 Summary: Recommended update for python3 Severity: moderate References: 1190566,1192249,1193179 Description: This update for python3 fixes the following issues: - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249). - Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566) - Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'. ----------------------------------------- Patch: SUSE-2022-100 Released: Tue Jan 18 05:20:03 2022 Summary: Recommended update for hwdata Severity: moderate References: 1194338 Description: This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) ----------------------------------------- Patch: SUSE-2022-228 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Severity: moderate References: 1194522 Description: This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------- Patch: SUSE-2022-692 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Severity: moderate References: 1190447 Description: This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------- Patch: SUSE-2022-789 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Severity: moderate References: 1195654 Description: This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------- Patch: SUSE-2022-861 Released: Tue Mar 15 23:31:21 2022 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1182959,1195149,1195792,1195856 Description: This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------- Patch: SUSE-2022-884 Released: Thu Mar 17 09:47:43 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Severity: moderate References: 1082318 Description: This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------- Patch: SUSE-2022-936 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Severity: moderate References: 1196275,1196406 Description: This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------- Patch: SUSE-2022-942 Released: Thu Mar 24 10:30:15 2022 Summary: Security update for python3 Severity: moderate References: 1186819,CVE-2021-3572 Description: This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). ----------------------------------------- Patch: SUSE-2022-1047 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Severity: moderate References: 1196093,1197024 Description: This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------- Patch: SUSE-2022-1204 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Severity: moderate References: 1196332 Description: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------- Patch: SUSE-2022-1281 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Severity: moderate References: 1196647 Description: This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------- Patch: SUSE-2022-1409 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1195628,1196107 Description: This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------- Patch: SUSE-2022-1451 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Severity: moderate References: 1193489 Description: This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------- Patch: SUSE-2022-1655 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Severity: moderate References: 1197794 Description: This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------- Patch: SUSE-2022-1658 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Severity: important References: 1197771 Description: This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------- Patch: SUSE-2022-1703 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Severity: important References: 1196332 Description: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------- Patch: SUSE-2022-1887 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Severity: moderate References: 1040589 Description: This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------- Patch: SUSE-2022-1899 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Severity: important References: 1198176 Description: This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------- Patch: SUSE-2022-2019 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 Description: This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------- Patch: SUSE-2022-2118 Released: Mon Jun 20 13:04:15 2022 Summary: Recommended update for SUSE Manager Client Tools Severity: moderate References: 1181223,1190462,1193600,1196704,1197507,1197689 Description: This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Adapted to build on Enterprise Linux. - Fix build for RedHat 7 - Require Go >= 1.14 also for CentOS - Add support for CentOS - Replace %{?systemd_requires} with %{?systemd_ordering} mgr-cfg: - Version 4.3.6-1 * Corrected source URL in spec file * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher * Remove unused legacy code mgr-custom-info: - Version 4.3.3-1 * Remove unused legacy code mgr-daemon: - Version 4.3.4-1 * Corrected source URLs in spec file. * Update translation strings mgr-osad: - Version 4.3.6-1 * Corrected source URL in spec file. * Do not build python 2 package for SLE15SP4 and higher * Removed spacewalk-selinux dependencies. * Updated source url. mgr-push: - Version 4.3.4-1 * Corrected source URLs in spec file. mgr-virtualization: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher prometheus-blackbox_exporter: - Enhanced to build on Enterprise Linux 8 prometheus-postgres_exporter: - Updated for RHEL8. python-hwdata: - Require python macros for building rhnlib: - Version 4.3.4-1 * Reorganize python files spacecmd: - Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) spacewalk-client-tools: - Version 4.3.9-1 * Corrected source URLs in spec file. * do not build python 2 package for SLE15 * Remove unused legacy code * Update translation strings spacewalk-koan: - Version 4.3.5-1 * Corrected source URLs in spec file. spacewalk-oscap: - Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher spacewalk-remote-utils: - Version 4.3.3-1 * Adapt the package for changes in rhnlib supportutils-plugin-susemanager-client: - Version 4.3.2-1 * Add proxy containers config and logs suseRegisterInfo: - Version 4.3.3-1 * Bump version to 4.3.0 supportutils-plugin-salt: - Add support for Salt Bundle uyuni-common-libs: - Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) * Reorganize python files * Add decompression of zck files to fileutils ----------------------------------------- Patch: SUSE-2022-2294 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 Description: This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------- Patch: SUSE-2022-2355 Released: Mon Jul 11 12:44:33 2022 Summary: Recommended update for python-cryptography Severity: moderate References: 1198331,CVE-2020-25659 Description: This update for python-cryptography fixes the following issues: python-cryptography was updated to 3.3.2. update to 3.3.0: * BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window. * BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types. * BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing. * Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature. Update to 3.2.1: Disable blinding on RSA public keys to address an error with some versions of OpenSSL. update to 3.2 (bsc#1178168, CVE-2020-25659): * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. update to 3.1: * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5. * ``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided. * Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` . * Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`. update to 3.0: * RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes). * X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed. * Deprecated support for Python 2 * Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing. * Added support for OpenSSH certificates to load_ssh_public_key(). * Added encrypt_at_time() and decrypt_at_time() to Fernet. * Added support for the SubjectInformationAccess X.509 extension. * Added support for parsing SignedCertificateTimestamps in OCSP responses. * Added support for parsing attributes in certificate signing requests via get_attribute_for_oid(). * Added support for encoding attributes in certificate signing requests via add_attribute(). * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork. * Added initial support for creating PKCS12 files with serialize_key_and_certificates(). Update to 2.9: * BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. * BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. * BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. * Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. * BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. * Added support for parsing single_extensions in an OCSP response. * NameAttribute values can now be empty strings. ----------------------------------------- Patch: SUSE-2022-2357 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Severity: important References: 1198511,CVE-2015-20107 Description: This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------- Patch: SUSE-2022-2361 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Severity: important References: 1199232,CVE-2022-1586 Description: This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------- Patch: SUSE-2022-2396 Released: Thu Jul 14 11:57:58 2022 Summary: Security update for logrotate Severity: important References: 1192449,1199652,1200278,1200802,CVE-2022-1348 Description: This update for logrotate fixes the following issues: Security issues fixed: - CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652). - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------- Patch: SUSE-2022-2406 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Severity: moderate References: 1197718,1199140,1200334,1200855 Description: This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------- Patch: SUSE-2022-2488 Released: Thu Jul 21 12:15:27 2022 Summary: Feature update for python-python-debian Severity: moderate References: Description: This feature update for python-python-debian provides: - Rename python-debian to python-python-debian according to the Python packaging guidelines (jsc#SLE-24672) - Provide python-python-debian version 0.1.44 (jsc#SLE-24672) * Add support for zstd compression in .deb files * Use logging.warning rather than warnings for data problems. * Support for finding files (including changelog.Debian.gz) that are beyond a symlink within the package * Update packaging for zstd compressed .deb code * Annotate binutils build-dep with * Update Standards-Version to 4.6.1 * Various improvements to the round-trip-safe deb822 parser * Support the Files-Included field in debian/copyright * Fix URL for API documentation in README.rst * RTS parser: minor documentation fixes * Declare minimum Python version of 3.5 for most modules except the RTS parser. Add CI testing with Python 3.5 * RTS parser: Handle leading tabs for setting values * RTS parser: Preserve original field case * RTS parser: Expose str type for keys in paragraphs * Use logging for warnings about data that's being read, rather than the warnings module * Fix type checks for mypy 0.910 * Silence lintian complaint about touching the dpkg database in the examples * Add RTS parser to setup.py so that it is installed. * Add copyright attribution for RTS parser * RTS parser: Accept tabs as continuation line marker * Interpretation: Preserve tab as continuation line if used * RTS parser: Make value interpretation tokenization consistent * RTS parser: Add interpretation for Uploaders field * Add contextmanager to DebFile * Added format/comment preserving deb822 parser as debian._deb822_repro. * Add Build-Depends-Arch, Build-Conflicts-Arch to list of relationship fields * In debian.changelog.get_maintainer, cope with unknown UIDs * Numerous enhancements to the deb822.BuildInfo class * Include portability patch for pwd module on Windows * Drop the deb822.BuildInfo.get_debian_suite function * Move re.compile calls out of functions * Revert unintended renaming of Changelog.get_version/set_version * Add a type for .buildinfo files (deb822.BuildInfo) * Add support for SHA1-Download and SHA256-* variants in PdiffIndex class for .diff/Index files * Permit single-character package names in dependency relationship specifications * Update to debhelper-compat (= 13) * Update examples to use #!/usr/bin/python3 * Fix tabs vs spaces in examples. * Provide accessor for source package version for binary packages * Allow debian_support.PackageFile to accept StringIO as well as BytesIO * Change handling of case-insensitive field names to allow Deb822 objects to be serialised * Add SHA265 support to handling of pdiffs * Add support for additional headers for merged pdiffs to PDiffIndex * Add a debian.watch module for parsing watch files * Prevent stripping of last newline in initial lines before changelog files * Add a Copyright.files_excluded field * Allow specifying allow_missing_author when reserializing changelog entries * Drop python2 support (from version 0.1.37) * Add Rules-Requires-Root: no * Parse Built-Using relationship fields * Extend Deb822 parser to allow underscores in the field name * Add accessors for Version objects from Deb822 - Remove superfluous devel dependency for noarch package ----------------------------------------- Patch: SUSE-2022-2493 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Severity: moderate References: 1193282 Description: This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------- Patch: SUSE-2022-2640 Released: Wed Aug 3 10:43:44 2022 Summary: Recommended update for yaml-cpp Severity: moderate References: 1160171,1178331,1178332,1200624 Description: This update for yaml-cpp fixes the following issue: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171). ----------------------------------------- Patch: SUSE-2022-2717 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Severity: moderate References: 1198627,CVE-2022-29458 Description: This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------- Patch: SUSE-2022-2796 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Severity: moderate References: Description: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------- Patch: SUSE-2022-2901 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Severity: moderate References: Description: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------- Patch: SUSE-2022-3021 Released: Mon Sep 5 11:57:55 2022 Summary: Recommended update for python-dmidecode Severity: moderate References: 1194351 Description: This update for python-dmidecode fixes the following issues: - Fixed memory map size for 'Type Detail' (bsc#1194351) - Use update-alternatives mechanism instead of shared subpackage. - Realign the spec file for python singlespec ----------------------------------------- Patch: SUSE-2022-3022 Released: Mon Sep 5 15:16:02 2022 Summary: Recommended update for python-pyOpenSSL Severity: moderate References: 1200771 Description: This update for python-pyOpenSSL fixes the following issues: - Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056). python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519): - The minimum ``cryptography`` version is now 3.3. - Raise an error when an invalid ALPN value is set. - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version`` - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings. ----------------------------------------- Patch: SUSE-2022-3127 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Severity: moderate References: 1198752,1200800 Description: This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------- Patch: SUSE-2022-3135 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Severity: low References: 1200110 Description: This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) ----------------------------------------- Patch: SUSE-2022-3178 Released: Thu Sep 8 09:35:05 2022 Summary: Important security update for SUSE Manager Client Tools Severity: important References: 1176460,1180816,1180942,1181119,1181935,1183684,1187725,1188061,1193585,1197963,1199528,1200142,1200591,1200968,1200970,1201003,1202614,CVE-2021-20178,CVE-2021-20180,CVE-2021-20191,CVE-2021-20228,CVE-2021-3447,CVE-2021-3583,CVE-2021-3620 Description: This update fixes the following issues: ansible: - Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133) * CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725) * CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061) * ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460) - Update to 2.9.22: * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values * CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option * CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values * CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values * CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module dracut-saltboot: - Require e2fsprogs (bsc#1202614) - Update to version 0.1.1657643023.0d694ce * Update dracut-saltboot dependencies (bsc#1200970) * Fix network loading when ipappend is used in pxe config * Add new information messages golang-github-QubitProducts-exporter_exporter: - Remove license file from %doc mgr-daemon: - Version 4.3.5-1 * Update translation strings mgr-virtualization: - Version 4.3.6-1 * Report all VMs in poller, not only running ones (bsc#1199528) prometheus-blackbox_exporter: - Exclude s390 arch python-hwdata: - Declare the LICENSE file as license and not doc spacecmd: - Version 4.3.14-1 * Fix missing argument on system_listmigrationtargets (bsc#1201003) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) * Change proxy container config default filename to end with tar.gz * Update translation strings spacewalk-client-tools: - Version 4.3.11-1 * Update translation strings uyuni-common-libs: - Version 4.3.5-1 * Fix reposync issue about 'rpm.hdr' object has no attribute 'get' uyuni-proxy-systemd-services: - Version 4.3.6-1 * Expose port 80 (bsc#1200142) * Use volumes rather than bind mounts * TFTPD to listen on udp port (bsc#1200968) * Add TAG variable in configuration * Fix containers namespaces in configuration zypp-plugin-spacewalk: - 1.0.13 * Log in before listing channels. (bsc#1197963, bsc#1193585) ----------------------------------------- Patch: SUSE-2022-3262 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1199140 Description: This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------- Patch: SUSE-2022-3271 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Severity: moderate References: 1047178,CVE-2017-6512 Description: This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------- Patch: SUSE-2022-3304 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Severity: moderate References: Description: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------- Patch: SUSE-2022-3305 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Severity: important References: 1201680,CVE-2021-46828 Description: This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------- Patch: SUSE-2022-3307 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 Description: This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------- Patch: SUSE-2022-3328 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Severity: moderate References: 1202870 Description: This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------- Patch: SUSE-2022-3489 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Severity: important References: 1203438,CVE-2022-40674 Description: This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------- Patch: SUSE-2022-3544 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Severity: important References: 1202624,CVE-2021-28861 Description: This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------- Patch: SUSE-2022-3555 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Severity: important References: 1199492 Description: This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------- Patch: SUSE-2022-3806 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 Description: This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------- Patch: SUSE-2022-3884 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Severity: important References: 1204708,CVE-2022-43680 Description: This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------- Patch: SUSE-2022-3910 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Severity: moderate References: Description: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------- Patch: SUSE-2022-4010 Released: Wed Nov 16 11:07:36 2022 Summary: Security update for apache2-mod_wsgi Severity: moderate References: 1201634,CVE-2022-2255 Description: This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) ----------------------------------------- Patch: SUSE-2022-4062 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Severity: moderate References: 1201590 Description: This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------- Patch: SUSE-2022-4063 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Severity: moderate References: Description: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------- Patch: SUSE-2022-4081 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Severity: low References: 1199944,CVE-2022-1664 Description: This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------- Patch: SUSE-2022-4135 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Severity: moderate References: 1198165 Description: This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------- Patch: SUSE-2022-4256 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Severity: moderate References: Description: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------- Patch: SUSE-2022-4281 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 Description: This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------- Patch: SUSE-2022-4601 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 Description: This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------- Patch: SUSE-2022-4628 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Severity: moderate References: 1206337,CVE-2022-46908 Description: This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------- Patch: SUSE-2023-46 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Severity: moderate References: Description: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------- Patch: SUSE-2023-48 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Severity: moderate References: 1199467 Description: This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------- Patch: SUSE-2023-159 Released: Thu Jan 26 18:21:56 2023 Summary: Security update for python-setuptools Severity: moderate References: 1206667,CVE-2022-40897 Description: This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------- Patch: SUSE-2023-549 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Severity: moderate References: 1205244,1208443,CVE-2022-45061 Description: This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------- Patch: SUSE-2023-617 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Severity: moderate References: 1207789 Description: This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------- Patch: SUSE-2023-709 Released: Fri Mar 10 16:04:41 2023 Summary: Recommended update for console-setup Severity: moderate References: 1202853 Description: This update for console-setup and kbd fixes the following issue: - Fix Caps_Lock mapping for us.map and others (bsc#1202853) ----------------------------------------- Patch: SUSE-2023-722 Released: Tue Mar 14 14:57:15 2023 Summary: Security update for python-cryptography Severity: moderate References: 1208036,CVE-2023-23931 Description: This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036). ----------------------------------------- Patch: SUSE-2023-776 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Severity: moderate References: Description: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------- Patch: SUSE-2023-868 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Severity: important References: 1203355,1208471,CVE-2023-24329 Description: This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------- Patch: SUSE-2023-1920 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Severity: moderate References: Description: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------- Patch: SUSE-2023-2111 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Severity: moderate References: 1210434,CVE-2023-29491 Description: This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------- Patch: SUSE-2023-2192 Released: Fri May 12 12:49:02 2023 Summary: Feature update for python311, python311-pip, python311-setuptools Severity: moderate References: Description: This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) ----------------------------------------- Patch: SUSE-2023-2216 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Severity: important References: 1186870,1199282 Description: This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------- Patch: SUSE-2023-2307 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Severity: low References: 1210702 Description: This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------- Patch: SUSE-2023-2517 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Severity: moderate References: 1203750,1211158,CVE-2007-4559 Description: This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------- Patch: SUSE-2023-2625 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Severity: moderate References: Description: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------- Patch: SUSE-2023-2649 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Severity: moderate References: Description: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------- Patch: SUSE-2023-2761 Released: Mon Jul 3 15:16:44 2023 Summary: Recommended update for libjansson Severity: moderate References: 1201817 Description: This update for libjansson fixes the following issues: - Update to 2.14 (bsc#1201817): * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. + Add jansson_version_str() and jansson_version_cmp() for runtime version checking + Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions + Add json_object_update_recursive() + Add `json_pack()` format specifiers s*, o* and O* for values that can be omitted if null + Add `json_error_code()` to retrieve numeric error codes + Enable thread safety for `json_dump()` on all systems. Enable thread safe `json_decref()` and `json_incref()` for modern compilers + Add `json_sprintf()` and `json_vsprintf()` * Fixes: + Handle `sprintf` corner cases. + Add infinite loop check in json_deep_copy() + Enhance JANSSON_ATTRS macro to support earlier C standard(C89) + Update version detection for sphinx-build + Fix error message in `json_pack()` for NULL object + Avoid invalid memory read in `json_pack()` + Call va_end after va_copy in `json_vsprintf()` + Improve handling of formats with '?' and '*' in `json_pack()` + Remove inappropriate `jsonp_free()` which caused segmentation fault in error handling + Fix incorrect report of success from `json_dump_file()` when an error is returned by `fclose()` + Make json_equal() const-correct + Fix incomplete stealing of references by `json_pack()` - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Add check section. ----------------------------------------- Patch: SUSE-2023-2765 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 Description: This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------- Patch: SUSE-2023-2827 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Severity: moderate References: Description: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------- Patch: SUSE-2023-2847 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Severity: moderate References: 1210004 Description: This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------- Patch: SUSE-2023-2877 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Severity: moderate References: 1212126,CVE-2023-34969 Description: This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------- Patch: SUSE-2023-2882 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Severity: important References: 1210999,CVE-2023-31484 Description: This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------- Patch: SUSE-2023-2918 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Severity: moderate References: 1089497 Description: This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------- Patch: SUSE-2023-2966 Released: Tue Jul 25 14:26:14 2023 Summary: Recommended update for libxml2 Severity: moderate References: Description: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------- Patch: SUSE-2023-3330 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Severity: important References: 1207805 Description: This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) ----------------------------------------- Patch: SUSE-2023-3410 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Severity: moderate References: 1201519,1204844 Description: This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------- Patch: SUSE-2023-3440 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Severity: low References: 1214025,CVE-2023-4156 Description: This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------- Patch: SUSE-2023-3468 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Severity: low References: Description: This update for python3 fixes the following issue: - Rename sources in preparation of python3.11 (jsc#PED-68) ----------------------------------------- Patch: SUSE-2023-3611 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 Description: This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) ----------------------------------------- Patch: SUSE-2023-3661 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Severity: important References: 1214052,CVE-2023-4039 Description: This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------- Patch: SUSE-2023-3666 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Severity: important References: 1214768,CVE-2023-39615 Description: This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------- Patch: SUSE-2023-3828 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Severity: important References: 1214692,CVE-2023-40217 Description: This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ----------------------------------------- Patch: SUSE-2023-3954 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 Description: This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------- Patch: SUSE-2023-4073 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Severity: low References: Description: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------- Patch: SUSE-2023-4154 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Severity: moderate References: 1107342,1215434 Description: This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------- Patch: SUSE-2023-4162 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 Description: This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------- Patch: SUSE-2023-4194 Released: Wed Oct 25 11:01:41 2023 Summary: Feature update for python3 Severity: low References: Description: This feature update for python3 packages adds the following: - First batch of python3.11 modules (jsc#PED-68) - Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate the new 3.11 versions, this 3 packages have no code changes. ----------------------------------------- Patch: SUSE-2023-4215 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Severity: moderate References: 1216378,CVE-2023-45853 Description: This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------- Patch: SUSE-2023-4310 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Severity: moderate References: 1196647 Description: This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------- Patch: SUSE-2023-4385 Released: Thu Nov 9 03:30:32 2023 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Severity: important References: 1204270,1211047,1211145,1211270,1211912,1212168,1212507,1213132,1213376,1213469,1213680,1213689,1214041,1214121,1214463,1214553,1214746,1215027,1215120,1215412,1215514,1216411,1216661 Description: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------- Patch: SUSE-2023-4453 Released: Wed Nov 15 14:24:58 2023 Summary: Recommended update for libjansson Severity: moderate References: 1216541 Description: This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ----------------------------------------- Patch: SUSE-2023-4458 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 Description: This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------- Patch: SUSE-2023-4504 Released: Tue Nov 21 13:27:50 2023 Summary: Security update for libxml2 Severity: moderate References: 1216129,CVE-2023-45322 Description: This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------- Patch: SUSE-2023-4517 Released: Tue Nov 21 17:30:27 2023 Summary: Security update for python3-setuptools Severity: moderate References: 1206667,CVE-2022-40897 Description: This update for python3-setuptools fixes the following issues: - CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667). ----------------------------------------- Patch: SUSE-2023-4619 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Severity: important References: 1210660,CVE-2023-2137 Description: This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------- Patch: SUSE-2023-4671 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Severity: moderate References: Description: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------- Patch: SUSE-2023-4723 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Severity: moderate References: 1216862 Description: This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------- Patch: SUSE-2023-4737 Released: Wed Dec 13 10:20:03 2023 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Severity: important References: 1191143,1204235,1207012,1207532,1210928,1210930,1211355,1211560,1211649,1212695,1212904,1213469,1214186,1214471,1214601,1214759,1215209,1215514,1215949,1216030,1216041,1216085,1216128,1216380,1216506,1216555,1216690,1216754,1217038,1217223,1217224,CVE-2023-22644 Description: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------- Patch: SUSE-2023-4843 Released: Thu Dec 14 12:22:44 2023 Summary: Security update for python3-cryptography Severity: moderate References: 1217592,CVE-2023-49083 Description: This update for python3-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ----------------------------------------- Patch: SUSE-2023-4891 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Severity: moderate References: 1201384,1218014,CVE-2023-50495 Description: This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------- Patch: SUSE-2024-62 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Severity: moderate References: 1215496 Description: This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------- Patch: SUSE-2024-136 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Severity: moderate References: 1217000,1218475,CVE-2024-22365 Description: This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------- Patch: SUSE-2024-187 Released: Tue Jan 23 13:38:00 2024 Summary: Recommended update for python-chardet Severity: moderate References: 1218765 Description: This update for python-chardet fixes the following issues: - Fix update-alternative in %postun (bsc#1218765) ----------------------------------------- Patch: SUSE-2024-238 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Severity: moderate References: 1218571,CVE-2023-7207 Description: This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------- Patch: SUSE-2024-322 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Severity: moderate References: 1107342,1215434 Description: This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------- Patch: SUSE-2024-458 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Severity: moderate References: Description: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------- Patch: SUSE-2024-555 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Severity: moderate References: 1219576,CVE-2024-25062 Description: This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------- Patch: SUSE-2024-581 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Severity: moderate References: 1210638,CVE-2023-27043 Description: This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ----------------------------------------- Patch: SUSE-2024-614 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Severity: important References: 1216752 Description: This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------- Patch: SUSE-2024-615 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Severity: moderate References: 1211886 Description: This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------- Patch: SUSE-2024-305 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Severity: moderate References: 1218571,1219238,CVE-2023-7207 Description: This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------- Patch: SUSE-2024-849 Released: Tue Mar 12 15:38:03 2024 Summary: Recommended update for cloud-init Severity: important References: 1198533,1214169,1218952 Description: This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) ----------------------------------------- Patch: SUSE-2024-861 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Severity: moderate References: 1218232 Description: This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------- Patch: SUSE-2024-901 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 Description: This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------- Patch: SUSE-2024-907 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Severity: moderate References: 1215377 Description: This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------- Patch: SUSE-2024-929 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Severity: moderate References: 1219321 Description: This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------- Patch: SUSE-2024-1091 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Severity: moderate References: Description: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------- Patch: SUSE-2024-1129 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 Description: This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------- Patch: SUSE-2024-1133 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Severity: moderate References: 1220061,CVE-2023-45918 Description: This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------- Patch: SUSE-2024-1176 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Severity: moderate References: Description: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------- Patch: SUSE-2024-1206 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Severity: moderate References: 1222259 Description: This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------- Patch: SUSE-2024-1253 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 Description: This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------- Patch: SUSE-2024-1279 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Severity: moderate References: 1222109 Description: This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) ----------------------------------------- Patch: SUSE-2024-1341 Released: Thu Apr 18 15:29:45 2024 Summary: Recommended update for tftp Severity: moderate References: 1215520 Description: This update for tftp fixes the following issue: - Allow enabling the service via `systemctl enable tftp` to create the tftp.socket symlink (bsc#1215520) ----------------------------------------- Patch: SUSE-2024-1398 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Severity: moderate References: Description: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------- Patch: SUSE-2024-1487 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Severity: moderate References: 1211721,1221361,1221407,1222547 Description: This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) ----------------------------------------- Patch: SUSE-2024-1557 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 Description: This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) ----------------------------------------- Patch: SUSE-2024-1665 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Severity: moderate References: 1221632 Description: This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------- Patch: SUSE-2024-1762 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 Description: This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------- Patch: SUSE-2024-1876 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Severity: moderate References: 1221361 Description: This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------- Patch: SUSE-2024-1934 Released: Thu Jun 6 11:19:24 2024 Summary: Recommended update for sles15-image Severity: moderate References: Description: This update for sles15-image fixes the following issues: - update to SUSE LLC and use https (it's 2024) - use more specific lifecycle url - remove deprecated label duplication as those labels are inherited into all derived containers as well causing confusion - set supportlevel to released and L3 - use the base-container-images landing page - rename kiwi file to match package name - move artifacthub.io labels outside labelling helper to avoid duplication ----------------------------------------- Patch: SUSE-2024-1943 Released: Fri Jun 7 17:04:06 2024 Summary: Security update for util-linux Severity: important References: 1218609,1220117,1221831,1223605,CVE-2024-28085 Description: This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) ----------------------------------------- Patch: SUSE-2024-1950 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Severity: moderate References: 1224044,CVE-2024-34397 Description: This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------- Patch: SUSE-2024-1954 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Severity: moderate References: 1221482 Description: This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------- Patch: SUSE-2024-1963 Released: Mon Jun 10 13:09:41 2024 Summary: Security update for apache2 Severity: important References: 1221401,1222330,1222332,CVE-2023-38709,CVE-2024-24795,CVE-2024-27316 Description: This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed HTTP response splitting (bsc#1222330). - CVE-2024-24795: Fixed HTTP response splitting in multiple modules (bsc#1222332). - CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames can be utilized for DoS attacks (bsc#1221401). ----------------------------------------- Patch: SUSE-2024-1997 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Severity: moderate References: 1223596 Description: This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------- Patch: SUSE-2024-2024 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Severity: moderate References: 1209627 Description: This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------- Patch: 33664 Released: Thu Jun 13 21:03:11 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Severity: important References: 1222086,1223430,1223766,1224242 Description: This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------- Patch: SUSE-2024-2059 Released: Tue Jun 18 13:11:29 2024 Summary: Security update for openssl-1_1 Severity: important References: 1225551,CVE-2024-4741 Description: This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------- Patch: SUSE-2024-2066 Released: Tue Jun 18 13:16:09 2024 Summary: Security update for openssl-3 Severity: important References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 Description: This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) ----------------------------------------- Patch: SUSE-2024-2086 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Severity: moderate References: 1188441 Description: This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------- Patch: SUSE-2024-2214 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Severity: moderate References: 1225598 Description: This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------- Patch: SUSE-2024-2229 Released: Wed Jun 26 08:20:55 2024 Summary: Recommended update for apache2 Severity: important References: 1226217 Description: This update for apache2 fixes the following issues: - Apache ignores headers sent by CGI scripts (bsc#1226217) ----------------------------------------- Patch: SUSE-2024-2239 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Severity: critical References: 1226415 Description: This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc ----------------------------------------- Patch: SUSE-2024-2290 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Severity: low References: 1224282,CVE-2024-34459 Description: This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------- Patch: SUSE-2024-2307 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 Description: This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------- Patch: SUSE-2024-2405 Released: Thu Jul 11 10:21:19 2024 Summary: Security update for apache2 Severity: important References: 1227270,1227271,CVE-2024-38477,CVE-2024-39573 Description: This update for apache2 fixes the following issues: - CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270) - CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271) ----------------------------------------- Patch: SUSE-2024-2479 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 Description: This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------- Patch: SUSE-2024-2597 Released: Tue Jul 23 09:03:59 2024 Summary: Security update for apache2 Severity: important References: 1227268,1227269,1227272,CVE-2024-36387,CVE-2024-38475,CVE-2024-38476 Description: This update for apache2 fixes the following issues: - CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 (bsc#1227272) - CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268) - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269) ----------------------------------------- Patch: SUSE-2024-2641 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Severity: moderate References: Description: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------- Patch: SUSE-2024-2912 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Severity: important References: 1222985,1223571,1224014,1224016,1227308 Description: This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------- Patch: SUSE-2024-2933 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 Description: This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) ----------------------------------------- Patch: SUSE-2024-3054 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Severity: important References: 1228105,CVE-2024-6345 Description: This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) ----------------------------------------- Patch: SUSE-2024-3172 Released: Mon Sep 9 12:55:40 2024 Summary: Security update for apache2 Severity: important References: 1227276,1227278,1227353,CVE-2024-38473,CVE-2024-38474,CVE-2024-39884 Description: This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278) - CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276) - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353)