SUSE Image Update Advisory: sles-15-sp2-chost-byos-v20200804 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2020:83-1 Image Tags : sles-15-sp2-chost-byos-v20200804:20200804 Image Release : Severity : important Type : security References : 1027519 1096405 1096406 1096407 1096408 1100077 1101023 1115750 1118118 1120862 1127544 1130528 1132087 1136031 1136132 1141320 1146358 1146359 1149164 1156913 1159086 1161573 1162680 1164260 1165828 1168422 1168669 1168994 1169095 1169444 1169521 1169850 1169851 1169947 1169997 1170801 1171437 1171652 1172040 1172205 1172307 1172383 1172384 1172386 1172396 1172477 1172495 1172566 1172698 1172704 1172710 1172807 1172807 1172816 1172925 1173032 1173106 1173159 1173160 1173161 1173274 1173336 1173359 1173376 1173377 1173378 1173380 1173560 1173582 1173812 1174011 1174120 1174304 1174306 1174463 1174570 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 CVE-2018-4700 CVE-2019-8675 CVE-2019-8696 CVE-2020-0543 CVE-2020-10700 CVE-2020-10704 CVE-2020-10713 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-10761 CVE-2020-12402 CVE-2020-13361 CVE-2020-13362 CVE-2020-13659 CVE-2020-13800 CVE-2020-14303 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-14422 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 CVE-2020-15706 CVE-2020-15707 CVE-2020-3898 CVE-2020-8023 ----------------------------------------------------------------- The container sles-15-sp2-chost-byos-v20200804 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1476-1 Released: Thu Aug 2 14:20:03 2018 Summary: Security update for cups Type: security Severity: moderate References: 1096405,1096406,1096407,1096408,CVE-2018-4180,CVE-2018-4181,CVE-2018-4182,CVE-2018-4183 This update for cups fixes the following issues: The following security vulnerabilities were fixed: - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2882-1 Released: Mon Dec 10 08:07:44 2018 Summary: Security update for cups Type: security Severity: important References: 1115750,CVE-2018-4700 This update for cups fixes the following issues: Security issue fixed: - CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:608-1 Released: Wed Mar 13 15:21:02 2019 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1118118 This update for cups fixes the following issues: - Fixed validation of UTF-8 filenames to avoid crashes (bsc#1118118) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2357-1 Released: Wed Sep 11 13:26:14 2019 Summary: Recommended update for lmdb Type: recommended Severity: moderate References: 1136132 This update for lmdb fixes the following issues: - Fix occasional crash when freed pages landed on the dirty list twice (bsc#1136132). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3030-1 Released: Thu Nov 21 19:11:25 2019 Summary: Security update for cups Type: security Severity: important References: 1146358,1146359,CVE-2019-8675,CVE-2019-8696 This update for cups fixes the following issues: - CVE-2019-8675: Fixed a stack buffer overflow in libcups's asn1_get_type function(bsc#1146358). - CVE-2019-8696: Fixed a stack buffer overflow in libcups's asn1_get_packed function (bsc#1146359). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:365-1 Released: Fri Feb 7 13:48:54 2020 Summary: Recommended update for lmdb Type: recommended Severity: moderate References: 1159086 This update for lmdb fixes the following issues: - Fix assert in LMBD during 'mdb_page_search_root'. (bsc#1159086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:517-1 Released: Thu Feb 27 14:39:01 2020 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1130528,1132087,1136031,1149164 This update for cifs-utils fixes the following issues: Update cifs-utils 6.9; (bsc#1132087); (bsc#1136031). * follow SMB default version changes in the kernel. * adds fixes for Azure * new smbinfo utility - Fix double-free in mount.cifs; (bsc#1149164). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1083-1 Released: Thu Apr 23 11:31:23 2020 Summary: Security update for cups Type: security Severity: important References: 1168422,CVE-2020-3898 This update for cups fixes the following issues: - CVE-2020-3898: Fixed a heap buffer overflow in ppdFindOption() (bsc#1168422). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1795-1 Released: Mon Jun 29 11:22:45 2020 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1172566 This update for lvm2 fixes the following issues: - Fix potential data loss problem with LVM cache (bsc#1172566) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1821-1 Released: Thu Jul 2 08:39:34 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1172807,1172816 This update for dracut fixes the following issues: - 35network-legacy: Fix dual stack setups. (bsc#1172807) - 95iscsi: fix missing space when compiling cmdline args. (bsc#1172816) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1822-1 Released: Thu Jul 2 11:30:42 2020 Summary: Security update for python3 Type: security Severity: important References: 1173274,CVE-2020-14422 This update for python3 fixes the following issues: - CVE-2020-14422: Fixed an improper computation of hash values in the IPv4Interface and IPv6Interface could have led to denial of service (bsc#1173274). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1850-1 Released: Mon Jul 6 14:44:39 2020 Summary: Security update for mozilla-nss Type: security Severity: moderate References: 1168669,1173032,CVE-2020-12402 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation (bsc#1173032) - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony (bsc#1168669). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1852-1 Released: Mon Jul 6 16:50:21 2020 Summary: Recommended update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts Type: recommended Severity: moderate References: 1169444 This update for fontforge, ghostscript-fonts, ttf-converter, xorg-x11-fonts fixes the following issues: Changes in fontforge: - Support transforming bitmap glyphs from python. (bsc#1169444) - Allow python-Sphinx >= 3 Changes in ttf-converter: - Update from version 1.0 to version 1.0.6: * ftdump is now shipped additionally as new dependency for ttf-converter * Standardize output when converting vector and bitmap fonts * Add more subfamilies fixes (bsc#1169444) * Add --family and --subfamily arguments to force values on those fields * Add parameters to fix glyph unicode values --fix-glyph-unicode : Try to fix unicode points and glyph names based on glyph names containing hexadecimal codes (like '$0C00', 'char12345' or 'uni004F') --replace-unicode-values: When passed 2 comma separated numbers a,b the glyph with an unicode value of a is replaced with the unicode value b. Can be used more than once. --shift-unicode-values: When passed 3 comma separated numbers a,b,c this shifts the unicode values of glyphs between a and b (both included) by adding c. Can be used more than once. * Add --bitmapTransform parameter to transform bitmap glyphs. (bsc#1169444) When used, all glyphs are modified with the transformation function and values passed as parameters. The parameter has three values separated by commas: fliph|flipv|rotate90cw|rotate90ccw|rotate180|skew|transmove,xoff,yoff * Add support to convert bitmap fonts (bsc#1169444) * Rename MediumItalic subfamily to Medium Italic * Show some more information when removing duplicated glyphs * Add a --force-monospaced argument instead of hardcoding font names * Convert `BoldCond` subfamily to `Bold Condensed` * Fixes for Monospaced fonts and force the Nimbus Mono L font to be Monospaced. (bsc#1169444 #c41) * Add a --version argument * Fix subfamily names so the converted font's subfamily match the original ones. (bsc#1169444 #c41) Changes in xorg-x11-fonts: - Use ttf-converter 1.0.6 to build an Italic version of cu12.pcf.gz in the converted subpackage - Include the subfamily in the filename of converted fonts - Use ttf-converter's new bitmap font support to convert Schumacher Clean and Schumacher Clean Wide (bsc#1169444 #c41) - Replace some unicode values in cu-pua12.pcf.gz to fix them - Shift some unicode values in arabic24.pcf.gz and cuarabic12.pcf.gz so glyphs don't pretend to be latin characters when they're not. - Don't distribute converted fonts with wrong unicode values in their glyphs. (bsc#1169444) Bitstream-Charter-*.otb, Cursor.ttf,Sun-OPEN-LOOK-*.otb, MUTT-ClearlyU-Devangari-Extra-Regular, MUTT-ClearlyU-Ligature-Wide-Regular, and MUTT-ClearlyU-Devanagari-Regular Changes in ghostscript-fonts: - Force the converted Nimbus Mono font to be monospaced. (bsc#1169444 #c41) Use the --force-monospaced argument of ttf-converter 1.0.3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1902-1 Released: Tue Jul 14 15:19:43 2020 Summary: Security update for xen Type: security Severity: important References: 1027519,1172205,1173376,1173377,1173378,1173380,CVE-2020-0543,CVE-2020-15563,CVE-2020-15565,CVE-2020-15566,CVE-2020-15567 This update for xen fixes the following issues: - CVE-2020-15563: Fixed inverted code paths in x86 dirty VRAM tracking (bsc#1173377). - CVE-2020-15565: Fixed insufficient cache write-back under VT-d (bsc#1173378). - CVE-2020-15566: Fixed incorrect error handling in event channel port allocation (bsc#1173376). - CVE-2020-15567: Fixed non-atomic modification of live EPT PTE (bsc#1173380). - CVE-2020-0543: Special Register Buffer Data Sampling (SRBDS) aka 'CrossTalk' (bsc#1172205). Additional upstream bug fixes (bsc#1027519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1938-1 Released: Thu Jul 16 14:43:32 2020 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1169947,1170801,1172925,1173106 This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to: - Enable zstd compression support for sle15 zypper was updated to version 1.14.37: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) libzypp was updated to 17.24.0 - Fix core dump with corrupted history file (bsc#1170801) - Enable zchunk metadata download if libsolv supports it. - Better handling of the purge-kernels algorithm. (bsc#1173106) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1948-1 Released: Fri Jul 17 14:48:02 2020 Summary: Security update for ldb, samba Type: security Severity: important References: 1141320,1162680,1169095,1169521,1169850,1169851,1171437,1172307,1173159,1173160,1173161,1173359,1174120,CVE-2020-10700,CVE-2020-10704,CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); - Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521); Changes in ldb: - Update to version 2.0.12 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + lib/ldb: add unit test for ldb_ldap internal code. - Update to version 2.0.11 + lib ldb: lmdb init var before calling mdb_reader_check. + lib ldb: lmdb clear stale readers on write txn start; (bso#14330). + ldb tests: Confirm lmdb free list handling ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1950-1 Released: Fri Jul 17 17:16:21 2020 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1161573,1165828,1169997,1172807,1173560 This update for dracut fixes the following issues: - Update to version 049.1+suse.152.g8506e86f: * 01fips: modprobe failures during manual module loading is not fatal. (bsc#bsc#1169997) * 91zipl: parse-zipl.sh: honor SYSTEMD_READY. (bsc#1165828) * 95iscsi: fix ipv6 target discovery. (bsc#1172807) * 35network-legacy: correct conditional for creating did-setup file. (bsc#1172807) - Update to version 049.1+suse.148.gc4a6c2dd: * 95fcoe: load 'libfcoe' module as a fallback. (bsc#1173560) * 99base: enable the initqueue in both 'dracut --add-device' and 'dracut --mount' cases. (bsc#1161573) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1952-1 Released: Fri Jul 17 17:35:24 2020 Summary: Recommended update for zypper-migration-plugin Type: recommended Severity: moderate References: 1171652 This update for zypper-migration-plugin fixes the following issue: - Update from version 0.12.1580220831.7102be8 to version 0.12.1590748670.86b0749 * Make sure that all the release packages are installed. (bsc#1171652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1953-1 Released: Sat Jul 18 03:06:11 2020 Summary: Recommended update for parted Type: recommended Severity: important References: 1164260 This update for parted fixes the following issue: - fix support of NVDIMM (pmemXs) devices (bsc#1164260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1954-1 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1172396 This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1987-1 Released: Tue Jul 21 17:02:15 2020 Summary: Recommended update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings Type: recommended Severity: important References: 1172477,1173336,1174011 This update for libsolv, libzypp, yast2-packager, yast2-pkg-bindings fixes the following issues: libsolv: - No source changes, just shipping it as an installer update (required by yast2-pkg-bindings). libzypp: - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) yast2-packager: - Handle variable expansion in repository name. (bsc#1172477) - Improve medium type detection, do not report Online medium when the /media.1/products file is missing in the repository, SMT does not mirror this file. (bsc#1173336) yast2-pkg-bindings: - Extensions to handle raw repository name. (bsc#1172477) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2000-1 Released: Wed Jul 22 09:04:41 2020 Summary: Recommended update for efivar Type: recommended Severity: important References: 1100077,1101023,1120862,1127544 This update for efivar fixes the following issues: - fix logic that checks for UCS-2 string termination (bsc#1127544) - fix casting of IPv4 addresses - Don't require an EUI for NVMe (bsc#1100077) - Add support for ACPI Generic Container and Embedded Controller root nodes (bsc#1101023) - fix for compilation failures bsc#1120862 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2015-1 Released: Thu Jul 23 09:21:24 2020 Summary: Security update for qemu Type: security Severity: important References: 1172383,1172384,1172386,1172495,1172710,CVE-2020-10761,CVE-2020-13361,CVE-2020-13362,CVE-2020-13659,CVE-2020-13800 This update for qemu to version 4.2.1 fixes the following issues: - CVE-2020-10761: Fixed a denial of service in Network Block Device (nbd) support infrastructure (bsc#1172710). - CVE-2020-13800: Fixed a denial of service possibility in ati-vga emulation (bsc#1172495). - CVE-2020-13659: Fixed a null pointer dereference possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172386). - CVE-2020-13362: Fixed an OOB access possibility in MegaRAID SAS 8708EM2 emulation (bsc#1172383). - CVE-2020-13361: Fixed an OOB access possibility in ES1370 audio device emulation (bsc#1172384). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2018-1 Released: Thu Jul 23 09:35:42 2020 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1172040 This update for apparmor fixes the following issues: - Add 'UI_Showfile' so Yast shows the profile correctly. (bsc#1172040) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2074-1 Released: Wed Jul 29 18:59:46 2020 Summary: Security update for grub2 Type: security Severity: important References: 1168994,1173812,1174463,1174570,CVE-2020-10713,CVE-2020-14308,CVE-2020-14309,CVE-2020-14310,CVE-2020-14311,CVE-2020-15706,CVE-2020-15707 This update for grub2 fixes the following issues: - Fix for CVE-2020-10713 (bsc#1168994) - Fix for CVE-2020-14308 CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 (bsc#1173812) - Fix for CVE-2020-15706 (bsc#1174463) - Fix for CVE-2020-15707 (bsc#1174570) - Use overflow checking primitives where the arithmetic expression for buffer - Use grub_calloc for overflow check and return NULL when it would occur ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2082-1 Released: Thu Jul 30 09:49:35 2020 Summary: Recommended update for google-guest-agent, google-guest-configs, and google-guest-oslogin Type: recommended Severity: moderate References: 1174304,1174306 The python based packages google-compute-engine-init and google-compute-engine-oslogin were deprecated and are now replaced by the new Go based packages google-guest-agent, google-guest-configs, and google-guest-oslogin (jsc#ECO-2099) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) The following package changes have been done: - apparmor-parser-2.13.4-3.3.1 updated - cifs-utils-6.9-5.3.1 added - cracklib-dict-small-2.9.7-11.3.1 updated - cracklib-2.9.7-11.3.1 updated - cups-config-2.2.7-3.17.1 added - device-mapper-1.02.163-8.3.1 updated - diffutils-3.6-4.3.1 updated - dracut-049.1+suse.152.g8506e86f-3.8.1 updated - gamin-server-0.1.10-1.41 added - google-guest-agent-20200630.00-1.3.1 added - google-guest-configs-20200626.00-1.3.1 added - google-guest-oslogin-20200507.00-1.3.1 added - grub2-i386-pc-2.04-9.7.1 updated - grub2-x86_64-efi-2.04-9.7.1 updated - grub2-2.04-9.7.1 updated - libapparmor1-2.13.4-3.3.1 updated - libavahi-client3-0.7-1.21 added - libavahi-common3-0.7-1.21 added - libcrack2-2.9.7-11.3.1 updated - libcups2-2.2.7-3.17.1 added - libdcerpc-binding0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libdcerpc0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libdevmapper-event1_03-1.02.163-8.3.1 updated - libdevmapper1_03-1.02.163-8.3.1 updated - libefivar1-37-6.3.1 updated - libfam0-gamin-0.1.10-3.2.3 added - libfreebl3-3.53.1-3.45.1 updated - libfreetype6-2.10.1-4.5.1 updated - libjansson4-2.9-1.24 added - libldap-2_4-2-2.4.46-9.31.1 updated - libldap-data-2.4.46-9.31.1 updated - libldb2-2.0.12-3.3.1 added - liblmdb-0_9_17-0.9.17-4.6.2 added - libndr-krb5pac0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libndr-nbt0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libndr-standard0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libndr0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libnetapi0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libnscd1-2.0.2-3.21 added - libparted0-3.2-11.14.1 updated - libpython3_6m1_0-3.6.10-3.56.1 updated - libsamba-credentials0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libsamba-errors0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libsamba-hostconfig0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libsamba-passdb0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libsamba-util0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libsamdb0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libsmbconf0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libsmbldap2-4.11.11+git.180.2cf3b203f07-4.5.1 added - libsolv-tools-0.7.14-3.5.1 updated - libtalloc2-2.2.0-1.39 added - libtdb1-1.4.2-1.39 added - libtevent-util0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libtevent0-0.10.0-1.38 added - libwbclient0-4.11.11+git.180.2cf3b203f07-4.5.1 added - libzypp-17.24.1-3.11.1 updated - parted-3.2-11.14.1 updated - python3-base-3.6.10-3.56.1 updated - python3-talloc-2.2.0-1.39 added - python3-3.6.10-3.56.1 updated - qemu-tools-4.2.1-11.4.4 updated - rpm-ndb-4.14.1-20.3 added - samba-libs-python3-4.11.11+git.180.2cf3b203f07-4.5.1 added - samba-libs-4.11.11+git.180.2cf3b203f07-4.5.1 added - sles-release-15.2-49.1 updated - system-user-lp-20170617-4.155 added - xen-libs-4.13.1_04-3.4.1 updated - zypper-migration-plugin-0.12.1590748670.86b0749-6.7.1 updated - zypper-1.14.37-3.3.3 updated - google-compute-engine-init-20190801-4.35.1 removed - google-compute-engine-oslogin-20190801-4.35.1 removed - python3-distro-1.2.0-1.18 removed - rpm-4.14.1-20.3 removed