SUSE Container Update Advisory: trento/trento-runner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:613-1 Container Tags : trento/trento-runner:0.7.1 , trento/trento-runner:0.7.1-rev1.0.0 , trento/trento-runner:0.7.1-rev1.0.0-build2.2.1 , trento/trento-runner:latest Container Release : 2.2.1 Severity : critical Type : security References : 1002895 1007715 1009532 1011548 1013125 1029961 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1038194 1040589 1047218 1051143 1057452 1065270 1071321 1073299 1073313 1078466 1081947 1082318 1084812 1084842 1084934 1087550 1087982 1088279 1088524 1089640 1093392 1094222 1096191 1096974 1096984 1097073 1099521 1100369 1102046 1102310 1102408 1102408 1102564 1103320 1103320 1104531 1104700 1105166 1105435 1106014 1106390 1107066 1107067 1107105 1109160 1110304 1110700 1111019 1111388 1111973 1112310 1112723 1112726 1113554 1114407 1114592 1114845 1115550 1115640 1115929 1118364 1118367 1118368 1119687 1120402 1121610 1123043 1123685 1123919 1124223 1125007 1125410 1126117 1126118 1126119 1126377 1128220 1128246 1128383 1129576 1130325 1130326 1130557 1131060 1131686 1133297 1133808 1134193 1134217 1134524 1135123 1135254 1135709 1136717 1137624 1138666 1138715 1138746 1138793 1138869 1138939 1139083 1139083 1139937 1139939 1140016 1140647 1141059 1141897 1142649 1142654 1143194 1143273 1144047 1145716 1146705 1146866 1148517 1148987 1149145 1149429 1149995 1150137 1150451 1151023 1151023 1152101 1152590 1152692 1153943 1153946 1154036 1154037 1154295 1154661 1154871 1154884 1154887 1155199 1155271 1155327 1155337 1155338 1155339 1156205 1156913 1157051 1157278 1157794 1157818 1158095 1158095 1158812 1158921 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1159928 1160309 1160438 1160439 1160571 1160735 1160970 1160979 1161168 1161215 1161216 1161218 1161219 1161220 1161239 1161276 1161517 1161521 1164562 1164719 1164950 1164950 1165539 1166260 1166510 1166510 1166748 1166881 1167674 1167732 1167898 1168345 1168699 1169357 1169512 1169569 1169582 1169944 1170527 1170667 1170713 1170771 1170964 1171313 1171740 1171762 1171872 1171883 1172021 1172055 1172091 1172115 1172234 1172236 1172240 1172396 1172442 1172698 1172704 1172798 1172846 1172958 1173026 1173027 1173307 1173311 1173470 1173641 1173972 1173983 1174079 1174154 1174162 1174551 1174571 1174593 1174673 1174736 1174753 1174817 1175109 1175168 1175297 1175443 1175448 1175449 1175519 1175568 1175811 1175830 1175831 1175844 1176092 1176123 1176179 1176201 1176262 1176262 1176389 1176674 1177120 1177127 1177460 1177460 1177460 1177460 1177460 1177479 1177858 1177864 1178168 1178346 1178350 1178353 1178387 1178512 1178577 1178624 1178675 1178727 1178775 1178823 1178909 1179398 1179399 1179416 1179431 1179491 1179503 1179593 1179805 1180020 1180073 1180083 1180125 1180138 1180596 1180603 1180603 1181011 1181358 1181443 1181805 1181831 1182016 1182066 1182279 1182331 1182333 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182421 1182422 1182604 1182791 1182899 1182959 1183064 1183094 1183137 1183154 1183370 1183371 1183374 1183543 1183545 1183659 1183791 1183852 1183858 1183933 1183934 1184358 1184435 1184505 1184614 1184690 1185163 1185299 1185408 1185408 1185409 1185409 1185410 1185410 1185438 1185540 1185562 1185588 1185698 1185748 1185768 1185807 1185828 1185958 1186015 1186049 1186114 1186411 1186642 1186642 1186819 1187045 1187154 1187210 1187212 1187292 1187338 1187668 1187670 1188063 1188127 1188217 1188218 1188219 1188220 1188287 1188548 1188571 1189206 1189241 1189287 1189465 1189465 1189550 1189659 1190975 906079 915402 917818 918346 928700 928701 953659 960273 985657 CVE-2015-0247 CVE-2015-1572 CVE-2015-3414 CVE-2015-3415 CVE-2016-3189 CVE-2017-17740 CVE-2017-3136 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-1000654 CVE-2018-10360 CVE-2018-14404 CVE-2018-14567 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-17953 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2018-19211 CVE-2018-20346 CVE-2018-20843 CVE-2018-5741 CVE-2018-9251 CVE-2019-12290 CVE-2019-12900 CVE-2019-12900 CVE-2019-12904 CVE-2019-13057 CVE-2019-13565 CVE-2019-13627 CVE-2019-14250 CVE-2019-14866 CVE-2019-14889 CVE-2019-14889 CVE-2019-15847 CVE-2019-15903 CVE-2019-16168 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-18224 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19956 CVE-2019-19956 CVE-2019-19959 CVE-2019-20218 CVE-2019-20388 CVE-2019-20916 CVE-2019-20916 CVE-2019-3880 CVE-2019-5021 CVE-2019-5094 CVE-2019-5188 CVE-2019-6477 CVE-2019-6706 CVE-2019-7150 CVE-2019-7665 CVE-2019-8905 CVE-2019-8906 CVE-2019-8907 CVE-2019-9936 CVE-2019-9937 CVE-2020-11080 CVE-2020-11501 CVE-2020-12243 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-13844 CVE-2020-15358 CVE-2020-15719 CVE-2020-1730 CVE-2020-1971 CVE-2020-24370 CVE-2020-24371 CVE-2020-24977 CVE-2020-25659 CVE-2020-25692 CVE-2020-25709 CVE-2020-25710 CVE-2020-26137 CVE-2020-28196 CVE-2020-29651 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-36242 CVE-2020-7595 CVE-2020-8023 CVE-2020-8025 CVE-2020-8027 CVE-2020-8169 CVE-2020-8177 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8616 CVE-2020-8617 CVE-2020-8618 CVE-2020-8619 CVE-2020-8620 CVE-2020-8621 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-9327 CVE-2021-20266 CVE-2021-20271 CVE-2021-22876 CVE-2021-22890 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-28041 CVE-2021-33503 CVE-2021-33560 CVE-2021-33910 CVE-2021-3421 CVE-2021-3426 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-3572 CVE-2021-36222 CVE-2021-3733 CVE-2021-3737 CVE-2021-38185 CVE-2021-38185 CVE-2021-41617 CVE-2021-42771 SLE-5807 SLE-6533 SLE-6536 SLE-9132 ----------------------------------------------------------------- The container trento/trento-runner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:1353-1 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1999-1 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1071321 This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2055-1 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1089640 This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2182-1 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Type: security Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2370-1 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1102310,1104531 This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2569-1 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1110700 This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2607-1 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Type: recommended Severity: low References: 1084812,1084842,1087550,1094222,1102564 The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2825-1 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Type: security Severity: important References: 1115640,CVE-2018-17953 This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2861-1 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Type: security Severity: important References: 1103320,1115929,CVE-2018-19211 This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:44-1 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Type: recommended Severity: low References: 953659 This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:247-1 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Type: security Severity: moderate References: 1123043,CVE-2019-6706 This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:369-1 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Type: recommended Severity: moderate References: 1065270,1111019 This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:571-1 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Type: security Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:732-1 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1088524,1118364,1128246 This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:788-1 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1119687,CVE-2018-20346 This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1002-1 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1110304,1129576 This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1127-1 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1206-1 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Type: security Severity: low References: 985657,CVE-2016-3189 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1312-1 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1096191 This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1368-1 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Type: security Severity: important References: 1134524,CVE-2019-5021 This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1484-1 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1128383 This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1486-1 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1631-1 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Type: recommended Severity: low References: 1135709 This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1635-1 Released: Fri Jun 21 12:45:53 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1134217 This update for krb5 provides the following fix: - Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1700-1 Released: Tue Jun 25 13:19:21 2019 Summary: Security update for libssh Type: recommended Severity: moderate References: 1134193 This update for libssh fixes the following issue: Issue addressed: - Added support for new AES-GCM encryption types (bsc#1134193). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1808-1 Released: Wed Jul 10 13:16:29 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1133808 This update for libgcrypt fixes the following issues: - Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1835-1 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Type: security Severity: moderate References: 1139937,CVE-2018-20843 This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1846-1 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1971-1 Released: Thu Jul 25 14:58:52 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1138939,CVE-2019-12904 This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1994-1 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1135123 This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2004-1 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Type: security Severity: important References: 1139083,CVE-2019-12900 This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2097-1 Released: Fri Aug 9 09:31:17 2019 Summary: Recommended update for libgcrypt Type: recommended Severity: important References: 1097073 This update for libgcrypt fixes the following issues: - Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2134-1 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1136717,1137624,1141059,SLE-5807 This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2188-1 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1140647 This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2361-1 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1081947,1144047 This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2395-1 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Type: security Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2423-1 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1146866,SLE-9132 This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2429-1 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Type: security Severity: moderate References: 1149429,CVE-2019-15903 This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2533-1 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1150137,CVE-2019-16168 This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2676-1 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1145716,1152101,CVE-2019-5094 This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2870-1 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1051143,1138869,1151023 This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2997-1 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Type: security Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3059-1 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Type: security Severity: moderate References: 1155199,CVE-2019-14866 This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3061-1 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Type: security Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3087-1 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Type: security Severity: low References: 1123919 This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3118-1 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1154295 This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3166-1 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1007715,1084934,1157278 This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3240-1 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Type: recommended Severity: moderate References: 1154871 This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3267-1 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3392-1 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Type: security Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:129-1 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Type: security Severity: important References: 1158095,CVE-2019-14889 This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:256-1 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1157794,1160970 This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:265-1 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Type: security Severity: moderate References: 1160571,CVE-2019-5188 This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:339-1 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1158921 This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:451-1 Released: Tue Feb 25 10:50:35 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1155337,1161215,1161216,1161218,1161219,1161220 This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] - FIPS: keywrap gives incorrect results [bsc#1161218] - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:480-1 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1160735 This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:525-1 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1164562 This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:597-1 Released: Thu Mar 5 15:24:09 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1164950 This update for libgcrypt fixes the following issues: - FIPS: Run the self-tests from the constructor [bsc#1164950] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:633-1 Released: Tue Mar 10 16:23:08 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1139939,1151023 This update for aaa_base fixes the following issues: - get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939) - added '-h'/'--help' to the command old - change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:689-1 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:846-1 Released: Thu Apr 2 07:24:07 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1164950,1166748,1167674 This update for libgcrypt fixes the following issues: - FIPS: Remove an unneeded check in _gcry_global_constructor (bsc#1164950) - FIPS: Fix drbg to be threadsafe (bsc#1167674) - FIPS: Run self-tests from constructor during power-on [bsc#1166748] * Set up global_init as the constructor function: * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:917-1 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:948-1 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Type: security Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:961-1 Released: Wed Apr 8 13:34:06 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1160979 This update for e2fsprogs fixes the following issues: - e2fsck: clarify overflow link count error message (bsc#1160979) - ext2fs: update allocation info earlier in ext2fs_mkdir() (bsc#1160979) - ext2fs: implement dir entry creation in htree directories (bsc#1160979) - tests: add test to excercise indexed directories with metadata_csum (bsc#1160979) - tune2fs: update dir checksums when clearing dir_index feature (bsc#1160979) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:967-1 Released: Thu Apr 9 11:41:53 2020 Summary: Security update for libssh Type: security Severity: moderate References: 1168699,CVE-2020-1730 This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1037-1 Released: Mon Apr 20 10:49:39 2020 Summary: Recommended update for python-pytest Type: recommended Severity: low References: 1002895,1107105,1138666,1167732 This update fixes the following issues: New python-pytest versions are provided. In Basesystem: - python3-pexpect: updated to 4.8.0 - python3-py: updated to 1.8.1 - python3-zipp: shipped as dependency in version 0.6.0 In Python2: - python2-pexpect: updated to 4.8.0 - python2-py: updated to 1.8.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1063-1 Released: Wed Apr 22 10:46:50 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1165539,1169569 This update for libgcrypt fixes the following issues: This update for libgcrypt fixes the following issues: - FIPS: Switch the PCT to use the new signature operation (bsc#1165539) - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC (bsc#1165539) - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1214-1 Released: Thu May 7 11:20:34 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1169944 This update for libgcrypt fixes the following issues: - FIPS: libgcrypt: Fixed a double free in test_keys() on failed signature verification (bsc#1169944) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1219-1 Released: Thu May 7 17:10:42 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1170771,CVE-2020-12243 This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1226-1 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Type: recommended Severity: moderate References: 1149995,1152590,1167898 This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1294-1 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Type: security Severity: moderate References: 1154661,1169512,CVE-2019-18218 This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1299-1 Released: Mon May 18 07:43:21 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1328-1 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1155271 This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1361-1 Released: Thu May 21 09:31:18 2020 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1171872 This update for libgcrypt fixes the following issues: - FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1404-1 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1138793,1166260 This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1506-1 Released: Fri May 29 17:22:11 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1087982,1170527 This update for aaa_base fixes the following issues: - Not all XTerm based emulators do have a terminfo entry. (bsc#1087982) - Better support of Midnight Commander. (bsc#1170527) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1532-1 Released: Thu Jun 4 10:16:12 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1172021,CVE-2019-19956 This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1733-1 Released: Wed Jun 24 09:43:36 2020 Summary: Security update for curl Type: security Severity: important References: 1173026,1173027,CVE-2020-8169,CVE-2020-8177 This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). - CVE-2020-8169: Fixed an issue where could have led to partial password leak over DNS on HTTP redirect (bsc#1173026). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1759-1 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1169357 This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1396-1 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Type: security Severity: moderate References: 1082318,1133297 This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1856-1 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1172698,1172704,CVE-2020-8023 This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1954-1 Released: Sat Jul 18 03:07:15 2020 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1172396 This update for cracklib fixes the following issues: - Fixed a buffer overflow when processing long words. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2384-1 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Type: recommended Severity: low References: 1170964 This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2420-1 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1174551,1174736 This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2445-1 Released: Wed Sep 2 09:33:02 2020 Summary: Security update for curl Type: security Severity: moderate References: 1175109,CVE-2020-8231 This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2549-1 Released: Fri Sep 4 18:25:50 2020 Summary: Recommended update for OpenStack clients Type: recommended Severity: moderate References: 1121610,1174571,917818 Updated OpenStack clients to the latest OpenStack release named Ussuri. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2581-1 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1174154,CVE-2020-15719 This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2612-1 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Type: security Severity: moderate References: 1176179,CVE-2020-24977 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2651-1 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1175811,1175830,1175831 This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2704-1 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1174079 This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2712-1 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Type: security Severity: moderate References: 1175568,CVE-2020-8027 This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2852-1 Released: Fri Oct 2 16:55:39 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1173470,1175844 This update for openssl-1_1 fixes the following issues: FIPS: * Include ECDH/DH Requirements from SP800-56Arev3 (bsc#1175844, bsc#1173470). * Add shared secret KAT to FIPS DH selftest (bsc#1175844). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2869-1 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2893-1 Released: Mon Oct 12 14:14:55 2020 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1177479 This update for openssl-1_1 fixes the following issues: - Restore private key check in EC_KEY_check_key (bsc#1177479) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2914-1 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Type: security Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:2947-1 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Type: security Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2983-1 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Type: recommended Severity: moderate References: 1176123 This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important References: 1178387,CVE-2020-25692 This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate References: 1178512,CVE-2020-28196 This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3566-1 Released: Mon Nov 30 16:56:52 2020 Summary: Security update for python-setuptools Type: security Severity: important References: 1176262,CVE-2019-20916 This update for python-setuptools fixes the following issues: - Fixed a directory traversal in _download_http_url() (bsc#1176262 CVE-2019-20916) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3592-1 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1178168,CVE-2020-25659 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3703-1 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1179431 This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3737-1 Released: Wed Dec 9 18:21:04 2020 Summary: Security update for python-pip, python-scripttest Type: security Severity: moderate References: 1175297,1176262,CVE-2019-20916 This update for python-pip, python-scripttest fixes the following issues: - Update in SLE-15 (bsc#1175297, jsc#ECO-3035, jsc#PM-2318) python-pip was updated to 20.0.2: * Fix a regression in generation of compatibility tags * Rename an internal module, to avoid ImportErrors due to improper uninstallation * Switch to a dedicated CLI tool for vendoring dependencies. * Remove wheel tag calculation from pip and use packaging.tags. This should provide more tags ordered better than in prior releases. * Deprecate setup.py-based builds that do not generate an .egg-info directory. * The pip>=20 wheel cache is not retro-compatible with previous versions. Until pip 21.0, pip will continue to take advantage of existing legacy cache entries. * Deprecate undocumented --skip-requirements-regex option. * Deprecate passing install-location-related options via --install-option. * Use literal 'abi3' for wheel tag on CPython 3.x, to align with PEP 384 which only defines it for this platform. * Remove interpreter-specific major version tag e.g. cp3-none-any from consideration. This behavior was not documented strictly, and this tag in particular is not useful. Anyone with a use case can create an issue with pypa/packaging. * Wheel processing no longer permits wheels containing more than one top-level .dist-info directory. * Support for the git+git@ form of VCS requirement is being deprecated and will be removed in pip 21.0. Switch to git+https:// or git+ssh://. git+git:// also works but its use is discouraged as it is insecure. * Default to doing a user install (as if --user was passed) when the main site-packages directory is not writeable and user site-packages are enabled. * Warn if a path in PATH starts with tilde during pip install. * Cache wheels built from Git requirements that are considered immutable, because they point to a commit hash. * Add option --no-python-version-warning to silence warnings related to deprecation of Python versions. * Cache wheels that pip wheel built locally, matching what pip install does. This particularly helps performance in workflows where pip wheel is used for building before installing. Users desiring the original behavior can use pip wheel --no-cache-dir * Display CA information in pip debug. * Show only the filename (instead of full URL), when downloading from PyPI. * Suggest a more robust command to upgrade pip itself to avoid confusion when the current pip command is not available as pip. * Define all old pip console script entrypoints to prevent import issues in stale wrapper scripts. * The build step of pip wheel now builds all wheels to a cache first, then copies them to the wheel directory all at once. Before, it built them to a temporary directory and moved them to the wheel directory one by one. * Expand ~ prefix to user directory in path options, configs, and environment variables. Values that may be either URL or path are not currently supported, to avoid ambiguity: --find-links --constraint, -c --requirement, -r --editable, -e * Correctly handle system site-packages, in virtual environments created with venv (PEP 405). * Fix case sensitive comparison of pip freeze when used with -r option. * Enforce PEP 508 requirement format in pyproject.toml build-system.requires. * Make ensure_dir() also ignore ENOTEMPTY as seen on Windows. * Fix building packages which specify backend-path in pyproject.toml. * Do not attempt to run setup.py clean after a pep517 build error, since a setup.py may not exist in that case. * Fix passwords being visible in the index-url in 'Downloading ' message. * Change method from shutil.remove to shutil.rmtree in noxfile.py. * Skip running tests which require subversion, when svn isn't installed * Fix not sending client certificates when using --trusted-host. * Make sure pip wheel never outputs pure python wheels with a python implementation tag. Better fix/workaround for #3025 by using a per-implementation wheel cache instead of caching pure python wheels with an implementation tag in their name. * Include subdirectory URL fragments in cache keys. * Fix typo in warning message when any of --build-option, --global-option and --install-option is used in requirements.txt * Fix the logging of cached HTTP response shown as downloading. * Effectively disable the wheel cache when it is not writable, as is the case with the http cache. * Correctly handle relative cache directory provided via --cache-dir. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:594-1 Released: Thu Feb 25 09:29:35 2021 Summary: Security update for python-cryptography Type: security Severity: important References: 1182066,CVE-2020-36242 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1526-1 Released: Thu May 6 08:57:30 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:33 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1825-1 Released: Tue Jun 1 16:24:01 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1859-1 Released: Fri Jun 4 09:02:38 2021 Summary: Security update for python-py Type: security Severity: moderate References: 1179805,1184505,CVE-2020-29651 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1972-1 Released: Tue Jun 15 09:04:10 2021 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add SLE_BCI repository (jsc#SLE-18095) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2012-1 Released: Fri Jun 18 09:15:13 2021 Summary: Security update for python-urllib3 Type: security Severity: important References: 1187045,CVE-2021-33503 This update for python-urllib3 fixes the following issues: - CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2096-1 Released: Mon Jun 21 13:35:38 2021 Summary: Recommended update for python-six Type: recommended Severity: moderate References: 1186642 This update for python-six fixes the following issue: - python-six had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2146-1 Released: Wed Jun 23 17:55:14 2021 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1115550,1174162 This update for openssh fixes the following issues: - Fixed a race condition leading to a sshd termination of multichannel sessions with non-root users (bsc#1115550, bsc#1174162). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2316-1 Released: Wed Jul 14 13:49:55 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1185807,1185828,1185958,1186411,1187154,1187292 This update for systemd fixes the following issues: - Restore framebuffer devices as possible master of seat. Until simpledrm driver is released, this change is prematured as some graphical chips don't have DRM driver and fallback to framebuffer. (bsc#1187154) - Fixed an issue when '/var/lock/subsys' dropped when the creation of 'filesystem' package took the initialization of the generic paths over. (bsc#1187292) - 'udev' requires systemd in its %post (bsc#1185958) nspawn: turn on higher optimization level in seccomp nspawn: return ENOSYS by default, EPERM for 'known' calls (bsc#1186411) shared/seccomp-util: added functionality to make list of filtred syscalls hared/syscall-list: filter out some obviously platform-specific syscalls shared/seccomp: reduce scope of indexing variables generate-syscall-list: require python3 shared: add @known syscall list meson: add syscall-names-update target shared/seccomp: use _cleanup_ in one more place home: fix homed.conf install location - We need to make sure that the creation of the symlinks is done after updating udev DB so if worker A is preempted by worker B before A updates the DB but after it creates the symlinks, worker B won't manage to overwrite the freshly created symlinks (by A) because A has still yet not registered the symlinks in the DB. (bsc#1185828) - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2410-1 Released: Tue Jul 20 14:41:26 2021 Summary: Security update for systemd Type: security Severity: important References: 1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service (stack exhaustion) in systemd (PID 1) (bsc#1188063) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2558-1 Released: Thu Jul 29 12:05:03 2021 Summary: Recommended update for python-pytz Type: recommended Severity: moderate References: 1185748 This update for python-pytz fixes the following issues: - Add %pyunittest shim for platforms where it is missing. - Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748) - Bump tzdata_version - update to 2021.1: * update to IANA 2021a timezone release ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2606-1 Released: Wed Aug 4 13:16:09 2021 Summary: Recommended update for libcbor Type: recommended Severity: moderate References: 1102408 This update for libcbor fixes the following issues: - Implement a fix to avoid building shared library twice. (bsc#1102408) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2786-1 Released: Fri Aug 20 02:02:23 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1057452,1188287 This update for bash fixes the following issues: - Allow process group assignment even for modern kernels (bsc#1057452, bsc#1188287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2817-1 Released: Mon Aug 23 15:05:36 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Type: security Severity: moderate References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2997-1 Released: Thu Sep 9 14:37:34 2021 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1187338,1189659 This update for python3 fixes the following issues: - Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3013-1 Released: Thu Sep 9 16:55:40 2021 Summary: Recommended update for patterns-base, patterns-server-enterprise, sles15-image Type: recommended Severity: moderate References: 1183154,1189550 This update for patterns-base, patterns-server-enterprise, sles15-image fixes the following issues: - Add pattern to install necessary packages for FIPS (bsc#1183154) - Add patterns-base-fips to work also in FIPS environments (bsc#1183154) - Use the same icon in the fips pattern as the previous pattern had (bsc#1189550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3945-1 Released: Mon Dec 6 14:56:55 2021 Summary: Security update for python-Babel Type: security Severity: important References: 1185768,CVE-2021-42771 This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3950-1 Released: Mon Dec 6 14:59:37 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4001-1 Released: Mon Dec 13 10:29:44 2021 Summary: Security update for python-pip Type: security Severity: moderate References: 1186819,CVE-2021-3572 This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). The following package changes have been done: - file-magic-5.32-7.11.2 added - libldap-data-2.4.46-9.56.1 added - system-user-root-20190513-3.3.1 added - filesystem-15.0-11.3.2 added - libtirpc-netconfig-1.2.6-1.131 added - glibc-2.31-7.30 added - libuuid1-2.36.2-2.29 added - libunistring2-0.9.10-1.1 added - libsmartcols1-2.36.2-2.29 added - libsasl2-3-2.1.27-2.2 added - libcrypt1-4.4.15-2.51 added - libblkid1-2.36.2-2.29 added - libaudit1-2.8.5-3.43 added - perl-base-5.26.1-15.87 added - libfdisk1-2.36.2-2.29 added - libsepol1-3.0-1.31 added - cracklib-dict-small-2.9.7-11.3.1 added - libopenssl1_1-1.1.1d-11.23.1 added - libnghttp2-14-1.40.0-6.1 added - libopenssl1_1-hmac-1.1.1d-11.23.1 added - liblz4-1-1.9.2-3.3.1 added - libcap-ng0-0.7.9-4.37 added - libzstd1-1.4.4-1.6.1 added - libz1-1.2.11-3.21.1 added - libsqlite3-0-3.36.0-3.12.1 added - libpcre1-8.41-6.4.2 added - liblzma5-5.2.3-4.3.1 added - liblua5_3-5-5.3.6-3.6.1 added - libkeyutils1-1.5.10-5.3.1 added - libgmp10-6.1.2-4.6.1 added - libgcc_s1-10.3.0+git1587-1.6.4 added - libcom_err2-1.43.8-4.26.1 added - libcap2-2.26-4.6.1 added - libbz2-1-1.0.6-5.11.1 added - libidn2-0-2.2.0-3.6.1 added - libldap-2_4-2-2.4.46-9.56.1 added - libmagic1-5.32-7.11.2 added - libxml2-2-2.9.7-3.37.1 added - libstdc++6-10.3.0+git1587-1.6.4 added - libdw1-0.168-4.5.3 added - libncurses6-6.1-5.6.2 added - libebl-plugins-0.168-4.5.3 added - terminfo-base-6.1-5.6.2 added - libelf1-0.168-4.5.3 added - ncurses-utils-6.1-5.6.2 added - libverto1-0.2.6-3.20 added - libpopt0-1.16-3.22 added - libgpg-error0-1.29-1.8 added - libattr1-2.4.47-2.19 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libpsl5-0.20.1-1.20 added - libselinux1-3.0-1.31 added - libsemanage1-3.0-1.27 added - libreadline7-7.0-19.6.1 added - libudev1-246.13-7.8.1 added - bash-4.4-19.6.1 added - libgcrypt20-1.8.2-8.39.1 added - krb5-1.16.3-3.21.1 added - libgcrypt20-hmac-1.8.2-8.39.1 added - libssh4-0.8.7-10.12.1 added - libacl1-2.2.52-4.3.1 added - libmount1-2.36.2-2.29 added - findutils-4.8.0-1.20 added - login_defs-4.8.1-2.43 added - libtirpc3-1.2.6-1.131 added - coreutils-8.32-1.2 added - libcrack2-2.9.7-11.3.1 added - libcurl4-7.66.0-4.22.1 added - cracklib-2.9.7-11.3.1 added - info-6.5-4.17 added - libnsl2-1.2.0-2.44 added - libsystemd0-246.13-7.8.1 added - sles-release-15.3-55.4.1 added - patterns-base-fips-20200124-10.5.1 added - sed-4.4-11.6 added - grep-3.1-4.3.12 added - diffutils-3.6-4.3.1 added - cpio-2.12-3.9.1 added - rpm-config-SUSE-1-3.61 added - permissions-20181225-23.6.1 added - pam-1.3.0-6.38.1 added - shadow-4.8.1-2.43 added - sysuser-shadow-2.0-4.2.8 added - system-group-hardware-20170617-15.86 added - libutempter0-1.1.6-3.42 added - util-linux-2.36.2-2.29 added - aaa_base-84.87+git20180409.04c9dae-3.45.1 added - libtasn1-6-4.13-4.5.1 added - libtasn1-4.13-4.5.1 added - libffi7-3.2.1.git259-10.8 added - openssl-1_1-1.1.1d-11.23.1 added - libp11-kit0-0.23.2-4.8.3 added - p11-kit-0.23.2-4.8.3 added - p11-kit-tools-0.23.2-4.8.3 added - ca-certificates-2+git20210309.21162a6-2.1 added - ca-certificates-mozilla-2.44-9.6.1 added - libcbor0-0.5.0-4.3.1 added - libedit0-3.1.snap20150325-2.12 added - libexpat1-2.2.5-3.6.1 added - libfido2-udev-1.5.0-1.30 added - openssh-common-8.4p1-3.9.1 added - timezone-2021e-75.4.1 added - tini-0.18.0-1.47 added - trento-premium-0.7.1+git.dev42.1640084952.33229fc-1.1 added - update-alternatives-1.19.0.4-2.48 added - python3-base-3.6.15-10.9.1 added - libfido2-1-1.5.0-1.30 added - openssh-fips-8.4p1-3.9.1 added - libpython3_6m1_0-3.6.15-10.9.1 added - openssh-server-8.4p1-3.9.1 added - openssh-clients-8.4p1-3.9.1 added - python3-3.6.15-10.9.1 added - openssh-8.4p1-3.9.1 added - python3-wcwidth-0.1.8-3.5.11 added - python3-six-1.14.0-10.1 added - python3-simplejson-3.17.2-1.10 added - python3-rpm-4.14.3-40.1 added - python3-resolvelib-0.5.4-1.1 added - python3-pytz-2021.1-3.3.1 added - python3-pyperclip-1.6.0-1.17 added - python3-pyparsing-2.4.7-1.24 added - python3-pycparser-2.17-3.2.1 added - python3-pyasn1-0.4.2-3.2.1 added - python3-py-1.8.1-5.6.1 added - python3-ply-3.10-1.27 added - python3-idna-2.6-1.20 added - python3-chardet-3.0.4-3.23 added - python3-certifi-2018.1.18-1.18 added - python3-asn1crypto-0.24.0-3.2.1 added - python3-appdirs-1.4.3-1.21 added - python3-PyYAML-5.4.1-1.1 added - python3-PrettyTable-0.7.2-3.23 added - python3-MarkupSafe-1.1.1-1.1 added - python3-Babel-2.8.0-3.3.1 added - python3-packaging-20.3-1.9 added - python3-cmd2-0.8.9-7.4.3 added - python3-cffi-1.13.2-3.2.5 added - python3-jmespath-0.9.3-1.21 added - python3-Jinja2-2.11.3-1.1 added - python3-setuptools-40.5.0-6.3.1 added - ansible-core-2.11.6-1.1 added - python3-pbr-4.3.0-6.22 added - python3-cryptography-2.8-10.1 added - python3-stevedore-1.32.0-7.4.4 added - python3-pyOpenSSL-19.0.0-1.31 added - python3-cliff-3.1.0-7.4.6 added - python3-urllib3-1.25.10-4.3.1 added - python3-requests-2.24.0-1.24 added - python3-ara-1.5.7-1.1 added - python3-pip-20.0.2-6.15.1 added - container:sles15-image-15.0.0-17.6.3 added