----------------------------------------- Version 9.24.1 2023-08-03T09:00:26 ----------------------------------------- Patch: SUSE-2018-1332 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Severity: moderate References: 1073299,1093392 Description: This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------- Patch: SUSE-2018-1999 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Severity: moderate References: 1071321 Description: This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------- Patch: SUSE-2018-2463 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1104700,1112310 Description: This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------- Patch: SUSE-2018-2550 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Severity: moderate References: 1113554 Description: This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------- Patch: SUSE-2018-2569 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------- Patch: SUSE-2018-2607 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------- Patch: SUSE-2018-2825 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------- Patch: SUSE-2018-2861 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------- Patch: SUSE-2019-44 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------- Patch: SUSE-2019-102 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Severity: moderate References: 1120402 Description: This update for timezone fixes the following issues: - Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------- Patch: SUSE-2019-110 Released: Thu Jan 17 14:17:05 2019 Summary: Security update for zeromq Severity: important References: 1121717,CVE-2019-6250 Description: This update for zeromq fixes the following issues: Security issue fixed: - CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow (bsc#1121717) ----------------------------------------- Patch: SUSE-2019-247 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------- Patch: SUSE-2019-571 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------- Patch: SUSE-2019-788 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------- Patch: SUSE-2019-790 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Severity: moderate References: 1130557 Description: This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------- Patch: SUSE-2019-1002 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Severity: moderate References: 1110304,1129576 Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------- Patch: SUSE-2019-1040 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------- Patch: SUSE-2019-1127 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------- Patch: SUSE-2019-1368 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------- Patch: SUSE-2019-1372 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Severity: moderate References: 1105435,CVE-2018-1000654 Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------- Patch: SUSE-2019-1631 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Severity: low References: 1135709 Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------- Patch: SUSE-2019-1776 Released: Mon Jul 8 18:18:37 2019 Summary: Security update for zeromq Severity: important References: 1082318,1140255,CVE-2019-13132 Description: This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) - Correctly mark license files as licence instead of documentation (bsc#1082318) ----------------------------------------- Patch: SUSE-2019-1815 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Severity: moderate References: 1140016 Description: This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------- Patch: SUSE-2019-2134 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Severity: moderate References: 1136717,1137624,1141059,SLE-5807 Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------- Patch: SUSE-2019-2218 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------- Patch: SUSE-2019-2533 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------- Patch: SUSE-2019-2730 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 Description: This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------- Patch: SUSE-2019-2762 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Severity: moderate References: 1150451 Description: This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------- Patch: SUSE-2019-2997 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------- Patch: SUSE-2019-3061 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------- Patch: SUSE-2019-3086 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------- Patch: SUSE-2019-3400 Released: Tue Dec 31 08:18:40 2019 Summary: Recommended update for libsodium Severity: moderate References: 1146257 Description: This update for libsodium fixes the following issues: - build libsodium23-32bit, which is required by zeromq's -32bit packages. (bsc#1146257) ----------------------------------------- Patch: SUSE-2020-225 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------- Patch: SUSE-2020-525 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Severity: moderate References: 1164562 Description: This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------- Patch: SUSE-2020-689 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-917 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-948 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 Description: This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------- Patch: SUSE-2020-1226 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Severity: moderate References: 1149995,1152590,1167898 Description: This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------- Patch: SUSE-2020-1294 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Severity: moderate References: 1154661,1169512,CVE-2019-18218 Description: This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------- Patch: SUSE-2020-1303 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Severity: moderate References: 1169582 Description: This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------- Patch: SUSE-2020-1328 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Severity: moderate References: 1155271 Description: This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------- Patch: SUSE-2020-1404 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Severity: moderate References: 1138793,1166260 Description: This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------- Patch: SUSE-2020-1542 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Severity: moderate References: 1172055 Description: This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------- Patch: SUSE-2020-1801 Released: Tue Jun 30 13:07:01 2020 Summary: Recommended update for zeromq Severity: low References: 1171566 Description: This update of zeromq fixes the following issue. - the libzmq5-32bit package is shipped on x86_64 platforms. (bsc#1171566) ----------------------------------------- Patch: SUSE-2020-1954 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Severity: moderate References: 1172396 Description: This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------- Patch: SUSE-2020-2083 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Severity: moderate References: 1156913 Description: This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------- Patch: SUSE-2020-2148 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Severity: important References: 1174673 Description: This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------- Patch: SUSE-2020-2420 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Severity: moderate References: 1174551,1174736 Description: This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------- Patch: SUSE-2020-2651 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Severity: moderate References: 1175811,1175830,1175831 Description: This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------- Patch: SUSE-2020-2947 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 Description: This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------- Patch: SUSE-2020-2958 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------- Patch: SUSE-2020-2983 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Severity: moderate References: 1176123 Description: This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------- Patch: SUSE-2020-3026 Released: Fri Oct 23 15:35:51 2020 Summary: Optional update for the Public Cloud Module Severity: moderate References: Description: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------- Patch: SUSE-2020-3099 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------- Patch: SUSE-2020-3123 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Severity: important References: 1177460,1178346,1178350,1178353 Description: This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------- Patch: SUSE-2020-3157 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1177864 Description: This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------- Patch: SUSE-2020-3264 Released: Tue Nov 10 09:50:29 2020 Summary: Security update for zeromq Severity: moderate References: 1176116,1176256,1176257,1176258,1176259,CVE-2020-15166 Description: This update for zeromq fixes the following issues: - CVE-2020-15166: Fixed the possibility of unauthenticated clients causing a denial-of-service (bsc#1176116). - Fixed a heap overflow when receiving malformed ZMTP v1 packets (bsc#1176256) - Fixed a memory leak in client induced by malicious server(s) without CURVE/ZAP (bsc#1176257) - Fixed memory leak when processing PUB messages with metadata (bsc#1176259) - Fixed a stack overflow in PUB/XPUB subscription store (bsc#1176258) ----------------------------------------- Patch: SUSE-2020-3462 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Severity: moderate References: 1174593,1177858,1178727 Description: This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------- Patch: SUSE-2020-3620 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Severity: moderate References: Description: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------- Patch: SUSE-2020-3942 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Severity: moderate References: 1180138 Description: This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------- Patch: SUSE-2021-179 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------- Patch: SUSE-2021-220 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Severity: moderate References: 1180603 Description: This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------- Patch: SUSE-2021-293 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Severity: moderate References: 1180603 Description: This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------- Patch: SUSE-2021-294 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Severity: moderate References: Description: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------- Patch: SUSE-2021-301 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------- Patch: SUSE-2021-339 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Severity: low References: Description: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------- Patch: SUSE-2021-656 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Severity: moderate References: 1177127 Description: This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------- Patch: SUSE-2021-786 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Severity: moderate References: 1176201 Description: This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------- Patch: SUSE-2021-924 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 Description: This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------- Patch: SUSE-2021-930 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Severity: important References: 1172442,1181358,CVE-2020-11080 Description: This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------- Patch: SUSE-2021-952 Released: Thu Mar 25 14:36:56 2021 Summary: Recommended update for libunwind Severity: moderate References: 1160876,1171549 Description: This update for libunwind fixes the following issues: - Update to version 1.5.0. (jsc#ECO-3395) - Enable s390x for building. (jsc#ECO-3395) - Fix compilation with 'fno-common'. (bsc#1171549) - Fix build with 'GCC-10'. (bsc#1160876) ----------------------------------------- Patch: SUSE-2021-1169 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Severity: low References: 1181976 Description: This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------- Patch: SUSE-2021-1549 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Severity: moderate References: 1185417 Description: This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------- Patch: SUSE-2021-1643 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Severity: important References: 1181443,1184358,1185562 Description: This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------- Patch: SUSE-2021-1861 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 Description: This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------- Patch: SUSE-2021-1937 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Severity: moderate References: 1186642 Description: This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------- Patch: SUSE-2021-2173 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 Description: This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------- Patch: SUSE-2021-2196 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 Description: This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------- Patch: SUSE-2021-2320 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 Description: This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------- Patch: SUSE-2021-2463 Released: Fri Jul 23 12:56:22 2021 Summary: Recommended update for python-pyzmq Severity: moderate References: 1186945 Description: This update for python-pyzmq fixes the following issues: - Update to version 17.1.2 (bsc#1186945) * Fix possible hang when working with asyncio * Remove some outdated workarounds for old Cython versions * Fix some compilation with custom compilers * Remove unneeded link of libstdc++ on PyPy ----------------------------------------- Patch: SUSE-2021-2573 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Severity: moderate References: 1188127 Description: This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------- Patch: SUSE-2021-2997 Released: Thu Sep 9 14:37:34 2021 Summary: Recommended update for python3 Severity: moderate References: 1187338,1189659 Description: This update for python3 fixes the following issues: - Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338) ----------------------------------------- Patch: SUSE-2021-3001 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Severity: moderate References: 1189683 Description: This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------- Patch: SUSE-2021-3182 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Severity: moderate References: 1189996 Description: This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------- Patch: SUSE-2021-3274 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Severity: important References: 1190858 Description: This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------- Patch: SUSE-2021-3291 Released: Wed Oct 6 16:45:36 2021 Summary: Security update for glibc Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 Description: This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). ----------------------------------------- Patch: SUSE-2021-3382 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: Description: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------- Patch: SUSE-2021-3490 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Severity: moderate References: 1190793,CVE-2021-39537 Description: This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------- Patch: SUSE-2021-3494 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Severity: moderate References: 1190052 Description: This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------- Patch: SUSE-2021-3501 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 Description: This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------- Patch: SUSE-2021-3510 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Severity: important References: 1191987 Description: This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------- Patch: SUSE-2021-3529 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 Description: This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------- Patch: SUSE-2021-3799 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Severity: moderate References: 1187153,1187273,1188623 Description: This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------- Patch: SUSE-2021-3872 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Severity: moderate References: 1191736 Description: This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------- Patch: SUSE-2021-3883 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------- Patch: SUSE-2021-3891 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Severity: moderate References: 1029961,1113013,1187654 Description: This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------- Patch: SUSE-2021-3942 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Severity: moderate References: 1175825,CVE-2020-8927 Description: This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------- Patch: SUSE-2021-3946 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Severity: moderate References: 1192717,CVE-2021-43618 Description: This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------- Patch: SUSE-2021-3980 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Severity: moderate References: 1191592 Description: glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------- Patch: SUSE-2021-4104 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 Description: This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------- Patch: SUSE-2021-4182 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Severity: moderate References: 1192688 Description: This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------- Patch: SUSE-2022-48 Released: Tue Jan 11 09:17:57 2022 Summary: Recommended update for python3 Severity: moderate References: 1190566,1192249,1193179 Description: This update for python3 fixes the following issues: - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249). - Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566) - Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'. ----------------------------------------- Patch: SUSE-2022-207 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Severity: moderate References: Description: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------- Patch: SUSE-2022-228 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Severity: moderate References: 1194522 Description: This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------- Patch: SUSE-2022-330 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 Description: This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------- Patch: SUSE-2022-383 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Severity: moderate References: 1194265 Description: This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------- Patch: SUSE-2022-692 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Severity: moderate References: 1190447 Description: This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------- Patch: SUSE-2022-743 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Severity: important References: 1194265,1196036,CVE-2022-24407 Description: This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------- Patch: SUSE-2022-808 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Severity: moderate References: 1195468 Description: This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------- Patch: SUSE-2022-861 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1182959,1195149,1195792,1195856 Description: This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------- Patch: SUSE-2022-936 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Severity: moderate References: 1196275,1196406 Description: This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------- Patch: SUSE-2022-942 Released: Thu Mar 24 10:30:15 2022 Summary: Security update for python3 Severity: moderate References: 1186819,CVE-2021-3572 Description: This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). ----------------------------------------- Patch: SUSE-2022-1040 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Severity: moderate References: 1195258,CVE-2021-22570 Description: This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------- Patch: SUSE-2022-1047 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Severity: moderate References: 1196093,1197024 Description: This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------- Patch: SUSE-2022-1061 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Severity: important References: 1197459,CVE-2018-25032 Description: This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------- Patch: SUSE-2022-1118 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------- Patch: SUSE-2022-1158 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Severity: important References: 1198062,CVE-2022-1271 Description: This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------- Patch: SUSE-2022-1281 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Severity: moderate References: 1196647 Description: This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------- Patch: SUSE-2022-1374 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Severity: moderate References: 1191157,1197004 Description: This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------- Patch: SUSE-2022-1409 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1195628,1196107 Description: This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------- Patch: SUSE-2022-1451 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Severity: moderate References: 1193489 Description: This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------- Patch: SUSE-2022-1655 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Severity: moderate References: 1197794 Description: This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------- Patch: SUSE-2022-1658 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Severity: important References: 1197771 Description: This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------- Patch: SUSE-2022-1670 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Severity: important References: 1199240,CVE-2022-29155 Description: This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------- Patch: SUSE-2022-1718 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Severity: important References: 1198446,CVE-2022-1304 Description: This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------- Patch: SUSE-2022-1887 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Severity: moderate References: 1040589 Description: This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------- Patch: SUSE-2022-1899 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Severity: important References: 1198176 Description: This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------- Patch: SUSE-2022-1909 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Severity: moderate References: 1198751 Description: This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------- Patch: SUSE-2022-2019 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 Description: This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------- Patch: SUSE-2022-2294 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 Description: This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------- Patch: SUSE-2022-2305 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 Description: This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------- Patch: SUSE-2022-2308 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------- Patch: SUSE-2022-2357 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Severity: important References: 1198511,CVE-2015-20107 Description: This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------- Patch: SUSE-2022-2358 Released: Tue Jul 12 04:21:59 2022 Summary: Recommended update for augeas Severity: moderate References: 1197443 Description: This update for augeas fixes the following issues: - Fix handling of keywords in new sysctl.conf (bsc#1197443) ----------------------------------------- Patch: SUSE-2022-2361 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Severity: important References: 1199232,CVE-2022-1586 Description: This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------- Patch: SUSE-2022-2406 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Severity: moderate References: 1197718,1199140,1200334,1200855 Description: This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------- Patch: SUSE-2022-2469 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 Description: This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------- Patch: SUSE-2022-2493 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Severity: moderate References: 1193282 Description: This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------- Patch: SUSE-2022-2494 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Severity: important References: 1200855,1201560,1201640 Description: This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------- Patch: SUSE-2022-2546 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Severity: important References: 1196125,1201225,CVE-2022-34903 Description: This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------- Patch: SUSE-2022-2552 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 Description: This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------- Patch: SUSE-2022-2573 Released: Thu Jul 28 04:24:19 2022 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1194550,1197684,1199042 Description: This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------- Patch: SUSE-2022-2632 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Severity: important References: 1198720,1200747,1201385 Description: This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------- Patch: SUSE-2022-2640 Released: Wed Aug 3 10:43:44 2022 Summary: Recommended update for yaml-cpp Severity: moderate References: 1160171,1178331,1178332,1200624 Description: This update for yaml-cpp fixes the following issue: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171). ----------------------------------------- Patch: SUSE-2022-2717 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Severity: moderate References: 1198627,CVE-2022-29458 Description: This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------- Patch: SUSE-2022-2796 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Severity: moderate References: Description: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------- Patch: SUSE-2022-2901 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Severity: moderate References: Description: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------- Patch: SUSE-2022-2904 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Severity: moderate References: 1198341 Description: This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------- Patch: SUSE-2022-2920 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Severity: important References: 1195059,1201795 Description: This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------- Patch: SUSE-2022-2929 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Severity: important References: 1202310 Description: This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------- Patch: SUSE-2022-2944 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Severity: important References: 1181475 Description: This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------- Patch: SUSE-2022-2947 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Severity: important References: 1202175,CVE-2022-37434 Description: This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------- Patch: SUSE-2022-2977 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Severity: moderate References: 1197178,1198731 Description: This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------- Patch: SUSE-2022-3003 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Severity: low References: 1202593,CVE-2022-35252 Description: This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------- Patch: SUSE-2022-3127 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Severity: moderate References: 1198752,1200800 Description: This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------- Patch: SUSE-2022-3220 Released: Fri Sep 9 04:30:52 2022 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 Description: This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------- Patch: SUSE-2022-3262 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1199140 Description: This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------- Patch: SUSE-2022-3271 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Severity: moderate References: 1047178,CVE-2017-6512 Description: This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------- Patch: SUSE-2022-3304 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Severity: moderate References: Description: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------- Patch: SUSE-2022-3305 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Severity: important References: 1201680,CVE-2021-46828 Description: This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------- Patch: SUSE-2022-3307 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 Description: This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------- Patch: SUSE-2022-3328 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Severity: moderate References: 1202870 Description: This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------- Patch: SUSE-2022-3353 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Severity: moderate References: 1203018,CVE-2022-31252 Description: This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------- Patch: SUSE-2022-3395 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1181994,1188006,1199079,1202868 Description: This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------- Patch: SUSE-2022-3452 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Severity: moderate References: 1201942 Description: This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------- Patch: SUSE-2022-3489 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Severity: important References: 1203438,CVE-2022-40674 Description: This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------- Patch: SUSE-2022-3544 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Severity: important References: 1202624,CVE-2021-28861 Description: This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624). ----------------------------------------- Patch: SUSE-2022-3551 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Severity: moderate References: 1182983,1190700,1191020,1202117 Description: This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------- Patch: SUSE-2022-3555 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Severity: important References: 1199492 Description: This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------- Patch: SUSE-2022-3564 Released: Tue Oct 11 16:15:57 2022 Summary: Recommended update for libzypp, zypper Severity: critical References: 1189282,1201972,1203649 Description: This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------- Patch: SUSE-2022-3663 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------- Patch: SUSE-2022-3670 Released: Thu Oct 20 10:44:13 2022 Summary: Recommended update for zchunk Severity: moderate References: 1204244 Description: This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) ----------------------------------------- Patch: SUSE-2022-3683 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Severity: critical References: 1204357,CVE-2022-3515 Description: This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------- Patch: SUSE-2022-3692 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 Description: This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------- Patch: SUSE-2022-3784 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Severity: critical References: 1204690,CVE-2021-46848 Description: This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------- Patch: SUSE-2022-3785 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 Description: This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------- Patch: SUSE-2022-3787 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Severity: important References: 1194047,1203911 Description: This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------- Patch: SUSE-2022-3870 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1190651,1202148 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------- Patch: SUSE-2022-3884 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Severity: important References: 1204708,CVE-2022-43680 Description: This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------- Patch: SUSE-2022-3910 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Severity: moderate References: Description: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------- Patch: SUSE-2022-3922 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 Description: This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------- Patch: SUSE-2022-3961 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Severity: important References: 1203652 Description: This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------- Patch: SUSE-2022-3974 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Severity: moderate References: 1201959,1204211 Description: This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------- Patch: SUSE-2022-3999 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Severity: moderate References: 1204179,1204968,CVE-2022-3821 Description: This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------- Patch: SUSE-2022-4062 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Severity: moderate References: 1201590 Description: This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------- Patch: SUSE-2022-4066 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Severity: important References: 1177460,1202324,1204649,1205156 Description: This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------- Patch: SUSE-2022-4135 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Severity: moderate References: 1198165 Description: This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------- Patch: SUSE-2022-4153 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Severity: important References: 1205126,CVE-2022-42898 Description: This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------- Patch: SUSE-2022-4212 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1190651 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------- Patch: SUSE-2022-4256 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Severity: moderate References: Description: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------- Patch: SUSE-2022-4281 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 Description: This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------- Patch: SUSE-2022-4491 Released: Wed Dec 14 13:31:51 2022 Summary: Recommended update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme Severity: important References: 1111657,1144506,1148184,1186870,1199282 Description: This update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme fixes the following issues: libsodium: - Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Enterprise versions of Visual Studio are now supported * Visual Studio 2019 is now supported * 32-bit binaries for Visual Studio 2010 are now provided * Emscripten: print and printErr functions are overridden to send errors to the console, if there is one * Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated * Libsodium version detection has been fixed in the CMake recipe * Generic hashing got a 10% speedup on AVX2. * New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh) * New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random() * crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication * Support for the Ristretto group has been implemented for interoperability with wasm-crypto * Improvements have been made to the test suite * Portability improvements have been made * 'randombytes_salsa20' has been 'renamed to randombytes_internal' * Support for NativeClient has been removed * Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. * The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds * For the full list of changes please consult the packaged ChangeLog - Disable LTO to bypass build failures on Power PC architecture (bsc#1148184) python-cffi: - Version update from 1.11.2 to 1.15.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fixed MANIFEST.in to include missing file for Windows arm64 support * Fixed Linux wheel build to use gcc default ISA for libffi * Updated setup.py Python trove specifiers to currently-tested Python versions * CPython 3.10 support (including wheels) * MacOS arm64 support (including wheels) * Initial Windows arm64 support * Misc. doc and test updates - Fix for using to proper void returning function not to corrupt memory in tests. (bsc#1111657) python-Django: - New package at version 2.0.7 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-hypothesis: - Version update from 3.40.1 to 3.76.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * This release deprecates using floats for min_size and max_size * The type hint for average_size arguments has been changed from Optional[int] to None, because non-None values are always ignored and deprecated. * Fix a broken link in a docstring * Deprecate the use of 'min_size=None', setting the mdefault min_size to 0 * Strategies are now fully constructed and validated before the timer is started * Fix some broken formatting and links in the documentation * Check that the value of the print_blob setting is a PrintSettings instance * Being able to specify a boolean value was not intended, and is now deprecated. In addition, specifying True will now cause the blob to always be printed, instead of causing it to be suppressed. * Specifying any value that is not a PrintSettings or a boolean is now an error * Changes the documentation for hypothesis.strategies.datetimes, hypothesis.strategies.dates, hypothesis.strategies.times to use the new parameter names min_value and max_value instead of the deprecated names * Ensure that Hypothesis deprecation warnings display the code that emitted them when you’re not running in -Werror mode * For the full list of changes please consult the changelog at https://hypothesis.readthedocs.io/en/latest/changes.html#v3-76-0 python-packaging: - Version update from 16.8 to 21.3 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fix testsuite on big-endian targets * Ignore python3.6.2 since the test doesn't support it * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake * Work around dependency generator issues (bsc#1186870) * Remove dependency on attrs (bsc#1144506) * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5. * Replace distutils usage with sysconfig * Add support for zip files in `parse_sdist_filename` * Use cached `_hash` attribute to short-circuit tag equality comparisons * Specify the default value for the `specifier` argument to `SpecifierSet` * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for `Version.post`` and `Version.dev` * Use typing alias `UnparsedVersion`` * Improve type inference for `packaging.specifiers.filter()` * Tighten the return type of `canonicalize_version()` * For the full list of changes please consult the packaged CHANGELOG file python-PyNaCl: - Version update from 1.2.1 to 1.4.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add dependency requirement to python-six, needed by the testsuite * Update `libsodium` to 1.0.18. * **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit `manylinux1` wheels. Continuing to produce them was a maintenance burden. * Added support for Python 3.8, and removed support for Python 3.4. * Add low level bindings for extracting the seed and the public key from crypto_sign_ed25519 secret key * Add low level bindings for deterministic random generation. * Add `wheel` and `setuptools` setup_requirements in `setup.py` * Fix checks on very slow builders (#481, #495) * Add low-level bindings to ed25519 arithmetic functions * Update low-level blake2b state implementation * Fix wrong short-input behavior of SealedBox.decrypt() * Raise CryptPrefixError exception instead of InvalidkeyError when trying to check a password against a verifier stored in a unknown format * Add support for minimal builds of libsodium. Trying to call functions not available in a minimal build will raise an UnavailableError exception. To compile a minimal build of the bundled libsodium, set the SODIUM_INSTALL_MINIMAL environment variable to any non-empty string (e.g. `SODIUM_INSTALL_MINIMAL=1`) for setup. python-semver: - New package at version 2.13.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-sphinx_rtd_theme: - Version update from 0.2.4 to 0.5.1 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add github, gitlab, bitbucket page arguments option * Add html language attribute * Add language to the JS output variable * Add open list spacing * Add option to style external links * Add pygments support * Add setuptools entry point allowing to use sphinx_rtd_theme as Sphinx html_theme directly. * Add Sphinx as a dependency * Allow setting 'rel' and 'title' attributes for stylesheets * Changed code and literals to use a native font stack * Color accessibility improvements on the left navigation * Compress our Javascript files * Do not rely on readthedocs.org for CSS/JS * Fix line height adjustments for Liberation Mono * Fix line number spacing to align with the code lines * Fix many sidebar glitches * Fix many styling issues * Fix mkdocs version selector * Fix small styling issues * Fix some HTML warnings and errors * Fix table centering * Hide Edit links on auto created pages * Include missing font files with the theme * Updated dependencies * Write theme version and build date at top of JavaScript and CSS ----------------------------------------- Patch: SUSE-2022-4597 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 Description: This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------- Patch: SUSE-2022-4601 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 Description: This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------- Patch: SUSE-2022-4628 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Severity: moderate References: 1206337,CVE-2022-46908 Description: This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------- Patch: SUSE-2022-4629 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Severity: important References: 1200723,1205000,CVE-2022-4415 Description: This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------- Patch: SUSE-2023-25 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Severity: moderate References: 1177460 Description: This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------- Patch: SUSE-2023-37 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Severity: important References: 1206212,1206622 Description: This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------- Patch: SUSE-2023-45 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Severity: moderate References: 1204585 Description: This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------- Patch: SUSE-2023-48 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Severity: moderate References: 1199467 Description: This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------- Patch: SUSE-2023-50 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Severity: moderate References: 1205502 Description: This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------- Patch: SUSE-2023-56 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Severity: moderate References: 1206579,CVE-2022-47629 Description: This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------- Patch: SUSE-2023-177 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Severity: moderate References: 1194038,1205646 Description: This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------- Patch: SUSE-2023-178 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1207182 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------- Patch: SUSE-2023-181 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Severity: low References: 1206412 Description: This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------- Patch: SUSE-2023-188 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Severity: important References: 1203652 Description: This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------- Patch: SUSE-2023-201 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 Description: This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------- Patch: SUSE-2023-311 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------- Patch: SUSE-2023-429 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 Description: This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------- Patch: SUSE-2023-464 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Severity: moderate References: Description: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------- Patch: SUSE-2023-549 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Severity: moderate References: 1205244,1208443,CVE-2022-45061 Description: This update for python3 fixes the following issues: - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244). Bugfixes: - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443). ----------------------------------------- Patch: SUSE-2023-563 Released: Tue Feb 28 10:51:46 2023 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1207994 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994] ----------------------------------------- Patch: SUSE-2023-617 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Severity: moderate References: 1207789 Description: This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------- Patch: SUSE-2023-776 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Severity: moderate References: Description: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------- Patch: SUSE-2023-782 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Severity: moderate References: 1208924,1208925,1208926 Description: This update for libgcrypt fixes the following issues: - FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925] - FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924] - FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926] ----------------------------------------- Patch: SUSE-2023-783 Released: Thu Mar 16 19:09:03 2023 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1208998 Description: This update for openssl-1_1 fixes the following issues: FIPS: Service-level indicator changes [bsc#1208998] * Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. ----------------------------------------- Patch: SUSE-2023-788 Released: Thu Mar 16 19:37:59 2023 Summary: Recommended update for libsolv, libzypp, zypper Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------- Patch: SUSE-2023-868 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Severity: important References: 1203355,1208471,CVE-2023-24329 Description: This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------- Patch: SUSE-2023-1582 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 Description: This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------- Patch: SUSE-2023-1662 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Severity: moderate References: 1203537 Description: This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------- Patch: SUSE-2023-1688 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Severity: moderate References: 1209533,CVE-2022-4899 Description: This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------- Patch: SUSE-2023-1718 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------- Patch: SUSE-2023-1745 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Severity: moderate References: 1209624,CVE-2023-0464 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------- Patch: SUSE-2023-1779 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Severity: moderate References: 1208432 Description: This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------- Patch: SUSE-2023-1805 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Severity: important References: Description: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------- Patch: SUSE-2023-1911 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------- Patch: SUSE-2023-1916 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Severity: low References: 1208529 Description: This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ----------------------------------------- Patch: SUSE-2023-2053 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 Description: This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------- Patch: SUSE-2023-2060 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 Description: This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------- Patch: SUSE-2023-2066 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Severity: moderate References: 1210507,CVE-2023-29383 Description: This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------- Patch: SUSE-2023-2104 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Severity: moderate References: 1209122 Description: This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------- Patch: SUSE-2023-2111 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Severity: moderate References: 1210434,CVE-2023-29491 Description: This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------- Patch: SUSE-2023-2133 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Severity: moderate References: 1206513 Description: This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------- Patch: SUSE-2023-2224 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 Description: This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------- Patch: SUSE-2023-2240 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Severity: moderate References: 1203141,1207410 Description: This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------- Patch: SUSE-2023-2245 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 Description: This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------- Patch: SUSE-2023-2317 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Severity: moderate References: 1210164 Description: This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------- Patch: SUSE-2023-2333 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Severity: moderate References: 1210593 Description: This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------- Patch: SUSE-2023-2341 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Severity: moderate References: 1209094,1209140 Description: This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) ----------------------------------------- Patch: SUSE-2023-2342 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Severity: important References: 1211430,CVE-2023-2650 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------- Patch: SUSE-2023-2484 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Severity: moderate References: 1211795,CVE-2023-2953 Description: This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------- Patch: SUSE-2023-2495 Released: Tue Jun 13 15:05:27 2023 Summary: Recommended update for libzypp Severity: important References: 1211661,1212187 Description: This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ----------------------------------------- Patch: SUSE-2023-2517 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Severity: moderate References: 1203750,1211158,CVE-2007-4559 Description: This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------- Patch: SUSE-2023-2550 Released: Mon Jun 19 17:51:21 2023 Summary: Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings Severity: moderate References: 1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189 Description: This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) ----------------------------------------- Patch: SUSE-2023-2585 Released: Wed Jun 21 14:14:45 2023 Summary: Security update for salt and python-pyzmq Severity: moderate References: 1186945,1207071,1209233,1211612,1211754,1212516,1212517 Description: This update for salt and python-pyzmq fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-pyzmq: - Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945) ----------------------------------------- Patch: SUSE-2023-2625 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Severity: moderate References: Description: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------- Patch: SUSE-2023-2648 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Severity: moderate References: 1201627,1207534,CVE-2022-4304 Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). ----------------------------------------- Patch: SUSE-2023-2742 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 Description: This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------- Patch: SUSE-2023-2765 Released: Mon Jul 3 20:28:14 2023 Summary: Security update for libcap Severity: moderate References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603 Description: This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------- Patch: SUSE-2023-2772 Released: Tue Jul 4 09:54:23 2023 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1211261,1212187,1212222 Description: This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) ----------------------------------------- Patch: SUSE-2023-2800 Released: Mon Jul 10 07:35:22 2023 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1212623 Description: This update for openssl-1_1 fixes the following issues: - Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623] ----------------------------------------- Patch: SUSE-2023-2827 Released: Fri Jul 14 11:27:47 2023 Summary: Recommended update for libxml2 Severity: moderate References: Description: This update for libxml2 fixes the following issues: - Build also for modern python version (jsc#PED-68) ----------------------------------------- Patch: SUSE-2023-2847 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Severity: moderate References: 1210004 Description: This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------- Patch: SUSE-2023-2855 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Severity: moderate References: 1212260 Description: This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------- Patch: SUSE-2023-2882 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Severity: important References: 1210999,CVE-2023-31484 Description: This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------- Patch: SUSE-2023-2885 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Severity: moderate References: 1208721,1209229,1211828 Description: This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------- Patch: SUSE-2023-2891 Released: Wed Jul 19 21:14:33 2023 Summary: Security update for curl Severity: moderate References: 1213237,CVE-2023-32001 Description: This update for curl fixes the following issues: - CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237). ----------------------------------------- Patch: SUSE-2023-2918 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Severity: moderate References: 1089497 Description: This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------- Patch: SUSE-2023-2962 Released: Tue Jul 25 09:34:53 2023 Summary: Security update for openssl-1_1 Severity: moderate References: 1213487,CVE-2023-3446 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).