----------------------------------------- Version 1.0.0-Build6.2 2024-07-30T09:00:23 ----------------------------------------- Patch: 7 Released: Mon Jul 15 13:04:11 2024 Summary: Security update for less Severity: important References: 1222849,CVE-2024-32487 Description: This update for less fixes the following issues: - CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ----------------------------------------- Version 1.0.0-Build6.2 2024-08-28T09:00:24 ----------------------------------------- Patch: 9 Released: Fri Aug 9 10:33:34 2024 Summary: Recommended update for bash, libcap-ng, libselinux, libselinux-bindings, libsemanage, zypper Severity: low References: Description: This update fixes the following issues: - No change rebuild due to dependency changes. ----------------------------------------- Version 1.0.0-Build6.2 2024-09-05T09:00:24 ----------------------------------------- Patch: 30 Released: Wed Sep 4 16:07:40 2024 Summary: Security update for curl Severity: moderate References: 1221665,1221666,1221667,1221668,1227888,1228535,CVE-2024-2004,CVE-2024-2379,CVE-2024-2398,CVE-2024-2466,CVE-2024-6197,CVE-2024-7264 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2024-7264: ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Freeing stack buffer in utf8asn1str (bsc#1227888) - CVE-2024-2379: QUIC certificate check bypass with wolfSSL (bsc#1221666) - CVE-2024-2466: TLS certificate check bypass with mbedTLS (bsc#1221668) - CVE-2024-2004: Usage of disabled protocol (bsc#1221665) - CVE-2024-2398: HTTP/2 push headers memory-leak (bsc#1221667) Non-security issue fixed: - Fixed various TLS related issues including FTP over SSL transmission timeouts. ----------------------------------------- Version 1.0.0-Build6.2 2024-09-12T09:00:24 ----------------------------------------- Patch: 44 Released: Wed Sep 11 13:33:01 2024 Summary: Security update for expat Severity: important References: 1221289,1229930,1229931,1229932,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 Description: This update for expat fixes the following issues: - CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932) - CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931) - CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930) - CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289)