size for enums with allow_alias set to true.
* Sort map fields alphabetically by the field's key when printing textproto.
* Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508).
* TextFormat.merge() handles Any as top level type.
* Throw a descriptive IllegalArgumentException when calling
getValueDescriptor() on enum special value UNRECOGNIZED instead of
ArrayIndexOutOfBoundsException.
* Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts()
would override the configuration passed into includingDefaultValueFields().
* Implement overrides of indexOf() and contains() on primitive lists returned
for repeated fields to avoid autoboxing the list contents.
* Add overload to FieldMaskUtil.fromStringList that accepts a descriptor.
* [bazel] Move Java runtime/toolchains into //java (#7190)
Python:
* [experimental] Added proto3 presence support.
* [experimental] fast import protobuf module, only works with cpp generated code linked in.
* Truncate 'float' fields to 4 bytes of precision in setters for pure-Python
implementation (C++ extension was already doing this).
* Fixed a memory leak in C++ bindings.
* Added a deprecation warning when code tries to create Descriptor objects
directly.
* Fix unintended comparison between bytes and string in descriptor.py.
* Avoid printing excess digits for float fields in TextFormat.
* Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code.
* Drop 3.3, 3.4 and use single version docker images for all python tests (#7396)
JavaScript:
* Fix js message pivot selection (#6813)
PHP:
* Persistent Descriptor Pool (#6899)
* Implement lazy loading of php class for proto messages (#6911)
* Correct @return in Any.unpack docblock (#7089)
* Ignore unknown enum value when ignore_unknown specified (#7455)
C#:
* [experimental] Add support for proto3 presence fields in C# (#7382)
* Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491)
* Remove Has/Clear members for C# message fields in proto2 (#7429)
* Enforce recursion depth checking for unknown fields (#7132)
* Fix conformance test failures for Google.Protobuf (#6910)
* Cleanup various bits of Google.Protobuf (#6674)
* Fix latest ArgumentException for C# extensions (#6938)
* Remove unnecessary branch from ReadTag (#7289)
Other:
* Add a proto_lang_toolchain for javalite (#6882)
* [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237)
* Add application note for explicit presence tracking. (#7390)
* Howto doc for implementing proto3 presence in a code generator. (#7407)
Update to version 3.11.4; notable changes since 3.9.2:
* C++: Make serialization method naming consistent
* C++: Moved ShutdownProtobufLibrary() to message_lite.h. For
backward compatibility a declaration is still available
in stubs/common.h, but users should prefer message_lite.h
* C++: Removed non-namespace macro EXPECT_OK()
* C++: Removed mathlimits.h from stubs in favor of using
std::numeric_limits from C++11
* C++: Support direct pickling of nested messages
* C++: Disable extension code gen for C#
* C++: Switch the proto parser to the faster MOMI parser
* C++: Unused imports of files defining descriptor extensions
will now be reported
* C++: Add proto2::util::RemoveSubranges to remove multiple
subranges in linear time
* C++: Support 32 bit values for ProtoStreamObjectWriter to Struct
* C++: Removed the internal-only header coded_stream_inl.h and
the internal-only methods defined there
* C++: Enforced no SWIG wrapping of descriptor_database.h
(other headers already had this restriction)
* C++: Implementation of the equivalent of the MOMI parser for
serialization. This removes one of the two serialization
routines, by making the fast array serialization routine
completely general. SerializeToCodedStream can now be
implemented in terms of the much much faster array
serialization. The array serialization regresses slightly,
but when array serialization is not possible this wins big
* C++: Add move constructor for Reflection's SetString
* Java: Remove the usage of MethodHandle, so that Android users
prior to API version 26 can use protobuf-java
* Java: Publish ProGuard config for javalite
* Java: Include unknown fields when merging proto3 messages in
Java lite builders
* Java: Have oneof enums implement a separate interface (other
than EnumLite) for clarity
* Java: Opensource Android Memory Accessors
* Java: Change ProtobufArrayList to use Object[] instead of
ArrayList for 5-10% faster parsing
* Java: Make a copy of JsonFormat.TypeRegistry at the protobuf
top level package. This will eventually replace
JsonFormat.TypeRegistry
* Java: Add Automatic-Module-Name entries to the Manifest
* Python: Add float_precision option in json format printer
* Python: Optionally print bytes fields as messages in unknown
fields, if possible
* Python: Experimental code gen (fast import protobuf module)
which only work with cpp generated code linked in
* Python: Add descriptor methods in descriptor_pool are deprecated
* Python: Added delitem for Python extension dict
* JavaScript: Remove guard for Symbol iterator for jspb.Map
* JavaScript: Remove deprecated boolean option to getResultBase64String()
* JavaScript: Change the parameter types of binaryReaderFn in
ExtensionFieldBinaryInfo to (number, ?, ?)
* JavaScript: Create dates.ts and time_of_days.ts to mirror Java
versions. This is a near-identical conversion of
c.g.type.util.{Dates,TimeOfDays} respectively
* JavaScript: Migrate moneys to TypeScript
* PHP: Increase php7.4 compatibility
* PHP: Implement lazy loading of php class for proto messages
* Ruby: Support hashes for struct initializers
* C#: Experimental proto2 support is now officially available
* C#: Change _Extensions property to normal body rather than expression
* Objective C: Remove OSReadLittle* due to alignment requirements
* Other: Override CocoaPods module to lowercase
* further bugfixes and optimisations
- Install LICENSE
- Drop protobuf-libs as it is just workaround for rpmlint issue
* python bindings now require recent python-google-apputils
* Released memory allocated by InitializeDefaultRepeatedFields()
and GetEmptyString(). Some memory sanitizers reported them
* Updated DynamicMessage.setField() to handle repeated enum
* Fixed a bug that caused NullPointerException to be thrown when
converting manually constructed FileDescriptorProto to
* Added oneofs(unions) feature. Fields in the same oneof will
* Files, services, enums, messages, methods and enum values
* Added Support for list values, including lists of mesaages,
* Added SwapFields() in reflection API to swap a subset of
* Repeated primitive extensions are now packable. The
it is possible to switch a repeated extension field to
* writeTo() method in ByteString can now write a substring to
* java_generate_equals_and_hash can now be used with the
* A new C++-backed extension module (aka 'cpp api v2') that
replaces the old ('cpp api v1') one. Much faster than the
pure Python code. This one resolves many bugs and is
mosh reqires it
python-abseil was udpated:
version update to 1.4.0
New:
(testing) Added @flagsaver.as_parsed: this allows saving/restoring flags
using string values as if parsed from the command line and will also reflect
other flag states after command line parsing, e.g. .present is set.
Changed:
(logging) If no log dir is specified logging.find_log_dir() now falls back
to tempfile.gettempdir() instead of /tmp/.
Fixed:
(flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class
are now correctly passed to the underlying Flag object.
version update to 1.2.0
* Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used.
* `Flag` instances now raise an error if used in a bool context. This prevents
the occasional mistake of testing an instance for truthiness rather than
testing `flag.value`.
* `absl-py` no longer depends on `six`.
Update to version 1.0.0
* absl-py no longer supports Python 2.7, 3.4, 3.5. All versions
have reached end-of-life for more than a year now.
* New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in
the git repo going forward.
* (testing) #128: When running bazel with its --test_filter=
flag, it now treats the filters as unittest's -k flag in Python
3.7+.
* Top-level LICENSE file is now exported in bazel.
* #171: Creating argparse_flags.ArgumentParser with
argument_default= no longer raises an exception when other
absl.flags flags are defined.
* #173: absltest now correctly sets up test filtering and fail
fast flags when an explicit argv= parameter is passed to
absltest.main.
- Release notes for 0.13.0
* (app) Type annotations for public app interfaces.
* (testing) Added new decorator @absltest.skipThisClass to
indicate a class contains shared functionality to be used as a
base class for other TestCases, and therefore should be
skipped.
* (app) Annotated the flag_parser paramteter of run as
keyword-only. This keyword-only constraint will be enforced at
runtime in a future release.
* (app, flags) Flag validations now include all errors from
disjoint flag sets, instead of fail fast upon first error from
all validators. Multiple validators on the same flag still
fails fast.
- Release notes for 0.12.0
* (flags) Made EnumClassSerializer and EnumClassListSerializer
public.
* (flags) Added a required: Optional[bool] = False parameter to
DEFINE_* functions.
* (testing) flagsaver overrides can now be specified in terms of
FlagHolder.
* (testing) parameterized.product: Allows testing a method over
cartesian product of parameters values, specified as a
sequences of values for each parameter or as kwargs-like dicts
of parameter values.
* (testing) Added public flag holders for --test_srcdir and
--test_tmpdir. Users should use absltest.TEST_SRCDIR.value and
absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and
FLAGS.test_tmpdir.
* (flags) Made CsvListSerializer respect its delimiter argument.
- Add Provides python-absl-py
python-grpcuio was updated:
- Update to version 1.60.0:
* No python specfic changes.
- Update to version 1.59.2:
* No python specific changes.
- Update to version 1.59.0:
* [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398).
* [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186).
- Update to version 1.58.0:
* [Bazel] Enable grpcio-reflection to be used via Bazel
(gh#grpc/grpc#31013).
* [packaging] Publish xds-protos as part of the standard package
pipeline (gh#grpc/grpc#33797).
- Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* [posix] Enable systemd sockets for libsystemd>=233
(gh#grpc/grpc#32671).
* [python O11Y] Initial Implementation (gh#grpc/grpc#32974).
- Build with LTO (don't set _lto_cflags to %nil).
- No need to pass '-std=c++17' to build CFLAGS.
- Update to version 1.56.2:
* [WRR] backport (gh#grpc/grpc#33694) to 1.56
(gh#grpc/grpc#33698)
* [backport][iomgr][EventEngine] Improve server handling of
file descriptor exhaustion (gh#grpc/grpc#33667)
- Switch build to pip/wheel.
- Use system abseil with '-std=c++17' to prevent undefined symbol
eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_
2023012511string_viewE)
- Upstream only supports python >= 3.7, so adjust BuildRequires
accordingly.
- Add %{?sle15_python_module_pythons}
- Update to version 1.56.0: (CVE-2023-32731, bsc#1212180)
* [aio types] Fix some grpc.aio python types
(gh#grpc/grpc#32475).
- Update to version 1.55.0:
* [EventEngine] Disable EventEngine polling in gRPC Python
(gh#grpc/grpc#33279) (gh#grpc/grpc#33320).
* [Bazel Python3.11] Update Bazel dependencies for Python 3.11
(gh#grpc/grpc#33318) (gh#grpc/grpc#33319).
- Drop Requires: python-six; not required any more.
- Switch Suggests to Recommends.
- Update to version 1.54.0: (CVE-2023-32732, bsc#1212182)
* Fix DeprecationWarning when calling asyncio.get_event_loop()
(gh#grpc/grpc#32533).
* Remove references to deprecated syntax field
(gh#grpc/grpc#32497).
- Update to version 1.51.1:
* No Linux specific changes.
- Changes from version 1.51.0:
* Fix lack of cooldown between poll attempts
(gh#grpc/grpc#31550).
* Remove enum and future (gh#grpc/grpc#31381).
* [Remove Six] Remove dependency on six (gh#grpc/grpc#31340).
* Update xds-protos package to pull in protobuf 4.X
(gh#grpc/grpc#31113).
- Update to version 1.50.0:
* Support Python 3.11. [gh#grpc/grpc#30818].
- Update to version 1.49.1
* Support Python 3.11. (#30818)
* Add type stub generation support to grpcio-tools. (#30498)
- Update to version 1.48.0:
* [Aio] Ensure Core channel closes when deallocated
[gh#grpc/grpc#29797].
* [Aio] Fix the wait_for_termination return value
[gh#grpc/grpc#29795].
- update to 1.46.3:
* backport: xds: use federation env var to guard new-style resource name parsing
* This release contains refinements, improvements, and bug fixes.
- Update to version 1.46.0:
* Add Python GCF Distribtest [gh#grpc/grpc#29303].
* Add Python Reflection Client [gh#grpc/grpc#29085].
* Revert 'Fix prefork handler register's default behavior'
[gh#grpc/grpc#29229].
* Fix prefork handler register's default behavior
[gh#grpc/grpc#29103].
* Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873].
- Update to version 1.45.0:
* Reimplement Gevent Integration [gh#grpc/grpc#28276].
* Support musllinux binary wheels on x64 and x86
[gh#grpc/grpc#28092].
* Increase the Python protobuf requirement to >=3.12.0
[gh#grpc/grpc#28604].
- Build with system re2; add BuildRequires: pkgconfig(re2).
- Update to version 1.44.0:
* Add python async example for hellostreamingworld using
generator (gh#grpc/grpc#27343).
* Disable __wrap_memcpy hack for Python builds
(gh#grpc/grpc#28410).
* Bump Bazel Python Cython dependency to 0.29.26
(gh#grpc/grpc#28398).
* Fix libatomic linking on Raspberry Pi OS Bullseye
(gh#grpc/grpc#28041).
* Allow generated proto sources in remote repositories for
py_proto_library (gh#grpc/grpc#28103).
- Update to version 1.43.0:
* [Aio] Validate the input type for set_trailing_metadata and
abort (gh#grpc/grpc#27958).
- update to 1.41.1:
* This is release 1.41.0 (goat) of gRPC Core.
- Update to version 1.41.0:
* Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074).
* [Aio] Remove custom IO manager support (gh#grpc/grpc#27090).
- Update to version 1.39.0:
* Python AIO: Match continuation typing on Interceptors
(gh#grpc/grpc#26500).
* Workaround #26279 by publishing manylinux_2_24 wheels instead
of manylinux2014 on aarch64 (gh#grpc/grpc#26430).
* Fix zlib unistd.h import problem (gh#grpc/grpc#26374).
* Handle gevent exception in gevent poller (gh#grpc/grpc#26058).
- Update to version 1.38.1:
* Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x
(gh#grpc/grpc#26436).
- Update to version 1.38.0:
* Add grpcio-admin Python package (gh#grpc/grpc#26166).
* Add CSDS API to Python (gh#grpc/grpc#26114).
* Expose code and details from context on the server side
(gh#grpc/grpc#25457).
* Explicitly import importlib.abc; required on Python 3.10.
Fixes #26062 (gh#grpc/grpc#26083).
* Fix potential deadlock on the GIL in AuthMetdataPlugin
(gh#grpc/grpc#26009).
* Introduce new Python package 'xds_protos'
(gh#grpc/grpc#25975).
* Remove async mark for set_trailing_metadata interface
(gh#grpc/grpc#25814).
- Update to version 1.37.1:
* No user visible changes.
- Changes from version 1.37.0:
* Clarify Guarantees about grpc.Future Interface
(gh#grpc/grpc#25383).
* [Aio] Add time_remaining method to ServicerContext
(gh#grpc/grpc#25719).
* Standardize all environment variable boolean configuration in
python's setup.py (gh#grpc/grpc#25444).
* Fix Signal Safety Issue (gh#grpc/grpc#25394).
- Update to version 1.36.1:
* Core: back-port: add env var protection for google-c2p
resolver (gh#grpc/grpc#25569).
- Update to version 1.35.0:
* Implement Python Client and Server xDS Creds.
(gh#grpc/grpc#25365)
* Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533)
* Link roots.pem to ca-bundle.pem from ca-certificates package
- Update to version 1.34.1:
* Backport 'Lazily import grpc_tools when using runtime
stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
- Update to version 1.34.0:
* Incur setuptools as an dependency for grpcio_tools
(gh#grpc/grpc#24752).
* Stop the spamming log generated by ctrl-c for AsyncIO server
(gh#grpc/grpc#24718).
* [gRPC Easy] Make Well-Known Types Available to Runtime Protos
(gh#grpc/grpc#24478).
* Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python
(gh#grpc/grpc#24480).
* Make Python 2 an optional dependency for Bazel build
(gh#grpc/grpc#24407).
* [Linux] [macOS] Support pre-compiled Python 3.9 wheels
(gh#grpc/grpc#24356).
- Update to version 1.33.2:
* [Backport] Implement grpc.Future interface in
SingleThreadedRendezvous (gh#grpc/grpc#24574).
- Update to version 1.33.1:
* [Backport] Make Python 2 an optional dependency for Bazel
build (gh#grpc/grpc#24452).
* Allow asyncio API to be imported as grpc.aio.
(gh#grpc/grpc#24289).
* [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124).
* Make version check for importlib.abc in grpcio-tools more
stringent (gh#grpc/grpc#24098).
Added re2 package in version 2024-02-01.
| Advisory ID | SUSE-RU-2024:1344-1
|
| Released | Thu Apr 18 18:50:37 2024 |
| Summary | Recommended update for libzypp, zypper |
| Type | recommended |
| Severity | moderate |
| References | 1175678,1218171,1221525,1222086 |
Description:
This update for libzypp, zypper fixes the following issues:
- Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398)
- Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086)
- TmpFile: Don't call chmod if makeSibling failed
- Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- Add default stripe minimum
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config
- version 17.32.0
- ProblemSolution::skipsPatchesOnly overload to handout the patches
- Show active dry-run/download-only at the commit propmpt
- Add --skip-not-applicable-patches option
- Fix printing detailed solver problem description
- Fix bash-completion to work with right adjusted numbers in the 1st column too
- Set libzypp shutdown request signal on Ctrl+C
- In the detailed view show all baseurls not just the first one (bsc#1218171)
| Advisory ID | SUSE-SU-2024:1375-1
|
| Released | Mon Apr 22 14:56:13 2024 |
| Summary | Security update for glibc |
| Type | security |
| Severity | important |
| References | 1222992,CVE-2024-2961 |
Description:
This update for glibc fixes the following issues:
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
SUSE-CU-2024:1587-1
| Container Advisory ID | SUSE-CU-2024:1587-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.209 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.209 |
The following patches have been included in this update:
SUSE-CU-2024:1479-1
| Container Advisory ID | SUSE-CU-2024:1479-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.207 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.207 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:1287-1
|
| Released | Mon Apr 15 15:03:40 2024 |
| Summary | Security update for vim |
| Type | security |
| Severity | important |
| References | 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 |
Description:
This update for vim fixes the following issues:
Updated to version 9.1.0111, fixes the following security problems
- CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235).
- CVE-2023-48236: overflow in get_number (bsc#1217329).
- CVE-2023-48237: overflow in shift_line (bsc#1217330).
- CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005).
SUSE-CU-2024:1441-1
| Container Advisory ID | SUSE-CU-2024:1441-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.205 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.205 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:1253-1
|
| Released | Fri Apr 12 08:15:18 2024 |
| Summary | Recommended update for gcc13 |
| Type | recommended |
| Severity | moderate |
| References | 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 |
Description:
This update for gcc13 fixes the following issues:
- Fix unwinding for JIT code. [bsc#1221239]
- Revert libgccjit dependency change. [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Add support for -fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM. [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686. [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
| Advisory ID | SUSE-RU-2024:1279-1
|
| Released | Fri Apr 12 21:35:09 2024 |
| Summary | Recommended update for python3 |
| Type | recommended |
| Severity | moderate |
| References | 1222109 |
Description:
This update for python3 fixes the following issue:
- Fix syslog making default 'ident' from sys.argv (bsc#1222109)
SUSE-CU-2024:1420-1
| Container Advisory ID | SUSE-CU-2024:1420-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.204 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.204 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:1231-1
|
| Released | Thu Apr 11 15:20:40 2024 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | 1220441 |
Description:
This update for glibc fixes the following issues:
- duplocale: protect use of global locale (bsc#1220441, BZ #23970)
SUSE-CU-2024:1373-1
| Container Advisory ID | SUSE-CU-2024:1373-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.200 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.200 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:1172-1
|
| Released | Tue Apr 9 09:52:32 2024 |
| Summary | Security update for util-linux |
| Type | security |
| Severity | important |
| References | 1207987,1221831,CVE-2024-28085 |
Description:
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
| Advisory ID | SUSE-SU-2024:1192-1
|
| Released | Wed Apr 10 09:14:37 2024 |
| Summary | Security update for less |
| Type | security |
| Severity | important |
| References | 1219901,CVE-2022-48624 |
Description:
This update for less fixes the following issues:
- CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).
SUSE-CU-2024:1300-1
| Container Advisory ID | SUSE-CU-2024:1300-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.198 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.198 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:1133-1
|
| Released | Mon Apr 8 11:29:02 2024 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1220061,CVE-2023-45918 |
Description:
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
| Advisory ID | SUSE-SU-2024:1151-1
|
| Released | Mon Apr 8 11:36:23 2024 |
| Summary | Security update for curl |
| Type | security |
| Severity | moderate |
| References | 1221665,1221667,CVE-2024-2004,CVE-2024-2398 |
Description:
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
| Advisory ID | SUSE-SU-2024:1167-1
|
| Released | Mon Apr 8 15:11:11 2024 |
| Summary | Security update for nghttp2 |
| Type | security |
| Severity | important |
| References | 1221399,CVE-2024-28182 |
Description:
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
SUSE-CU-2024:1299-1
| Container Advisory ID | SUSE-CU-2024:1299-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.197 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.197 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:1129-1
|
| Released | Mon Apr 8 09:12:08 2024 |
| Summary | Security update for expat |
| Type | security |
| Severity | important |
| References | 1219559,1221289,CVE-2023-52425,CVE-2024-28757 |
Description:
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
SUSE-CU-2024:1265-1
| Container Advisory ID | SUSE-CU-2024:1265-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.194 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.194 |
The following patches have been included in this update:
SUSE-CU-2024:1142-1
| Container Advisory ID | SUSE-CU-2024:1142-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.190 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.190 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:1015-1
|
| Released | Thu Mar 28 06:08:11 2024 |
| Summary | Recommended update for sed |
| Type | recommended |
| Severity | important |
| References | 1221218 |
Description:
This update for sed fixes the following issues:
- 'sed -i' now creates temporary files with correct umask (bsc#1221218)
SUSE-CU-2024:1141-1
| Container Advisory ID | SUSE-CU-2024:1141-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.189 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.189 |
The following patches have been included in this update:
SUSE-CU-2024:1113-1
| Container Advisory ID | SUSE-CU-2024:1113-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.188 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.188 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:997-1
|
| Released | Tue Mar 26 11:03:37 2024 |
| Summary | Security update for krb5 |
| Type | security |
| Severity | important |
| References | 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 |
Description:
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
- CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772).
SUSE-CU-2024:1100-1
| Container Advisory ID | SUSE-CU-2024:1100-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.185 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.185 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:929-1
|
| Released | Tue Mar 19 06:36:24 2024 |
| Summary | Recommended update for coreutils |
| Type | recommended |
| Severity | moderate |
| References | 1219321 |
Description:
This update for coreutils fixes the following issues:
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
SUSE-CU-2024:978-1
| Container Advisory ID | SUSE-CU-2024:978-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.180 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.180 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:861-1
|
| Released | Wed Mar 13 09:12:30 2024 |
| Summary | Recommended update for aaa_base |
| Type | recommended |
| Severity | moderate |
| References | 1218232 |
Description:
This update for aaa_base fixes the following issues:
- Silence the output in the case of broken symlinks (bsc#1218232)
| Advisory ID | SUSE-RU-2024:907-1
|
| Released | Fri Mar 15 08:57:38 2024 |
| Summary | Recommended update for audit |
| Type | recommended |
| Severity | moderate |
| References | 1215377 |
Description:
This update for audit fixes the following issue:
- Fix plugin termination when using systemd service units (bsc#1215377)
SUSE-CU-2024:977-1
| Container Advisory ID | SUSE-CU-2024:977-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.179 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.179 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:870-1
|
| Released | Wed Mar 13 13:05:14 2024 |
| Summary | Security update for glibc |
| Type | security |
| Severity | moderate |
| References | 1217445,1217589,1218866 |
Description:
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
| Advisory ID | SUSE-SU-2024:876-1
|
| Released | Wed Mar 13 15:45:34 2024 |
| Summary | Security update for sudo |
| Type | security |
| Severity | important |
| References | 1221134,1221151,CVE-2023-42465 |
Description:
This update for sudo fixes the following issues:
- CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134).
| Advisory ID | SUSE-SU-2024:898-1
|
| Released | Thu Mar 14 16:05:15 2024 |
| Summary | Security update for gdb |
| Type | security |
| Severity | moderate |
| References | 1068950,1081527,1211052,CVE-2017-16829,CVE-2018-7208,CVE-2022-48064 |
Description:
This update for gdb fixes the following issues:
- Drop libdebuginfod1 BuildRequires/Recommends. The former isn't
needed because there's a build requirement on libdebuginfod-devel
already, which will pull the shared library. And the latter,
because it's bogus since RPM auto generated dependency will take
care of that requirement.
gdb was released in 13.2:
- This version of GDB includes the following changes and enhancements:
* Support for the following new targets has been added in both GDB and GDBserver:
* GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux*
* GNU/Linux/CSKY (gdbserver) csky*-*linux*
* The Windows native target now supports target async.
* Floating-point support has now been added on LoongArch GNU/Linux.
* New commands:
* set print nibbles [on|off]
* show print nibbles
* This controls whether the 'print/t' command will display binary values in groups of four bits, known as 'nibbles'. The default is 'off'.
Various styling-related commands. See the gdb/NEWS file for more details.
Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details.
* Python API improvements:
* New Python API for instruction disassembly.
* The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee.
* New Python type gdb.BreakpointLocation.
* New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address '
* New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'.
* New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string.
* New method gdb.Frame.language that returns the name of the frame's language.
* gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation.
* gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does.
* The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9].
* GDB/MI changes:
* MI version 1 is deprecated, and will be removed in GDB 14.
* The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno.
* Miscellaneous improvements:
* gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF.
* New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior.
* New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit.
* The 'info breakpoints' now displays enabled breakpoint locations of disabled breakpoints as in the 'y-' state.
* The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling.
* A new format '/b' has been introduce to provide the old behavior of '/r'.
* The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new 'set style tui-current-position' command.
* It is now possible to use the 'document' command to document user-defined commands.
* Support for memory tag data for AArch64 MTE.
* Support Removal notices:
* DBX mode has been removed.
* Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3.
* Support for the following commands has been removed:
* set debug aix-solib on|off
* show debug aix-solib
* set debug solib-frv on|off
* show debug solib-frv
* Use the 'set/show debug solib' commands instead.
See the NEWS file for a more complete and detailed list of what this release includes.
| Advisory ID | SUSE-SU-2024:901-1
|
| Released | Thu Mar 14 17:49:10 2024 |
| Summary | Security update for python3 |
| Type | security |
| Severity | important |
| References | 1214691,1219666,CVE-2022-48566,CVE-2023-6597 |
Description:
This update for python3 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).
| Advisory ID | SUSE-RU-2024:904-1
|
| Released | Fri Mar 15 08:42:04 2024 |
| Summary | Recommended update for supportutils |
| Type | recommended |
| Severity | moderate |
| References | 1214713,1218632,1218812,1218814,1219241,1219639 |
Description:
This update for supportutils fixes the following issues:
- Update toversion 3.1.29
- Extended scaling for performance (bsc#1214713)
- Fixed kdumptool output error (bsc#1218632)
- Corrected podman ID errors (bsc#1218812)
- Duplicate non root podman entries removed (bsc#1218814)
- Corrected get_sles_ver for SLE Micro (bsc#1219241)
- Check nvidida-persistenced state (bsc#1219639)
SUSE-CU-2024:923-1
| Container Advisory ID | SUSE-CU-2024:923-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.173 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.173 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:792-1
|
| Released | Thu Mar 7 09:55:23 2024 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for timezone fixes the following issues:
- Update to version 2024a
- Kazakhstan unifies on UTC+5
- Palestine springs forward a week later than previously predicted in 2024 and 2025
- Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00
- From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00
- In 1911 Miquelon adopted standard time on June 15, not May 15
- The FROM and TO columns of Rule lines can no longer be 'minimum'
- localtime no longer mishandle some timestamps
- strftime %s now uses tm_gmtoff if available
- Ittoqqortoormiit, Greenland changes time zones on 2024-03-31
- Vostok, Antarctica changed time zones on 2023-12-18
- Casey, Antarctica changed time zones five times since 2020
- Code and data fixes for Palestine timestamps starting in 2072
- A new data file zonenow.tab for timestamps starting now
- Much of Greenland changed its standard time from -03 to -02 on 2023-03-25
- localtime.c no longer mishandles TZif files that contain a single transition into a DST regime
- tzselect no longer creates temporary files
- tzselect no longer mishandles the following:
* Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION.
* TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/
* ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments
* Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension
* zic no longer mishandles data for Palestine after the year 2075
| Advisory ID | SUSE-SU-2024:794-1
|
| Released | Thu Mar 7 10:33:17 2024 |
| Summary | Security update for sudo |
| Type | security |
| Severity | important |
| References | 1219026,1220389,CVE-2023-42465 |
Description:
This update for sudo fixes the following issues:
- CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026).
SUSE-CU-2024:835-1
| Container Advisory ID | SUSE-CU-2024:835-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.170 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.170 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:766-1
|
| Released | Tue Mar 5 13:50:28 2024 |
| Summary | Recommended update for libssh |
| Type | recommended |
| Severity | important |
| References | 1220385 |
Description:
This update for libssh fixes the following issues:
- Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)
SUSE-CU-2024:731-1
| Container Advisory ID | SUSE-CU-2024:731-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.163 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.163 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:549-1
|
| Released | Tue Feb 20 17:05:52 2024 |
| Summary | Security update for openssl-1_1 |
| Type | security |
| Severity | moderate |
| References | 1219243,CVE-2024-0727 |
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
| Advisory ID | SUSE-SU-2024:555-1
|
| Released | Tue Feb 20 17:22:17 2024 |
| Summary | Security update for libxml2 |
| Type | security |
| Severity | moderate |
| References | 1219576,CVE-2024-25062 |
Description:
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
SUSE-CU-2024:660-1
| Container Advisory ID | SUSE-CU-2024:660-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.160 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.160 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:581-1
|
| Released | Wed Feb 21 14:08:16 2024 |
| Summary | Security update for python3 |
| Type | security |
| Severity | moderate |
| References | 1210638,CVE-2023-27043 |
Description:
This update for python3 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
SUSE-CU-2024:571-1
| Container Advisory ID | SUSE-CU-2024:571-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.157 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.157 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:480-1
|
| Released | Thu Feb 15 12:35:51 2024 |
| Summary | Recommended update for libsolv |
| Type | recommended |
| Severity | important |
| References | 1215698,1218782,1218831,1219442 |
Description:
This update for libsolv, libzypp fixes the following issues:
- build for multiple python versions [jsc#PED-6218]
- applydeltaprm: Create target directory if it does not exist (bsc#1219442)
- Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698)
- CheckAccessDeleted: fix running_in_container detection (bsc#1218782)
- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831)
SUSE-CU-2024:514-1
| Container Advisory ID | SUSE-CU-2024:514-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.153 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.153 |
The following patches have been included in this update:
SUSE-CU-2024:510-1
| Container Advisory ID | SUSE-CU-2024:510-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.152 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.152 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:427-1
|
| Released | Thu Feb 8 12:56:57 2024 |
| Summary | Recommended update for supportutils |
| Type | recommended |
| Severity | moderate |
| References | 1183663,1193173,1196293,1211547,1216049,1216388,1216390,1216522,1216827,1217287,1218201,1218282 |
Description:
This update for supportutils fixes the following issues:
- Update to version 3.1.28
- Correctly detects Xen Dom0 (bsc#1218201)
- Fixed smart disk error (bsc#1218282)
- Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173)
- Added missing klp information to kernel-livepatch.txt (bsc#1216390)
- Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388)
- Provides long listing for /etc/sssd/sssd.conf (bsc#1211547)
- Optimize lsof usage (bsc#1183663)
- Collects chrony or ntp as needed (bsc#1196293)
- Fixed podman display issue (bsc#1217287)
- Added nvme-stas configuration to nvme.txt (bsc#1216049)
- Added timed command to fs-files.txt (bsc#1216827)
- Collects zypp history file issue#166 (bsc#1216522)
| Advisory ID | SUSE-RU-2024:433-1
|
| Released | Thu Feb 8 17:03:18 2024 |
| Summary | Recommended update for source-highlight |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for source-highlight fixes the following issues:
Version update to 3.1.9:
- changed esc.style to work better with dark theme terminals
- updated C and C++ to more recent standards
- fixed zsh.lang
- added new Python keywords
- added Rust
- added ixpe
- added vim
- ships it to missing service packs like SUSE Linux Enterprise 15 SP3.
SUSE-CU-2024:479-1
| Container Advisory ID | SUSE-CU-2024:479-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.150 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.150 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:322-1
|
| Released | Fri Feb 2 15:13:26 2024 |
| Summary | Recommended update for aaa_base |
| Type | recommended |
| Severity | moderate |
| References | 1107342,1215434 |
Description:
This update for aaa_base fixes the following issues:
- Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)
| Advisory ID | SUSE-SU-2024:305-1
|
| Released | Mon Mar 11 14:15:37 2024 |
| Summary | Security update for cpio |
| Type | security |
| Severity | moderate |
| References | 1218571,1219238,CVE-2023-7207 |
Description:
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
SUSE-CU-2024:382-1
| Container Advisory ID | SUSE-CU-2024:382-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.145 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.145 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:238-1
|
| Released | Fri Jan 26 10:56:41 2024 |
| Summary | Security update for cpio |
| Type | security |
| Severity | moderate |
| References | 1218571,CVE-2023-7207 |
Description:
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed a path traversal issue that could lead to an
arbitrary file write during archive extraction (bsc#1218571).
| Advisory ID | SUSE-RU-2024:244-1
|
| Released | Fri Jan 26 13:01:27 2024 |
| Summary | Recommended update for util-linux |
| Type | recommended |
| Severity | moderate |
| References | 1207987 |
Description:
This update for util-linux fixes the following issues:
- Fix performance degradation (bsc#1207987)
SUSE-CU-2024:347-1
| Container Advisory ID | SUSE-CU-2024:347-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.142 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.142 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:231-1
|
| Released | Thu Jan 25 11:57:37 2024 |
| Summary | Recommended update for suse-module-tools |
| Type | recommended |
| Severity | moderate |
| References | 1217775 |
Description:
This update for suse-module-tools fixes the following issues:
- Update to version 15.5.4
- Add symlink /boot/.vmlinuz.hmac (bsc#1217775)
SUSE-CU-2024:311-1
| Container Advisory ID | SUSE-CU-2024:311-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.140 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.140 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:214-1
|
| Released | Wed Jan 24 16:01:31 2024 |
| Summary | Recommended update for systemd |
| Type | recommended |
| Severity | moderate |
| References | 1214668,1215241,1217460 |
Description:
This update for systemd fixes the following issues:
- resolved: actually check authenticated flag of SOA transaction
- core/mount: Make device deps from /proc/self/mountinfo and .mount unit file exclusive
- core: Add trace logging to mount_add_device_dependencies()
- core/mount: Remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460)
- core/mount: Set Mount.from_proc_self_mountinfo flag before adding default dependencies
- core: wrap some long comment
- utmp-wtmp: Handle EINTR gracefully when waiting to write to tty
- utmp-wtmp: Fix error in case isatty() fails
- homed: Handle EINTR gracefully when waiting for device node
- resolved: Handle EINTR returned from fd_wait_for_event() better
- sd-netlink: Handle EINTR from poll() gracefully, as success
- varlink: Handle EINTR gracefully when waiting for EIO via ppoll()
- stdio-bridge: Don't be bothered with EINTR
- sd-bus: Handle EINTR return from bus_poll() (bsc#1215241)
- core: Replace slice dependencies as they get added (bsc#1214668)
SUSE-CU-2024:267-1
| Container Advisory ID | SUSE-CU-2024:267-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.138 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.138 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:136-1
|
| Released | Thu Jan 18 09:53:47 2024 |
| Summary | Security update for pam |
| Type | security |
| Severity | moderate |
| References | 1217000,1218475,CVE-2024-22365 |
Description:
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
| Advisory ID | SUSE-SU-2024:140-1
|
| Released | Thu Jan 18 11:34:58 2024 |
| Summary | Security update for libssh |
| Type | security |
| Severity | important |
| References | 1211188,1211190,1218126,1218186,1218209,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 |
Description:
This update for libssh fixes the following issues:
Security fixes:
- CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209)
- CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126)
- CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186)
- CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188)
- CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190)
Other fixes:
- Update to version 0.9.8
- Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
- Fix several memory leaks in GSSAPI handling code
SUSE-CU-2024:241-1
| Container Advisory ID | SUSE-CU-2024:241-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.137 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.137 |
The following patches have been included in this update:
SUSE-CU-2024:197-1
| Container Advisory ID | SUSE-CU-2024:197-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.135 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.135 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:88-1
|
| Released | Thu Jan 11 10:08:20 2024 |
| Summary | Recommended update for libsolv, zypper, libzypp |
| Type | recommended |
| Severity | moderate |
| References | 1212160,1215294,1216412,1217593,1217873,1218291 |
Description:
This update for libsolv, zypper, libzypp fixes the following issues:
- Expand RepoVars in URLs downloading a .repo file (bsc#1212160)
- Fix search/info commands ignoring --ignore-unknown (bsc#1217593)
- CheckAccessDeleted: fix 'running in container' filter (bsc#1218291)
- Open rpmdb just once during execution of %posttrans scripts (bsc#1216412)
- Make sure reboot-needed is remembered until next boot (bsc#1217873)
- Stop using boost version 1 timer library (bsc#1215294)
- Updated to version 0.7.27
- Add zstd support for the installcheck tool
- Add putinowndirpool cache to make file list handling in repo_write much faster
- Do not use deprecated headerUnload with newer rpm versions
- Support complex deps in SOLVABLE_PREREQ_IGNOREINST
- Fix minimization not prefering installed packages in some cases
- Reduce memory usage in repo_updateinfoxml
- Fix lock-step interfering with architecture selection
- Fix choice rule handing for package downgrades
- Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies
SUSE-CU-2024:152-1
| Container Advisory ID | SUSE-CU-2024:152-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.133 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.133 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2024:70-1
|
| Released | Tue Jan 9 18:29:39 2024 |
| Summary | Security update for tar |
| Type | security |
| Severity | low |
| References | 1217969,CVE-2023-39804 |
Description:
This update for tar fixes the following issues:
- CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969).
SUSE-CU-2024:81-1
| Container Advisory ID | SUSE-CU-2024:81-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.132 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.132 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:62-1
|
| Released | Mon Jan 8 11:44:47 2024 |
| Summary | Recommended update for libxcrypt |
| Type | recommended |
| Severity | moderate |
| References | 1215496 |
Description:
This update for libxcrypt fixes the following issues:
- fix variable name for datamember [bsc#1215496]
- added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2
SUSE-CU-2024:36-1
| Container Advisory ID | SUSE-CU-2024:36-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.127 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.127 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2024:11-1
|
| Released | Tue Jan 2 13:24:52 2024 |
| Summary | Recommended update for procps |
| Type | recommended |
| Severity | moderate |
| References | 1029961,1158830,1206798,1209122 |
Description:
This update for procps fixes the following issues:
- Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)
- For support up to 2048 CPU as well (bsc#1185417)
- Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)
- Get the first CPU summary correct (bsc#1121753)
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
the pwait tool and its manual page will be build
- Do not truncate output of w with option -n
- Prefer logind over utmp (jsc#PED-3144)
- Don't install translated man pages for non-installed binaries
(uptime, kill).
- Fix directory for Ukrainian man pages translations.
- Move localized man pages to lang package.
- Update to procps-ng-3.3.17
* library: Incremented to 8:3:0
(no removals or additions, internal changes only)
* all: properly handle utf8 cmdline translations
* kill: Pass int to signalled process
* pgrep: Pass int to signalled process
* pgrep: Check sanity of SG_ARG_MAX
* pgrep: Add older than selection
* pidof: Quiet mode
* pidof: show worker threads
* ps.1: Mention stime alias
* ps: check also match on truncated 16 char comm names
* ps: Add exe output option
* ps: A lot more sorting available
* pwait: New command waits for a process
* sysctl: Match systemd directory order
* sysctl: Document directory order
* top: ensure config file backward compatibility
* top: add command line 'e' for symmetry with 'E'
* top: add '4' toggle for two abreast cpu display
* top: add '!' toggle for combining multiple cpus
* top: fix potential SEGV involving -p switch
* vmstat: Wide mode gives wider proc columns
* watch: Add environment variable for interval
* watch: Add no linewrap option
* watch: Support more colors
* free,uptime,slabtop: complain about extra ops
- Package translations in procps-lang.
- Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.
- Update to procps-ng-3.3.16
* library: Increment to 8:2:0
No removals or functions
Internal changes only, so revision is incremented.
Previous version should have been 8:1:0 not 8:0:1
* docs: Use correct symbols for -h option in free.1
* docs: ps.1 now warns about command name length
* docs: install translated man pages
* pgrep: Match on runstate
* snice: Fix matching on pid
* top: can now exploit 256-color terminals
* top: preserves 'other filters' in configuration file
* top: can now collapse/expand forest view children
* top: parent %CPU time includes collapsed children
* top: improve xterm support for vim navigation keys
* top: avoid segmentation fault at program termination
* 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830)
SUSE-CU-2024:6-1
| Container Advisory ID | SUSE-CU-2024:6-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.126 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.126 |
The following patches have been included in this update:
SUSE-CU-2023:4285-1
| Container Advisory ID | SUSE-CU-2023:4285-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.123 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.123 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:4962-1
|
| Released | Fri Dec 22 13:45:06 2023 |
| Summary | Recommended update for curl |
| Type | recommended |
| Severity | important |
| References | 1216987 |
Description:
This update for curl fixes the following issues:
- libssh: Implement SFTP packet size limit (bsc#1216987)
This update also ships curl to the INSTALLER channel.
SUSE-CU-2023:4225-1
| Container Advisory ID | SUSE-CU-2023:4225-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.121 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.121 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:4891-1
|
| Released | Mon Dec 18 16:31:49 2023 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1201384,1218014,CVE-2023-50495 |
Description:
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
SUSE-CU-2023:4177-1
| Container Advisory ID | SUSE-CU-2023:4177-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.118 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.118 |
The following patches have been included in this update:
SUSE-CU-2023:4097-1
| Container Advisory ID | SUSE-CU-2023:4097-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.117 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.117 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:4659-1
|
| Released | Wed Dec 6 13:04:57 2023 |
| Summary | Security update for curl |
| Type | security |
| Severity | moderate |
| References | 1217573,1217574,CVE-2023-46218,CVE-2023-46219 |
Description:
This update for curl fixes the following issues:
- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
- CVE-2023-46219: HSTS long file name clears contents (bsc#1217574).
| Advisory ID | SUSE-RU-2023:4699-1
|
| Released | Mon Dec 11 07:02:10 2023 |
| Summary | Recommended update for gpg2 |
| Type | recommended |
| Severity | moderate |
| References | 1217212 |
Description:
This update for gpg2 fixes the following issues:
- `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212)
| Advisory ID | SUSE-RU-2023:4700-1
|
| Released | Mon Dec 11 07:03:27 2023 |
| Summary | Recommended update for p11-kit |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for p11-kit fixes the following issues:
- Ensure that programs using can be compiled with CRYPTOKI_GNU.
Fixes GnuTLS builds (jsc#PED-6705).
| Advisory ID | SUSE-RU-2023:4723-1
|
| Released | Tue Dec 12 09:57:51 2023 |
| Summary | Recommended update for libtirpc |
| Type | recommended |
| Severity | moderate |
| References | 1216862 |
Description:
This update for libtirpc fixes the following issue:
- fix sed parsing in specfile (bsc#1216862)
SUSE-CU-2023:4065-1
| Container Advisory ID | SUSE-CU-2023:4065-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.115 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.115 |
The following patches have been included in this update:
SUSE-CU-2023:4018-1
| Container Advisory ID | SUSE-CU-2023:4018-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.113 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.113 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:4671-1
|
| Released | Wed Dec 6 14:33:41 2023 |
| Summary | Recommended update for man |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update of man fixes the following problem:
- The 'man' commands is delivered to SUSE Linux Enterprise Micro
to allow browsing man pages.
| Advisory ID | SUSE-feature-2023:4678-1
|
| Released | Thu Dec 7 01:53:29 2023 |
| Summary | Feature update for lvm2 |
| Type | feature |
| Severity | important |
| References | 1216938 |
Description:
This update for lvm2 fixes the following issues:
Updated lvm2 from LVM2.2.03.16 to LVM2.2.03.22 (jsc#PED-6753,jsc#PED-6754):
- Version 2.03.22:
* Fixed issues with LVM filters no longer working with SUSE Linux Enterprise 15 Service Pack 5 (bsc#1216938)
* Fixed pv_major/pv_minor report field types so they are integers, not strings.
* Added `lvmdevices --delnotfound` to delete entries for missing devices.
* Always use cachepool name for metadata backup LV for `lvconvert --repair`.
* Make metadata backup LVs read-only after pool's `lvconvert --repair`.
* Improve VDO and Thin support with lvmlockd.
* Handle `lvextend --usepolicies` for pools for all activation variants.
* Fixed memleak in vgchange autoactivation setup.
* Update py-compile building script.
* Support conversion from thick to fully provisioned thin LV.
* Cache/Thin-pool can use error and zero volumes for testing.
* Individual thin volume can be cached, but cannot take snapshot.
* Better internal support for handling error and zero target (for testing).
* Resize COW above trimmed maximal size is does not return error.
* Support parsing of vdo geometry format version 4.
* Added lvm.conf thin_restore and cache_restore settings.
* Handle multiple mounts while resizing volume with a FS.
* Handle leading/trailing spaces in sys_wwid and sys_serial used by deivce_id.
* Enhance lvm_import_vdo and use snapshot when converting VDO volume.
* Fixed parsing of VDO metadata.
* Fixed failing `-S|--select` for non-reporting cmds if using LV info/status fields.
* Allow snapshots of raid+integrity LV.
* Fixed multisegment RAID1 allocator to prevent using single disk for more legs.
- Version 2.03.21:
* Fixed activation of vdo-pool for with 0 length headers (converted pools).
* Avoid printing internal init messages when creation integration devices.
* Allow (write)cache over raid+integrity LV.
- Version 2.03.20:
* Fixed segfault if using `-S|--select` with log/report_command_log=1 setting.
* Configure now fails when requested lvmlockd dependencies are missing.
* Added some configure Gentoo enhancements for static builds.
- Version 2.03.19:
* Configure supports `--with-systemd-run` executed from udev rules.
* Enhancement for build with MuslC systemd and non-bash system shells (dash).
* Do not reset SYSTEMD_READY variable in udev for PVs on MD and loop devices.
* Ensure udev is processing origin LV before its thick snapshots LVs.
* Fixed and improve runtime memory size detection for VDO volumes.
- Version 2.03.18:
* Fixed issues reported by coverity scan.
* Fixed warning for thin pool overprovisioning on lvextend (2.03.17).
* Added support for writecache metadata_only and pause_writeback settings.
* Fixed missing error messages in lvmdbusd.
- Version 2.03.17:
* Added new options (`--fs, --fsmode`) for FS handling when resizing LVs.
* Fixed `lvremove -S|--select LV` to not also remove its historical LV right away.
* Fixed lv_active field type to binary so --select and --binary applies properly.
* Switch to use mallinfo2 and use it only with glibc.
* Error out in lvm shell if using a cmd argument not supported in the shell.
* Fixed lvm shell's lastlog command to report previous pre-command failures.
* Extend VDO and VDOPOOL without flushing and locking fs.
* Added `--valuesonly` option to lvmconfig to print only values without keys.
* Updates configure with recent autoconf tooling.
* Fixed `lvconvert --test --type vdo-pool` execution.
* Added json_std output format for more JSON standard compliant version of output.
* Fixed vdo_slab_size_mb value for converted VDO volume.
* Fixed many corner cases in device_id, including handling of S/N duplicates.
* Fixed various issues in lvmdbusd.
SUSE-CU-2023:3988-1
| Container Advisory ID | SUSE-CU-2023:3988-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.110 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.110 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:4619-1
|
| Released | Thu Nov 30 10:13:52 2023 |
| Summary | Security update for sqlite3 |
| Type | security |
| Severity | important |
| References | 1210660,CVE-2023-2137 |
Description:
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
SUSE-CU-2023:3926-1
| Container Advisory ID | SUSE-CU-2023:3926-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.108 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.108 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:4623-1
|
| Released | Thu Nov 30 19:22:32 2023 |
| Summary | Security update for traceroute |
| Type | security |
| Severity | moderate |
| References | 1216591,CVE-2023-46316 |
Description:
This update for traceroute fixes the following issues:
- CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591).
SUSE-CU-2023:3925-1
| Container Advisory ID | SUSE-CU-2023:3925-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.106 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.106 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:4615-1
|
| Released | Wed Nov 29 20:33:38 2023 |
| Summary | Recommended update for icu |
| Type | recommended |
| Severity | moderate |
| References | 1217472 |
Description:
This update of icu fixes the following issue:
- missing 32bit libraries in SLES 15 SP3 were added, required by xerces-c 32bit.
SUSE-CU-2023:3900-1
| Container Advisory ID | SUSE-CU-2023:3900-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.104 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.104 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:4557-1
|
| Released | Fri Nov 24 17:04:36 2023 |
| Summary | Security update for vim |
| Type | security |
| Severity | important |
| References | 1214922,1214924,1214925,1215004,1215006,1215033,1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 |
Description:
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 2103, fixes the following security problems
- CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940)
- CVE-2023-5441: vim: segfault in exmode when redrawing (bsc#1216001)
- CVE-2023-5535: vim: use-after-free from buf_contents_changed() (bsc#1216167)
- CVE-2023-46246: vim: Integer Overflow in :history command (bsc#1216696)
- CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both (bsc#1214922)
- CVE-2023-4735: vim: OOB Write ops.c (bsc#1214924)
- CVE-2023-4734: vim: segmentation fault in function f_fullcommand (bsc#1214925)
- CVE-2023-4733: vim: use-after-free in function buflist_altfpos (bsc#1215004)
- CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp (bsc#1215006)
- CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both (bsc#1215033)
SUSE-CU-2023:3852-1
| Container Advisory ID | SUSE-CU-2023:3852-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.103 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.103 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:4534-1
|
| Released | Thu Nov 23 08:13:57 2023 |
| Summary | Recommended update for libzypp, zypper |
| Type | recommended |
| Severity | moderate |
| References | 1041742,1203760,1212422,1215979,1216091 |
Description:
This update for libzypp, zypper fixes the following issues:
- Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091)
- Fix comment typo on zypp.conf (bsc#1215979)
- Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742)
- Make sure the old target is deleted before a new one is created (bsc#1203760)
- Return 104 also if info suggests near matches
- Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422)
- commit: Insert a headline to separate output of different rpm scripts (bsc#1041742)
SUSE-CU-2023:3829-1
| Container Advisory ID | SUSE-CU-2023:3829-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.101 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.101 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:4504-1
|
| Released | Tue Nov 21 13:27:50 2023 |
| Summary | Security update for libxml2 |
| Type | security |
| Severity | moderate |
| References | 1216129,CVE-2023-45322 |
Description:
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
| Advisory ID | SUSE-SU-2023:4518-1
|
| Released | Tue Nov 21 17:35:30 2023 |
| Summary | Security update for openssl-1_1 |
| Type | security |
| Severity | important |
| References | 1216922,CVE-2023-5678 |
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
SUSE-CU-2023:3765-1
| Container Advisory ID | SUSE-CU-2023:3765-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.97 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.97 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:4450-1
|
| Released | Wed Nov 15 10:55:20 2023 |
| Summary | Recommended update for crypto-policies |
| Type | recommended |
| Severity | moderate |
| References | 1209998 |
Description:
This update for crypto-policies fixes the following issues:
- Enable setting the kernel FIPS mode with the fips-mode-setup and fips-finish-install commands
(jsc#PED-5041)
- Adapt fips-mode-setup to use the pbl command from the perl-Bootloader package instead of grubby
and add a note for transactional systems
- Ship the man pages for fips-mode-setup and fips-finish-install
- Make the supported versions change in the update-crypto-policies(8) man page persistent
(bsc#1209998)
| Advisory ID | SUSE-SU-2023:4458-1
|
| Released | Thu Nov 16 14:38:48 2023 |
| Summary | Security update for gcc13 |
| Type | security |
| Severity | important |
| References | 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 |
Description:
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
- CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
SUSE-CU-2023:3657-1
| Container Advisory ID | SUSE-CU-2023:3657-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.91 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.91 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:4310-1
|
| Released | Tue Oct 31 14:10:47 2023 |
| Summary | Recommended update for libtirpc |
| Type | recommended |
| Severity | moderate |
| References | 1196647 |
Description:
This Update for libtirpc to 1.3.4, fixing the following issues:
Update to 1.3.4 (bsc#1199467)
* binddynport.c honor ip_local_reserved_ports
- replaces: binddynport-honor-ip_local_reserved_ports.patch
* gss-api: expose gss major/minor error in authgss_refresh()
* rpcb_clnt.c: Eliminate double frees in delete_cache()
* rpcb_clnt.c: memory leak in destroy_addr
* portmapper: allow TCP-only portmapper
* getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
* clnt_raw.c: fix a possible null pointer dereference
* bindresvport.c: fix a potential resource leakage
Update to 1.3.3:
- Fix DoS vulnerability in libtirpc
- replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
- _rpc_dtablesize: use portable system call
- libtirpc: Fix use-after-free accessing the error number
- Fix potential memory leak of parms.r_addr
- replaces 0001-fix-parms.r_addr-memory-leak.patch
- rpcb_clnt.c add mechanism to try v2 protocol first
- preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- Eliminate deadlocks in connects with an MT environment
- clnt_dg_freeres() uncleared set active state may deadlock
- thread safe clnt destruction
- SUNRPC: mutexed access blacklist_read state variable
- SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
Update to 1.3.2:
- Replace the final SunRPC licenses with BSD licenses
- blacklist: Add a few more well known ports
- libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
Update to 1.3.1:
- Remove AUTH_DES interfaces from auth_des.h
The unsupported AUTH_DES authentication has be
compiled out since commit d918e41d889 (Wed Oct 9 2019)
replaced by API routines that return errors.
- svc_dg: Free xp_netid during destroy
- Fix memory management issues of fd locks
- libtirpc: replace array with list for per-fd locks
- __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
- __rpc_dtbsize: rlim_cur instead of rlim_max
- pkg-config: use the correct replacements for libdir/includedir
SUSE-CU-2023:3627-1
| Container Advisory ID | SUSE-CU-2023:3627-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.89 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.89 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:4162-1
|
| Released | Mon Oct 23 15:33:03 2023 |
| Summary | Security update for gcc13 |
| Type | security |
| Severity | important |
| References | 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 |
Description:
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
- CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
| Advisory ID | SUSE-SU-2023:4200-1
|
| Released | Wed Oct 25 12:04:29 2023 |
| Summary | Security update for nghttp2 |
| Type | security |
| Severity | important |
| References | 1216123,1216174,CVE-2023-44487 |
Description:
This update for nghttp2 fixes the following issues:
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)
| Advisory ID | SUSE-SU-2023:4215-1
|
| Released | Thu Oct 26 12:19:25 2023 |
| Summary | Security update for zlib |
| Type | security |
| Severity | moderate |
| References | 1216378,CVE-2023-45853 |
Description:
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
| Advisory ID | SUSE-SU-2023:4225-1
|
| Released | Fri Oct 27 11:02:14 2023 |
| Summary | Security update for zchunk |
| Type | security |
| Severity | important |
| References | 1216268,CVE-2023-46228 |
Description:
This update for zchunk fixes the following issues:
- CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268)
SUSE-CU-2023:3577-1
| Container Advisory ID | SUSE-CU-2023:3577-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.85 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.85 |
The following patches have been included in this update:
SUSE-CU-2023:3541-1
| Container Advisory ID | SUSE-CU-2023:3541-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.83 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.83 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:4105-1
|
| Released | Wed Oct 18 08:15:40 2023 |
| Summary | Recommended update for openssl-1_1 |
| Type | recommended |
| Severity | moderate |
| References | 1215215 |
Description:
This update for openssl-1_1 fixes the following issues:
- Displays 'fips' in the version string (bsc#1215215)
| Advisory ID | SUSE-RU-2023:4154-1
|
| Released | Fri Oct 20 19:33:25 2023 |
| Summary | Recommended update for aaa_base |
| Type | recommended |
| Severity | moderate |
| References | 1107342,1215434 |
Description:
This update for aaa_base fixes the following issues:
- Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342)
SUSE-CU-2023:3499-1
| Container Advisory ID | SUSE-CU-2023:3499-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.80 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.80 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:4153-1
|
| Released | Fri Oct 20 19:27:58 2023 |
| Summary | Recommended update for systemd |
| Type | recommended |
| Severity | moderate |
| References | 1215313 |
Description:
This update for systemd fixes the following issues:
- Fix mismatch of nss-resolve version in Package Hub (no source code changes)
SUSE-CU-2023:3490-1
| Container Advisory ID | SUSE-CU-2023:3490-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.79 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.79 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:4136-1
|
| Released | Thu Oct 19 14:15:02 2023 |
| Summary | Security update for suse-module-tools |
| Type | security |
| Severity | important |
| References | 1205767,1210335,CVE-2023-1829,CVE-2023-23559 |
Description:
This update for suse-module-tools fixes the following issues:
- Update to version 15.5.3:
- CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
module (bsc#1210335).
- CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
(bsc#1205767, jsc#PED-5731).
| Advisory ID | SUSE-RU-2023:4138-1
|
| Released | Thu Oct 19 17:15:38 2023 |
| Summary | Recommended update for systemd-rpm-macros |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for systemd-rpm-macros fixes the following issues:
- Switch to `systemd-hwdb` tool when updating the HW database. It's been
introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`.
SUSE-CU-2023:3456-1
| Container Advisory ID | SUSE-CU-2023:3456-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.77 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.77 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:4110-1
|
| Released | Wed Oct 18 12:35:26 2023 |
| Summary | Security update for glibc |
| Type | security |
| Severity | important |
| References | 1215286,1215891,CVE-2023-4813 |
Description:
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)
Also a regression from a previous update was fixed:
- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)
SUSE-CU-2023:3433-1
| Container Advisory ID | SUSE-CU-2023:3433-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.75 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.75 |
The following patches have been included in this update:
SUSE-CU-2023:3409-1
| Container Advisory ID | SUSE-CU-2023:3409-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.73 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.73 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:4044-1
|
| Released | Wed Oct 11 09:01:14 2023 |
| Summary | Security update for curl |
| Type | security |
| Severity | important |
| References | 1215888,1215889,CVE-2023-38545,CVE-2023-38546 |
Description:
This update for curl fixes the following issues:
- CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
- CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)
| Advisory ID | SUSE-RU-2023:4052-1
|
| Released | Wed Oct 11 14:11:55 2023 |
| Summary | Recommended update for babeltrace |
| Type | recommended |
| Severity | moderate |
| References | 1209275 |
Description:
This update ships missing babeltrace-devel to the Basesystem module
to allow building gdb source rpms. (bsc#1209275)
SUSE-CU-2023:3342-1
| Container Advisory ID | SUSE-CU-2023:3342-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.69 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.69 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:3997-1
|
| Released | Fri Oct 6 14:13:56 2023 |
| Summary | Security update for nghttp2 |
| Type | security |
| Severity | important |
| References | 1215713,CVE-2023-35945 |
Description:
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
SUSE-CU-2023:3324-1
| Container Advisory ID | SUSE-CU-2023:3324-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.68 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.68 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:4003-1
|
| Released | Mon Oct 9 08:29:33 2023 |
| Summary | Recommended update for apparmor |
| Type | recommended |
| Severity | moderate |
| References | 1215596 |
Description:
This update for apparmor fixes the following issues:
- Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596)
SUSE-CU-2023:3306-1
| Container Advisory ID | SUSE-CU-2023:3306-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.66 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.66 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:3973-1
|
| Released | Thu Oct 5 10:14:49 2023 |
| Summary | Recommended update for zypper |
| Type | recommended |
| Severity | moderate |
| References | 1213854,1214292,1214395,1215007 |
Description:
This update for zypper fixes the following issues:
- Fix name of the bash completion script (bsc#1215007)
- Update notes about failing signature checks (bsc#1214395)
- Improve the SIGINT handler to be signal safe (bsc#1214292)
- Update to version 1.14.64
- Changed location of bash completion script (bsc#1213854).
| Advisory ID | SUSE-RU-2023:3985-1
|
| Released | Thu Oct 5 14:05:51 2023 |
| Summary | Recommended update for suse-module-tools |
| Type | recommended |
| Severity | important |
| References | 1201066,1212957,1213428,1213822 |
Description:
This update for suse-module-tools fixes the following issues:
- Update to version 15.5.2:
* rpm-script: update bootloader after creating initramfs (bsc#1213822)
* rpm-script: generate initrd when INITRD_IN_POSTTRANS is set (bsc#1212957)
* cert-script: skip cert handling if efivarfs is not writable (bsc#1213428, bsc#1201066)
SUSE-CU-2023:3236-1
| Container Advisory ID | SUSE-CU-2023:3236-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.62 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.62 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:3954-1
|
| Released | Tue Oct 3 20:09:47 2023 |
| Summary | Security update for libeconf |
| Type | security |
| Severity | important |
| References | 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 |
Description:
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
SUSE-CU-2023:3177-1
| Container Advisory ID | SUSE-CU-2023:3177-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.59 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.59 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:3814-1
|
| Released | Wed Sep 27 18:08:17 2023 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | 1211829,1212819,1212910 |
Description:
This update for glibc fixes the following issues:
- nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)
- Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)
- elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)
- elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)
- ld.so: Always use MAP_COPY to map the first segment (BZ #30452)
- add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
| Advisory ID | SUSE-SU-2023:3822-1
|
| Released | Wed Sep 27 18:40:14 2023 |
| Summary | Security update for supportutils |
| Type | security |
| Severity | moderate |
| References | 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154 |
Description:
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
| Advisory ID | SUSE-SU-2023:3823-1
|
| Released | Wed Sep 27 18:42:38 2023 |
| Summary | Security update for curl |
| Type | security |
| Severity | important |
| References | 1215026,CVE-2023-38039 |
Description:
This update for curl fixes the following issues:
- CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)
| Advisory ID | SUSE-SU-2023:3828-1
|
| Released | Wed Sep 27 19:07:38 2023 |
| Summary | Security update for python3 |
| Type | security |
| Severity | important |
| References | 1214692,CVE-2023-40217 |
Description:
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
SUSE-CU-2023:3086-1
| Container Advisory ID | SUSE-CU-2023:3086-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.53 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.53 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:3717-1
|
| Released | Thu Sep 21 06:51:51 2023 |
| Summary | Recommended update for apparmor |
| Type | recommended |
| Severity | moderate |
| References | 1214458 |
Description:
This update for apparmor fixes the following issues:
- Update zgrep profile to allow egrep helper use (bsc#1214458)
SUSE-CU-2023:3063-1
| Container Advisory ID | SUSE-CU-2023:3063-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.52 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.52 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:3661-1
|
| Released | Mon Sep 18 21:44:09 2023 |
| Summary | Security update for gcc12 |
| Type | security |
| Severity | important |
| References | 1214052,CVE-2023-4039 |
Description:
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
| Advisory ID | SUSE-SU-2023:3666-1
|
| Released | Mon Sep 18 21:52:18 2023 |
| Summary | Security update for libxml2 |
| Type | security |
| Severity | important |
| References | 1214768,CVE-2023-39615 |
Description:
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
SUSE-CU-2023:3005-1
| Container Advisory ID | SUSE-CU-2023:3005-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.46 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.46 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:3611-1
|
| Released | Fri Sep 15 09:28:36 2023 |
| Summary | Recommended update for sysuser-tools |
| Type | recommended |
| Severity | moderate |
| References | 1195391,1205161,1207778,1213240,1214140 |
Description:
This update for sysuser-tools fixes the following issues:
- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391)
- Remove all systemd requires not supported on SLE15 (bsc#1214140)
SUSE-CU-2023:2939-1
| Container Advisory ID | SUSE-CU-2023:2939-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.41 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.41 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:3577-1
|
| Released | Mon Sep 11 15:04:01 2023 |
| Summary | Recommended update for crypto-policies |
| Type | recommended |
| Severity | low |
| References | 1209998 |
Description:
This update for crypto-policies fixes the following issues:
- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)
SUSE-CU-2023:2906-1
| Container Advisory ID | SUSE-CU-2023:2906-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.35 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.35 |
The following patches have been included in this update:
SUSE-CU-2023:2861-1
| Container Advisory ID | SUSE-CU-2023:2861-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.34 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.34 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:3472-1
|
| Released | Tue Aug 29 10:55:16 2023 |
| Summary | Security update for procps |
| Type | security |
| Severity | low |
| References | 1214290,CVE-2023-4016 |
Description:
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
| Advisory ID | SUSE-SU-2023:3497-1
|
| Released | Wed Aug 30 21:25:05 2023 |
| Summary | Security update for vim |
| Type | security |
| Severity | important |
| References | 1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 |
Description:
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 1572.
- CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996).
- CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256).
- CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257).
| Advisory ID | SUSE-RU-2023:3514-1
|
| Released | Fri Sep 1 15:48:52 2023 |
| Summary | Recommended update for libzypp, zypper |
| Type | recommended |
| Severity | moderate |
| References | 1158763,1210740,1213231,1213557,1213673 |
Description:
This update for libzypp, zypper fixes the following issues:
- Fix occasional isue with downloading very small files (bsc#1213673)
- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)
- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)
- Revised explanation of --force-resolution in man page (bsc#1213557)
- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)
SUSE-CU-2023:2768-1
| Container Advisory ID | SUSE-CU-2023:2768-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.29 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.29 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:3440-1
|
| Released | Mon Aug 28 08:57:10 2023 |
| Summary | Security update for gawk |
| Type | security |
| Severity | low |
| References | 1214025,CVE-2023-4156 |
Description:
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
| Advisory ID | SUSE-RU-2023:3451-1
|
| Released | Mon Aug 28 12:15:22 2023 |
| Summary | Recommended update for systemd |
| Type | recommended |
| Severity | moderate |
| References | 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 |
Description:
This update for systemd fixes the following issues:
- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)
- Decrease devlink priority for iso disks (bsc#1213185)
- Do not ignore mount point paths longer than 255 characters (bsc#1208194)
- Refuse hibernation if there's no possible way to resume (bsc#1186606)
- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)
- Drop some entries no longer needed by YaST (bsc#1194609)
- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)
- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)
| Advisory ID | SUSE-RU-2023:3466-1
|
| Released | Tue Aug 29 07:33:16 2023 |
| Summary | Recommended update for icu |
| Type | recommended |
| Severity | moderate |
| References | 1103893,1112183 |
Description:
This update for icu fixes the following issues:
- Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419)
| Advisory ID | SUSE-RU-2023:3485-1
|
| Released | Tue Aug 29 14:20:56 2023 |
| Summary | Recommended update for lvm2 |
| Type | recommended |
| Severity | moderate |
| References | 1214071 |
Description:
This update for lvm2 fixes the following issues:
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
SUSE-CU-2023:2761-1
| Container Advisory ID | SUSE-CU-2023:2761-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.22 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.22 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:3410-1
|
| Released | Thu Aug 24 06:56:32 2023 |
| Summary | Recommended update for audit |
| Type | recommended |
| Severity | moderate |
| References | 1201519,1204844 |
Description:
This update for audit fixes the following issues:
- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)
SUSE-CU-2023:2712-1
| Container Advisory ID | SUSE-CU-2023:2712-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.18 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.18 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:3325-1
|
| Released | Wed Aug 16 08:26:08 2023 |
| Summary | Security update for krb5 |
| Type | security |
| Severity | important |
| References | 1214054,CVE-2023-36054 |
Description:
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
SUSE-CU-2023:2682-1
| Container Advisory ID | SUSE-CU-2023:2682-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.17 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.17 |
The following patches have been included in this update:
SUSE-CU-2023:2624-1
| Container Advisory ID | SUSE-CU-2023:2624-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.14 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.14 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:3274-1
|
| Released | Fri Aug 11 10:17:36 2023 |
| Summary | Recommended update for man |
| Type | recommended |
| Severity | moderate |
| References | 1155879 |
Description:
This update for man fixes the following issues:
- Avoid refreshing database by inverting exit status of find command (bsc#1155879)
| Advisory ID | SUSE-RU-2023:3276-1
|
| Released | Fri Aug 11 10:20:40 2023 |
| Summary | Recommended update for apparmor |
| Type | recommended |
| Severity | moderate |
| References | 1213472 |
Description:
This update for apparmor fixes the following issues:
- Add pam_apparmor README (bsc#1213472)
SUSE-CU-2023:2574-1
| Container Advisory ID | SUSE-CU-2023:2574-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.11 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.11 |
The following patches have been included in this update:
| Advisory ID | SUSE-SU-2023:3242-1
|
| Released | Tue Aug 8 18:19:40 2023 |
| Summary | Security update for openssl-1_1 |
| Type | security |
| Severity | moderate |
| References | 1213853,CVE-2023-3817 |
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
SUSE-CU-2023:2533-1
| Container Advisory ID | SUSE-CU-2023:2533-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.9 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.9 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:3217-1
|
| Released | Mon Aug 7 16:51:10 2023 |
| Summary | Recommended update for cryptsetup |
| Type | recommended |
| Severity | moderate |
| References | 1211079 |
Description:
This update for cryptsetup fixes the following issues:
- Handle system with low memory and no swap space (bsc#1211079)
SUSE-CU-2023:2513-1
| Container Advisory ID | SUSE-CU-2023:2513-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.7 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.7 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2023:3088-1
|
| Released | Tue Aug 1 09:52:03 2023 |
| Summary | Recommended update for systemd-presets-common-SUSE |
| Type | recommended |
| Severity | moderate |
| References | 1212496 |
Description:
This update for systemd-presets-common-SUSE fixes the following issues:
- Fix systemctl being called with an empty argument (bsc#1212496)
- Don't call systemctl list-unit-files with an empty argument (bsc#1212496)
- Add wtmpdb-update-boot.service and wtmpdb-rotate.timer
| Advisory ID | SUSE-RU-2023:3102-1
|
| Released | Tue Aug 1 14:11:53 2023 |
| Summary | Recommended update for openssl-1_1 |
| Type | recommended |
| Severity | moderate |
| References | 1213517 |
Description:
This update for openssl-1_1 fixes the following issues:
- Dont pass zero length input to EVP_Cipher (bsc#1213517)
SUSE-CU-2023:2475-1
| Container Advisory ID | SUSE-CU-2023:2475-1 |
| Container Tags | suse/sle-micro/5.5/toolbox:12.1 , suse/sle-micro/5.5/toolbox:12.1-2.2.1 , suse/sle-micro/5.5/toolbox:latest |
| Container Release | 2.2.1 |
The following patches have been included in this update:
| Advisory ID | SUSE-RU-2018:1332-1
|
| Released | Tue Jul 17 09:01:19 2018 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1073299,1093392 |
Description:
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
| Advisory ID | SUSE-RU-2018:2463-1
|
| Released | Thu Oct 25 14:48:34 2018 |
| Summary | Recommended update for timezone, timezone-java |
| Type | recommended |
| Severity | moderate |
| References | 1104700,1112310 |
Description:
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
| Advisory ID | SUSE-RU-2018:2550-1
|
| Released | Wed Oct 31 16:16:56 2018 |
| Summary | Recommended update for timezone, timezone-java |
| Type | recommended |
| Severity | moderate |
| References | 1113554 |
Description:
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
| Advisory ID | SUSE-RU-2018:2569-1
|
| Released | Fri Nov 2 19:00:18 2018 |
| Summary | Recommended update for pam |
| Type | recommended |
| Severity | moderate |
| References | 1110700 |
Description:
This update for pam fixes the following issues:
- Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)
| Advisory ID | SUSE-RU-2018:2607-1
|
| Released | Wed Nov 7 15:42:48 2018 |
| Summary | Optional update for gcc8 |
| Type | recommended |
| Severity | low |
| References | 1084812,1084842,1087550,1094222,1102564 |
Description:
The GNU Compiler GCC 8 is being added to the Development Tools Module by this
update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other
gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed,
quite some new warnings added and the error pin-pointing and
fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that
have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html
| Advisory ID | SUSE-SU-2018:2825-1
|
| Released | Mon Dec 3 15:35:02 2018 |
| Summary | Security update for pam |
| Type | security |
| Severity | important |
| References | 1115640,CVE-2018-17953 |
Description:
This update for pam fixes the following issue:
Security issue fixed:
- CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).
| Advisory ID | SUSE-SU-2018:2861-1
|
| Released | Thu Dec 6 14:32:01 2018 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | important |
| References | 1103320,1115929,CVE-2018-19211 |
Description:
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).
Non-security issue fixed:
- Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).
| Advisory ID | SUSE-RU-2019:44-1
|
| Released | Tue Jan 8 13:07:32 2019 |
| Summary | Recommended update for acl |
| Type | recommended |
| Severity | low |
| References | 953659 |
Description:
This update for acl fixes the following issues:
- test: Add helper library to fake passwd/group files.
- quote: Escape literal backslashes. (bsc#953659)
| Advisory ID | SUSE-RU-2019:102-1
|
| Released | Tue Jan 15 18:02:58 2019 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1120402 |
Description:
This update for timezone fixes the following issues:
- Update 2018i:
São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
| Advisory ID | SUSE-SU-2019:247-1
|
| Released | Wed Feb 6 07:18:45 2019 |
| Summary | Security update for lua53 |
| Type | security |
| Severity | moderate |
| References | 1123043,CVE-2019-6706 |
Description:
This update for lua53 fixes the following issues:
Security issue fixed:
- CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043)
| Advisory ID | SUSE-SU-2019:571-1
|
| Released | Thu Mar 7 18:13:46 2019 |
| Summary | Security update for file |
| Type | security |
| Severity | moderate |
| References | 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 |
Description:
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in
readelf.c, which allowed remote attackers to cause a denial of service
(application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
| Advisory ID | SUSE-SU-2019:788-1
|
| Released | Thu Mar 28 11:55:06 2019 |
| Summary | Security update for sqlite3 |
| Type | security |
| Severity | moderate |
| References | 1119687,CVE-2018-20346 |
Description:
This update for sqlite3 to version 3.27.2 fixes the following issue:
Security issue fixed:
- CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).
Release notes: https://www.sqlite.org/releaselog/3_27_2.html
| Advisory ID | SUSE-RU-2019:790-1
|
| Released | Thu Mar 28 12:06:17 2019 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1130557 |
Description:
This update for timezone fixes the following issues:
timezone was updated 2019a:
- Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
- Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
- Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
- zic now has an -r option to limit the time range of output data
| Advisory ID | SUSE-SU-2019:926-1
|
| Released | Wed Apr 10 16:33:12 2019 |
| Summary | Security update for tar |
| Type | security |
| Severity | moderate |
| References | 1120610,1130496,CVE-2018-20482,CVE-2019-9923 |
Description:
This update for tar fixes the following issues:
Security issues fixed:
- CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
- CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).
| Advisory ID | SUSE-SU-2019:1127-1
|
| Released | Thu May 2 09:39:24 2019 |
| Summary | Security update for sqlite3 |
| Type | security |
| Severity | moderate |
| References | 1130325,1130326,CVE-2019-9936,CVE-2019-9937 |
Description:
This update for sqlite3 to version 3.28.0 fixes the following issues:
Security issues fixed:
- CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix
queries inside transaction (bsc#1130326).
- CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in
a single transaction with an fts5 virtual table (bsc#1130325).
| Advisory ID | SUSE-SU-2019:1368-1
|
| Released | Tue May 28 13:15:38 2019 |
| Summary | Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root |
| Type | security |
| Severity | important |
| References | 1134524,CVE-2019-5021 |
Description:
This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:
- CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)
| Advisory ID | SUSE-RU-2019:1631-1
|
| Released | Fri Jun 21 11:17:21 2019 |
| Summary | Recommended update for xz |
| Type | recommended |
| Severity | low |
| References | 1135709 |
Description:
This update for xz fixes the following issues:
Add SUSE-Public-Domain licence as some parts of xz utils (liblzma,
xz, xzdec, lzmadec, documentation, translated messages, tests,
debug, extra directory) are in public domain licence [bsc#1135709]
| Advisory ID | SUSE-RU-2019:1815-1
|
| Released | Thu Jul 11 07:47:55 2019 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1140016 |
Description:
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
| Advisory ID | SUSE-RU-2019:2218-1
|
| Released | Mon Aug 26 11:29:57 2019 |
| Summary | Recommended update for pinentry |
| Type | recommended |
| Severity | moderate |
| References | 1141883 |
Description:
This update for pinentry fixes the following issues:
- Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883)
| Advisory ID | SUSE-SU-2019:2533-1
|
| Released | Thu Oct 3 15:02:50 2019 |
| Summary | Security update for sqlite3 |
| Type | security |
| Severity | moderate |
| References | 1150137,CVE-2019-16168 |
Description:
This update for sqlite3 fixes the following issues:
Security issue fixed:
- CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137).
| Advisory ID | SUSE-SU-2019:2730-1
|
| Released | Mon Oct 21 16:04:57 2019 |
| Summary | Security update for procps |
| Type | security |
| Severity | important |
| References | 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 |
Description:
This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top
with HOME unset in an attacker-controlled directory, the attacker could have
achieved privilege escalation by exploiting one of several vulnerabilities in
the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash (temporary
denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation for a
local attacker who can create entries in procfs by starting processes, which
could result in crashes or arbitrary code execution in proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was
mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).
Also this non-security issue was fixed:
- Fix CPU summary showing old data. (bsc#1121753)
The update to 3.3.15 contains the following fixes:
- library: Increment to 8:0:1
No removals, no new functions
Changes: slab and pid structures
- library: Just check for SIGLOST and don't delete it
- library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
- library: Use size_t for alloc functions CVE-2018-1126
- library: Increase comm size to 64
- pgrep: Fix stack-based buffer overflow CVE-2018-1125
- pgrep: Remove >15 warning as comm can be longer
- ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
- ps: Increase command name selection field to 64
- top: Don't use cwd for location of config CVE-2018-1122
- update translations
- library: build on non-glibc systems
- free: fix scaling on 32-bit systems
- Revert 'Support running with child namespaces'
- library: Increment to 7:0:1
No changes, no removals
New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
- doc: Document I idle state in ps.1 and top.1
- free: fix some of the SI multiples
- kill: -l space between name parses correctly
- library: dont use vm_min_free on non Linux
- library: don't strip off wchan prefixes (ps & top)
- pgrep: warn about 15+ char name only if -f not used
- pgrep/pkill: only match in same namespace by default
- pidof: specify separator between pids
- pkill: Return 0 only if we can kill process
- pmap: fix duplicate output line under '-x' option
- ps: avoid eip/esp address truncations
- ps: recognizes SCHED_DEADLINE as valid CPU scheduler
- ps: display NUMA node under which a thread ran
- ps: Add seconds display for cputime and time
- ps: Add LUID field
- sysctl: Permit empty string for value
- sysctl: Don't segv when file not available
- sysctl: Read and write large buffers
- top: add config file support for XDG specification
- top: eliminated minor libnuma memory leak
- top: show fewer memory decimal places (configurable)
- top: provide command line switch for memory scaling
- top: provide command line switch for CPU States
- top: provides more accurate cpu usage at startup
- top: display NUMA node under which a thread ran
- top: fix argument parsing quirk resulting in SEGV
- top: delay interval accepts non-locale radix point
- top: address a wishlist man page NLS suggestion
- top: fix potential distortion in 'Mem' graph display
- top: provide proper multi-byte string handling
- top: startup defaults are fully customizable
- watch: define HOST_NAME_MAX where not defined
- vmstat: Fix alignment for disk partition format
- watch: Support ANSI 39,49 reset sequences
| Advisory ID | SUSE-RU-2019:2762-1
|
| Released | Thu Oct 24 07:08:44 2019 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1150451 |
Description:
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
| Advisory ID | SUSE-SU-2019:2997-1
|
| Released | Mon Nov 18 15:16:38 2019 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 |
Description:
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).
Non-security issue fixed:
- Removed screen.xterm from terminfo database (bsc#1103320).
| Advisory ID | SUSE-SU-2019:3061-1
|
| Released | Mon Nov 25 17:34:22 2019 |
| Summary | Security update for gcc9 |
| Type | security |
| Severity | moderate |
| References | 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 |
Description:
This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html
The base system compiler libraries libgcc_s1, libstdc++6 and others are
now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 /
CXX=g++-9 during configuration for using it.
Security issues fixed:
- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)
Non-security issues fixed:
- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
| Advisory ID | SUSE-SU-2019:3086-1
|
| Released | Thu Nov 28 10:02:24 2019 |
| Summary | Security update for libidn2 |
| Type | security |
| Severity | moderate |
| References | 1154884,1154887,CVE-2019-12290,CVE-2019-18224 |
Description:
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
| Advisory ID | SUSE-RU-2020:225-1
|
| Released | Fri Jan 24 06:49:07 2020 |
| Summary | Recommended update for procps |
| Type | recommended |
| Severity | moderate |
| References | 1158830 |
Description:
This update for procps fixes the following issues:
- Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830)
| Advisory ID | SUSE-RU-2020:525-1
|
| Released | Fri Feb 28 11:49:36 2020 |
| Summary | Recommended update for pam |
| Type | recommended |
| Severity | moderate |
| References | 1164562 |
Description:
This update for pam fixes the following issues:
- Add libdb as build-time dependency to enable pam_userdb module.
Enable pam_userdb.so (jsc#sle-7258, bsc#1164562)
| Advisory ID | SUSE-RU-2020:689-1
|
| Released | Fri Mar 13 17:09:01 2020 |
| Summary | Recommended update for pam |
| Type | recommended |
| Severity | moderate |
| References | 1166510 |
Description:
This update for PAM fixes the following issue:
- The license of libdb linked against pam_userdb is not always wanted,
so we temporary disabled pam_userdb again. It will be published
in a different package at a later time. (bsc#1166510)
| Advisory ID | SUSE-RU-2020:917-1
|
| Released | Fri Apr 3 15:02:25 2020 |
| Summary | Recommended update for pam |
| Type | recommended |
| Severity | moderate |
| References | 1166510 |
Description:
This update for pam fixes the following issues:
- Moved pam_userdb into a separate package pam-extra. (bsc#1166510)
| Advisory ID | SUSE-SU-2020:948-1
|
| Released | Wed Apr 8 07:44:21 2020 |
| Summary | Security update for gmp, gnutls, libnettle |
| Type | security |
| Severity | moderate |
| References | 1152692,1155327,1166881,1168345,CVE-2020-11501 |
Description:
This update for gmp, gnutls, libnettle fixes the following issues:
Security issue fixed:
- CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)
FIPS related bugfixes:
- FIPS: Install checksums for binary integrity verification which are
required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
- FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if
input is shorter than block size. (bsc#1166881)
- FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)
| Advisory ID | SUSE-RU-2020:1226-1
|
| Released | Fri May 8 10:51:05 2020 |
| Summary | Recommended update for gcc9 |
| Type | recommended |
| Severity | moderate |
| References | 1149995,1152590,1167898 |
Description:
This update for gcc9 fixes the following issues:
This update ships the GCC 9.3 release.
- Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
- Includes fix for binutils version parsing
- Add libstdc++6-pp provides and conflicts to avoid file conflicts
with same minor version of libstdc++6-pp from gcc10.
- Add gcc9 autodetect -g at lto link (bsc#1149995)
- Install go tool buildid for bootstrapping go
| Advisory ID | SUSE-SU-2020:1294-1
|
| Released | Mon May 18 07:38:36 2020 |
| Summary | Security update for file |
| Type | security |
| Severity | moderate |
| References | 1154661,1169512,CVE-2019-18218 |
Description:
This update for file fixes the following issues:
Security issues fixed:
- CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661).
Non-security issue fixed:
- Fixed broken '--help' output (bsc#1169512).
| Advisory ID | SUSE-RU-2020:1303-1
|
| Released | Mon May 18 09:40:36 2020 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1169582 |
Description:
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
| Advisory ID | SUSE-RU-2020:1328-1
|
| Released | Mon May 18 17:16:04 2020 |
| Summary | Recommended update for grep |
| Type | recommended |
| Severity | moderate |
| References | 1155271 |
Description:
This update for grep fixes the following issues:
- Update testsuite expectations, no functional changes (bsc#1155271)
| Advisory ID | SUSE-RU-2020:1542-1
|
| Released | Thu Jun 4 13:24:37 2020 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1172055 |
Description:
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
| Advisory ID | SUSE-RU-2020:1954-1
|
| Released | Sat Jul 18 03:07:15 2020 |
| Summary | Recommended update for cracklib |
| Type | recommended |
| Severity | moderate |
| References | 1172396 |
Description:
This update for cracklib fixes the following issues:
- Fixed a buffer overflow when processing long words.
| Advisory ID | SUSE-RU-2020:2083-1
|
| Released | Thu Jul 30 10:27:59 2020 |
| Summary | Recommended update for diffutils |
| Type | recommended |
| Severity | moderate |
| References | 1156913 |
Description:
This update for diffutils fixes the following issue:
- Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913)
| Advisory ID | SUSE-RU-2020:2256-1
|
| Released | Mon Aug 17 15:08:46 2020 |
| Summary | Recommended update for sysfsutils |
| Type | recommended |
| Severity | moderate |
| References | 1155305 |
Description:
This update for sysfsutils fixes the following issue:
- Fix cdev name comparison. (bsc#1155305)
| Advisory ID | SUSE-RU-2020:2735-1
|
| Released | Thu Sep 24 13:32:25 2020 |
| Summary | Recommended update for systemd-rpm-macros |
| Type | recommended |
| Severity | moderate |
| References | 1173034 |
Description:
This update for systemd-rpm-macros fixes the following issues:
- Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034)
| Advisory ID | SUSE-RU-2020:2782-1
|
| Released | Tue Sep 29 11:40:22 2020 |
| Summary | Recommended update for systemd-rpm-macros |
| Type | recommended |
| Severity | important |
| References | 1176932 |
Description:
This update for systemd-rpm-macros fixes the following issues:
- Backport missing macros of directory paths from upstream
+ %_environmentdir
+ %_modulesloaddir
+ %_modprobedir
- Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the
empty string. (bsc#1176932)
Otherwise sequences like the following code:
if [ ... ]; then
%_restart_on_update_never
fi
would result in the following incorrect shell syntax:
if [ ... ]; then
fi
| Advisory ID | SUSE-SU-2020:2947-1
|
| Released | Fri Oct 16 15:23:07 2020 |
| Summary | Security update for gcc10, nvptx-tools |
| Type | security |
| Severity | moderate |
| References | 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 |
Description:
This update for gcc10, nvptx-tools fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
Changes in nvptx-tools:
| Advisory ID | SUSE-RU-2020:2958-1
|
| Released | Tue Oct 20 12:24:55 2020 |
| Summary | Recommended update for procps |
| Type | recommended |
| Severity | moderate |
| References | 1158830 |
Description:
This update for procps fixes the following issues:
- Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830)
| Advisory ID | SUSE-RU-2020:2983-1
|
| Released | Wed Oct 21 15:03:03 2020 |
| Summary | Recommended update for file |
| Type | recommended |
| Severity | moderate |
| References | 1176123 |
Description:
This update for file fixes the following issues:
- Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123)
| Advisory ID | SUSE-OU-2020:3026-1
|
| Released | Fri Oct 23 15:35:51 2020 |
| Summary | Optional update for the Public Cloud Module |
| Type | optional |
| Severity | moderate |
| References | |
Description:
This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:
- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)
| Advisory ID | SUSE-RU-2020:3099-1
|
| Released | Thu Oct 29 19:33:41 2020 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1177460 |
Description:
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
| Advisory ID | SUSE-RU-2020:3123-1
|
| Released | Tue Nov 3 09:48:13 2020 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | important |
| References | 1177460,1178346,1178350,1178353 |
Description:
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
| Advisory ID | SUSE-RU-2020:3462-1
|
| Released | Fri Nov 20 13:14:35 2020 |
| Summary | Recommended update for pam and sudo |
| Type | recommended |
| Severity | moderate |
| References | 1174593,1177858,1178727 |
Description:
This update for pam and sudo fixes the following issue:
pam:
- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)
sudo:
- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)
| Advisory ID | SUSE-RU-2020:3620-1
|
| Released | Thu Dec 3 17:03:55 2020 |
| Summary | Recommended update for pam |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for pam fixes the following issues:
- Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
- Check whether the password contains a substring of of the user's name of at least `` characters length in
some form. This is enabled by the new parameter `usersubstr=`
| Advisory ID | SUSE-RU-2020:3791-1
|
| Released | Mon Dec 14 17:39:19 2020 |
| Summary | Recommended update for gzip |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for gzip fixes the following issue:
- Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775)
Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`.
| Advisory ID | SUSE-OU-2020:3795-1
|
| Released | Mon Dec 14 17:43:26 2020 |
| Summary | Optional update for systemd-rpm-macros |
| Type | optional |
| Severity | low |
| References | 1059627,1178481,1179020 |
Description:
This update for systemd-rpm-macros fixes the following issues:
- Deprecate '-f'/'-n' options
When used with %service_del_preun, support for these options will be
dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the
next version of SLE (jsc#SLE-8968)
When used with %service_del_postun, they should be replaced with
their counterpart
%service_del_postun_with_restart/%service_del_postun_without_restart
- Introduced %service_del_postun_with_restart()
It's the counterpart of %service_del_postun_without_restart() and
replaces the '-f' option of %service_del_postun().
- Does no longer apply presets when migrating from a disabled initscript (bsc#1178481)
- Fix importing of %{_unitdir}
| Advisory ID | SUSE-RU-2020:3942-1
|
| Released | Tue Dec 29 12:22:01 2020 |
| Summary | Recommended update for libidn2 |
| Type | recommended |
| Severity | moderate |
| References | 1180138 |
Description:
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
| Advisory ID | SUSE-RU-2021:179-1
|
| Released | Wed Jan 20 13:38:51 2021 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1177460 |
Description:
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
| Advisory ID | SUSE-RU-2021:220-1
|
| Released | Tue Jan 26 14:00:51 2021 |
| Summary | Recommended update for keyutils |
| Type | recommended |
| Severity | moderate |
| References | 1180603 |
Description:
This update for keyutils fixes the following issues:
- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
| Advisory ID | SUSE-RU-2021:293-1
|
| Released | Wed Feb 3 12:52:34 2021 |
| Summary | Recommended update for gmp |
| Type | recommended |
| Severity | moderate |
| References | 1180603 |
Description:
This update for gmp fixes the following issues:
- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)
| Advisory ID | SUSE-RU-2021:294-1
|
| Released | Wed Feb 3 12:54:28 2021 |
| Summary | Recommended update for libprotobuf |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
libprotobuf was updated to fix:
- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
| Advisory ID | SUSE-RU-2021:301-1
|
| Released | Thu Feb 4 08:46:27 2021 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1177460 |
Description:
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
| Advisory ID | SUSE-OU-2021:339-1
|
| Released | Mon Feb 8 13:16:07 2021 |
| Summary | Optional update for pam |
| Type | optional |
| Severity | low |
| References | |
Description:
This update for pam fixes the following issues:
- Added rpm macros for this package, so that other packages can make use of it
This patch is optional to be installed - it doesn't fix any bugs.
| Advisory ID | SUSE-RU-2021:656-1
|
| Released | Mon Mar 1 09:34:21 2021 |
| Summary | Recommended update for protobuf |
| Type | recommended |
| Severity | moderate |
| References | 1177127 |
Description:
This update for protobuf fixes the following issues:
- Add missing dependency of python subpackages on python-six. (bsc#1177127)
| Advisory ID | SUSE-RU-2021:707-1
|
| Released | Thu Mar 4 09:19:36 2021 |
| Summary | Recommended update for systemd-rpm-macros |
| Type | recommended |
| Severity | moderate |
| References | 1177039 |
Description:
This update for systemd-rpm-macros fixes the following issues:
- Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts.
Packagers can now choose to use the upstream or the SUSE variants
indifferently. For consistency the SUSE variants should be preferred
since almost all SUSE packages already use them but the upstream
versions might be usefull in certain cases where packages need to
support multiple distros based on RPM.
- Improve the logic used to apply the presets. (bsc#1177039)
Before presests were applied at a) package installation b) new units
introduced via a package update (but after making sure that it was
not a SysV initscript being converted).
The problem is that a) didn't handle package a renaming or split
properly since the package with the new name is installed rather
being updated and therefore the presets were applied even if they
were already with the old name.
We now cover this case (and the other ones) by applying presets only
if the units are new and the services are not being migrated. This
regardless of whether this happens during an install or an update.
| Advisory ID | SUSE-RU-2021:795-1
|
| Released | Tue Mar 16 10:28:02 2021 |
| Summary | Recommended update for systemd-rpm-macros |
| Type | recommended |
| Severity | low |
| References | 1182661,1183012,1183051 |
Description:
This update for systemd-rpm-macros fixes the following issues:
- Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012)
- Fixed an issue with %systemd_user_post, where the --global parameter was treated like if
it was another service (bsc#1183051, bsc#1182661)
| Advisory ID | SUSE-RU-2021:927-1
|
| Released | Tue Mar 23 14:07:06 2021 |
| Summary | Recommended update for libreoffice |
| Type | recommended |
| Severity | moderate |
| References | 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 |
Description:
This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790)
libreoffice:
- Image shown with different aspect ratio (bsc#1176547)
- Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644)
- Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375)
- Wrong bullet points in Impress (bsc#1174465)
- SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955)
- Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471)
- SUSE Mint
- SUSE Midnight Blue
- SUSE Waterhole Blue
- SUSE Persimmon
- Fix a crash opening a PPTX. (bsc#1179025)
- Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807)
- Shadow effects for table completely missing (bsc#1178944, bsc#1178943)
- Disable firebird integration for the time being (bsc#1179203)
- Fixes hang on Writer on scrolling/saving of a document (bsc#1136234)
- Wrong rendering of bulleted lists in PPTX document (bsc#1155141)
- Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404)
- Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658)
libixion:
Update to 0.16.1:
- fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values.
- worked around floating point rounding errors which prevented two theoretically-equal numeric values from being
evaluated as equal in test code.
- added new function to allow printing of single formula tokens.
- added method for setting cached results on formula cells in model_context.
- changed the model_context design to ensure that all sheets are of the same size.
- added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns
a string value from cell.
- added cell_access class for querying of cell states without knowing its type ahead of time.
- added document class which provides a layer on top of model_context, to abstract away the handling of formula
calculations.
- deprecated model_context::erase_cell() in favor of empty_cell().
- added support for 3D references - references that contain multiple sheets.
- added support for the exponent (^) and concatenation (&) operators.
- fixed incorrect handling of range references containing whole columns such as A:A.
- added support for unordered range references - range references whose start row or column is greater than
their end position counterparts, such as A3:A1.
- fixed a bug that prevented nested formula functions from working properly.
- implemented Calc A1 style reference resolver.
- formula results now directly store the string values when the results are of string type.
They previously stored string ID values after interning the original strings.
- Removed build-time dependency on spdlog.
libmwaw:
Update to 0.3.17:
- add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file
still contains its resource fork
- add a parser for Canvas 3 and 3.5 files
- AppleWorks parser: try to retrieve more Windows presentation
- add a parser for Drawing Table files
- add a parser for Canvas 2 files
- API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29`
and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined
- remove the QuarkXPress parser (must be in libqxp)
- retrieve the annotation in MsWord 5 document
- try to better understand RagTime 5-6 document
libnumbertext:
Update to 1.0.6
liborcus:
Update to 0.16.1
- Add upstream changes to fix build with GCC 11 (bsc#1181872)
libstaroffice:
Update to 0.0.7:
- fix `text:sender-lastname` when creating meta-data
libwps:
Update to 0.4.11:
- XYWrite: add a parser to .fil v2 and v4 files
- wks,wk1: correct some problems when retrieving cell's reference.
glfw:
New package provided on version 3.3.2:
- See also: https://www.glfw.org/changelog.html
- Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090)
* Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h
* glfwFocusWindow could terminate on older WMs or without a WM
* Creating an undecorated window could fail with BadMatch
* Querying a disconnected monitor could segfault
* Video modes with a duplicate screen area were discarded
* The CMake files did not check for the XInput headers
* Key names were not updated when the keyboard layout changed
* Decorations could not be enabled after window creation
* Content scale fallback value could be inconsistent
* Disabled cursor mode was interrupted by indicator windows
* Monitor physical dimensions could be reported as zero mm
* Window position events were not emitted during resizing
* Added on-demand loading of Vulkan and context creation API libraries
* [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was
set to `GLFW_DONT_CARE`
* [X11] Bugfix: Input focus was set before window was visible,
causing BadMatch on some non-reparenting WMs
* [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on
the window frame instead of the client area
* [WGL] Added reporting of errors from `WGL_ARB_create_context` extension
* [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries
* [EGL] Bugfix: Dynamically loaded entry points were not verified
- Made build of geany-tags optional.
Box2D:
New package provided on version 2.4.1:
* Extended distance joint to have a minimum and maximum limit.
* `B2_USER_SETTINGS` and `b2_user_settings.h` can control user
data, length units, and maximum polygon vertices.
* Default user data is now uintptr_t instead of void*
* b2FixtureDef::restitutionThreshold lets you set the
restitution velocity threshold per fixture.
* Collision
* Chain and edge shape must now be one-sided to eliminate ghost
collisions
* Broad-phase optimizations
* Added b2ShapeCast for linear shape casting
* Dynamics
* Joint limits are now predictive and not stateful
* Experimental 2D cloth (rope)
* b2Body::SetActive -> b2Body::SetEnabled
* Better support for running multiple worlds
* Handle zero density better
* The body behaves like a static body
* The body is drawn with a red color
* Added translation limit to wheel joint
* World dump now writes to box2d_dump.inl
* Static bodies are never awake
* All joints with spring-dampers now use stiffness and damping
* Added utility functions to convert frequency and damping
ratio to stiffness and damping
* Polygon creation now computes the convex hull.
* The convex hull code will merge vertices closer than dm_linearSlop.
| Advisory ID | SUSE-SU-2021:930-1
|
| Released | Wed Mar 24 12:09:23 2021 |
| Summary | Security update for nghttp2 |
| Type | security |
| Severity | important |
| References | 1172442,1181358,CVE-2020-11080 |
Description:
This update for nghttp2 fixes the following issues:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)
| Advisory ID | SUSE-SU-2021:974-1
|
| Released | Mon Mar 29 19:31:27 2021 |
| Summary | Security update for tar |
| Type | security |
| Severity | low |
| References | 1181131,CVE-2021-20193 |
Description:
This update for tar fixes the following issues:
CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131)
| Advisory ID | SUSE-RU-2021:1018-1
|
| Released | Tue Apr 6 14:29:13 2021 |
| Summary | Recommended update for gzip |
| Type | recommended |
| Severity | moderate |
| References | 1180713 |
Description:
This update for gzip fixes the following issues:
- Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)
| Advisory ID | SUSE-RU-2021:1169-1
|
| Released | Tue Apr 13 15:01:42 2021 |
| Summary | Recommended update for procps |
| Type | recommended |
| Severity | low |
| References | 1181976 |
Description:
This update for procps fixes the following issues:
- Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)
| Advisory ID | SUSE-RU-2021:1289-1
|
| Released | Wed Apr 21 14:02:46 2021 |
| Summary | Recommended update for gzip |
| Type | recommended |
| Severity | moderate |
| References | 1177047 |
Description:
This update for gzip fixes the following issues:
- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)
| Advisory ID | SUSE-RU-2021:1291-1
|
| Released | Wed Apr 21 14:04:06 2021 |
| Summary | Recommended update for mpfr |
| Type | recommended |
| Severity | moderate |
| References | 1141190 |
Description:
This update for mpfr fixes the following issues:
- Fixed an issue when building for ppc64le (bsc#1141190)
Technical library fixes:
- A subtraction of two numbers of the same sign or addition of two numbers of different signs
can be rounded incorrectly (and the ternary value can be incorrect) when one of the two
inputs is reused as the output (destination) and all these MPFR numbers have exactly
GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit
machines).
- The mpfr_fma and mpfr_fms functions can behave incorrectly in case of internal overflow or
underflow.
- The result of the mpfr_sqr function can be rounded incorrectly in a rare case near underflow
when the destination has exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on
32-bit machines, 64 bits on 64-bit machines) and the input has at most GMP_NUMB_BITS bits
of precision.
- The behavior and documentation of the mpfr_get_str function are inconsistent concerning the
minimum precision (this is related to the change of the minimum precision from 2 to 1 in
MPFR 4.0.0). The get_str patch fixes this issue in the following way: the value 1 can now be
provided for n (4th argument of mpfr_get_str); if n = 0, then the number of significant digits
in the output string can now be 1, as already implied by the documentation (but the code was
increasing it to 2).
- The mpfr_cmp_q function can behave incorrectly when the rational (mpq_t) number has a null
denominator.
- The mpfr_inp_str and mpfr_out_str functions might behave incorrectly when the stream is a
null pointer: the stream is replaced by stdin and stdout, respectively. This behavior is
useless, not documented (thus incorrect in case a null pointer would have a special meaning),
and not consistent with other input/output functions.
| Advisory ID | SUSE-RU-2021:1549-1
|
| Released | Mon May 10 13:48:00 2021 |
| Summary | Recommended update for procps |
| Type | recommended |
| Severity | moderate |
| References | 1185417 |
Description:
This update for procps fixes the following issues:
- Support up to 2048 CPU as well. (bsc#1185417)
| Advisory ID | SUSE-RU-2021:1643-1
|
| Released | Wed May 19 13:51:48 2021 |
| Summary | Recommended update for pam |
| Type | recommended |
| Severity | important |
| References | 1181443,1184358,1185562 |
Description:
This update for pam fixes the following issues:
- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)
| Advisory ID | SUSE-RU-2021:1861-1
|
| Released | Fri Jun 4 09:59:40 2021 |
| Summary | Recommended update for gcc10 |
| Type | recommended |
| Severity | moderate |
| References | 1029961,1106014,1178577,1178624,1178675,1182016 |
Description:
This update for gcc10 fixes the following issues:
- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)
| Advisory ID | SUSE-RU-2021:1935-1
|
| Released | Thu Jun 10 10:45:09 2021 |
| Summary | Recommended update for gzip |
| Type | recommended |
| Severity | moderate |
| References | 1186642 |
Description:
This update for gzip fixes the following issue:
- gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead
to migration issues. (bsc#1186642)
| Advisory ID | SUSE-RU-2021:1937-1
|
| Released | Thu Jun 10 10:47:09 2021 |
| Summary | Recommended update for nghttp2 |
| Type | recommended |
| Severity | moderate |
| References | 1186642 |
Description:
This update for nghttp2 fixes the following issue:
- The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead
to migration issues. (bsc#1186642)
| Advisory ID | SUSE-RU-2021:2173-1
|
| Released | Mon Jun 28 14:59:45 2021 |
| Summary | Recommended update for automake |
| Type | recommended |
| Severity | moderate |
| References | 1040589,1047218,1182604,1185540,1186049 |
Description:
This update for automake fixes the following issues:
- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)
This update for pcre fixes the following issues:
- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)
This update for brp-check-suse fixes the following issues:
- Add fixes to support reproducible builds. (bsc#1186049)
| Advisory ID | SUSE-RU-2021:2193-1
|
| Released | Mon Jun 28 18:38:43 2021 |
| Summary | Recommended update for tar |
| Type | recommended |
| Severity | moderate |
| References | 1184124 |
Description:
This update for tar fixes the following issues:
- Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124)
| Advisory ID | SUSE-SU-2021:2196-1
|
| Released | Tue Jun 29 09:41:39 2021 |
| Summary | Security update for lua53 |
| Type | security |
| Severity | moderate |
| References | 1175448,1175449,CVE-2020-24370,CVE-2020-24371 |
Description:
This update for lua53 fixes the following issues:
Update to version 5.3.6:
- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
| Advisory ID | SUSE-SU-2021:2320-1
|
| Released | Wed Jul 14 17:01:06 2021 |
| Summary | Security update for sqlite3 |
| Type | security |
| Severity | important |
| References | 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 |
Description:
This update for sqlite3 fixes the following issues:
- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener
optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator (bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference
(bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with
a shadow table name (bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated
columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)
| Advisory ID | SUSE-RU-2021:2456-1
|
| Released | Thu Jul 22 15:28:39 2021 |
| Summary | Recommended update for pam-config |
| Type | recommended |
| Severity | moderate |
| References | 1187091 |
Description:
This update for pam-config fixes the following issues:
- Add 'revoke' to the option list for 'pam_keyinit'.
- Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091)
| Advisory ID | SUSE-RU-2021:2573-1
|
| Released | Thu Jul 29 14:21:52 2021 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1188127 |
Description:
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
| Advisory ID | SUSE-RU-2021:2625-1
|
| Released | Thu Aug 5 12:10:27 2021 |
| Summary | Recommended update for supportutils |
| Type | recommended |
| Severity | moderate |
| References | 1185991,1185993,1186347,1186397,1186687,1188348 |
Description:
This update for supportutils fixes the following issues:
ethtool was updated to version 3.1.17:
- Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)
- Adding ethtool options g l m to network.txt (jsc#SLE-18240)
- lsof options to improve performance (bsc#1186687)
- Exclude rhn.conf from etc.txt (bsc#1186347)
- analyzevmcore supports local directories (bsc#1186397)
- getappcore checks for valid compression binary (bsc#1185991)
- getappcore does not trigger errors with help message (bsc#1185993)
| Advisory ID | SUSE-RU-2021:2627-1
|
| Released | Thu Aug 5 12:10:46 2021 |
| Summary | Recommended maintenance update for systemd-default-settings |
| Type | recommended |
| Severity | moderate |
| References | 1188348 |
Description:
This update for systemd-default-settings fixes the following issue:
- Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)
| Advisory ID | SUSE-RU-2021:2899-1
|
| Released | Wed Sep 1 08:30:58 2021 |
| Summary | Recommended update for systemd-rpm-macros |
| Type | recommended |
| Severity | moderate |
| References | 1186282,1187332 |
Description:
This update for systemd-rpm-macros fixes the following issues:
- Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332)
- Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead.
- %sysusers_create_inline: use here-docs instead of echo (bsc#1186282)
| Advisory ID | SUSE-RU-2021:2997-1
|
| Released | Thu Sep 9 14:37:34 2021 |
| Summary | Recommended update for python3 |
| Type | recommended |
| Severity | moderate |
| References | 1187338,1189659 |
Description:
This update for python3 fixes the following issues:
- Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338)
| Advisory ID | SUSE-RU-2021:3001-1
|
| Released | Thu Sep 9 15:08:13 2021 |
| Summary | Recommended update for netcfg |
| Type | recommended |
| Severity | moderate |
| References | 1189683 |
Description:
This update for netcfg fixes the following issues:
- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]
| Advisory ID | SUSE-RU-2021:3182-1
|
| Released | Tue Sep 21 17:04:26 2021 |
| Summary | Recommended update for file |
| Type | recommended |
| Severity | moderate |
| References | 1189996 |
Description:
This update for file fixes the following issues:
- Fixes exception thrown by memory allocation problem (bsc#1189996)
| Advisory ID | SUSE-RU-2021:3203-1
|
| Released | Thu Sep 23 14:41:35 2021 |
| Summary | Recommended update for kmod |
| Type | recommended |
| Severity | moderate |
| References | 1189537,1190190 |
Description:
This update for kmod fixes the following issues:
- Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190).
- Enable support for ZSTD compressed modules
- Display module information even for modules built into the running kernel (bsc#1189537)
- '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well.
- Remove test patches included in release 29
- Update to release 29
* Fix `modinfo -F` not working for built-in modules and certain fields.
* Fix a memory leak, overflow and double free on error path.
| Advisory ID | SUSE-SU-2021:3291-1
|
| Released | Wed Oct 6 16:45:36 2021 |
| Summary | Security update for glibc |
| Type | security |
| Severity | moderate |
| References | 1186489,1187911,CVE-2021-33574,CVE-2021-35942 |
Description:
This update for glibc fixes the following issues:
- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).
| Advisory ID | SUSE-SU-2021:3490-1
|
| Released | Wed Oct 20 16:31:55 2021 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1190793,CVE-2021-39537 |
Description:
This update for ncurses fixes the following issues:
- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)
| Advisory ID | SUSE-RU-2021:3494-1
|
| Released | Wed Oct 20 16:48:46 2021 |
| Summary | Recommended update for pam |
| Type | recommended |
| Severity | moderate |
| References | 1190052 |
Description:
This update for pam fixes the following issues:
- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)
| Advisory ID | SUSE-RU-2021:3501-1
|
| Released | Fri Oct 22 10:42:46 2021 |
| Summary | Recommended update for libzypp, zypper, libsolv, protobuf |
| Type | recommended |
| Severity | moderate |
| References | 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 |
Description:
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:
- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)
| Advisory ID | SUSE-RU-2021:3510-1
|
| Released | Tue Oct 26 11:22:15 2021 |
| Summary | Recommended update for pam |
| Type | recommended |
| Severity | important |
| References | 1191987 |
Description:
This update for pam fixes the following issues:
- Fixed a bad directive file which resulted in
the 'securetty' file to be installed as 'macros.pam'.
(bsc#1191987)
| Advisory ID | SUSE-SU-2021:3529-1
|
| Released | Wed Oct 27 09:23:32 2021 |
| Summary | Security update for pcre |
| Type | security |
| Severity | moderate |
| References | 1172973,1172974,CVE-2019-20838,CVE-2020-14155 |
Description:
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)
| Advisory ID | SUSE-RU-2021:3792-1
|
| Released | Wed Nov 24 06:12:09 2021 |
| Summary | Recommended update for kmod |
| Type | recommended |
| Severity | moderate |
| References | 1192104 |
Description:
This update for kmod fixes the following issues:
- Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256)
| Advisory ID | SUSE-RU-2021:3799-1
|
| Released | Wed Nov 24 18:07:54 2021 |
| Summary | Recommended update for gcc11 |
| Type | recommended |
| Severity | moderate |
| References | 1187153,1187273,1188623 |
Description:
This update for gcc11 fixes the following issues:
The additional GNU compiler collection GCC 11 is provided:
To select these compilers install the packages:
- gcc11
- gcc-c++11
- and others with 11 prefix.
to select them for building:
The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.
| Advisory ID | SUSE-RU-2021:3872-1
|
| Released | Thu Dec 2 07:25:55 2021 |
| Summary | Recommended update for cracklib |
| Type | recommended |
| Severity | moderate |
| References | 1191736 |
Description:
This update for cracklib fixes the following issues:
- Enable build time tests (bsc#1191736)
| Advisory ID | SUSE-RU-2021:3883-1
|
| Released | Thu Dec 2 11:47:07 2021 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1177460 |
Description:
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
| Advisory ID | SUSE-RU-2021:3891-1
|
| Released | Fri Dec 3 10:21:49 2021 |
| Summary | Recommended update for keyutils |
| Type | recommended |
| Severity | moderate |
| References | 1029961,1113013,1187654 |
Description:
This update for keyutils fixes the following issues:
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
keyutils was updated to 1.6.3 (jsc#SLE-20016):
- Revert the change notifications that were using /dev/watch_queue.
- Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
- Allow 'keyctl supports' to retrieve raw capability data.
- Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
- Allow 'keyctl new_session' to name the keyring.
- Allow 'keyctl add/padd/etc.' to take hex-encoded data.
- Add 'keyctl watch*' to expose kernel change notifications on keys.
- Add caps for namespacing and notifications.
- Set a default TTL on keys that upcall for name resolution.
- Explicitly clear memory after it's held sensitive information.
- Various manual page fixes.
- Fix C++-related errors.
- Add support for keyctl_move().
- Add support for keyctl_capabilities().
- Make key=val list optional for various public-key ops.
- Fix system call signature for KEYCTL_PKEY_QUERY.
- Fix 'keyctl pkey_query' argument passing.
- Use keyctl_read_alloc() in dump_key_tree_aux().
- Various manual page fixes.
Updated to 1.6:
- Apply various specfile cleanups from Fedora.
- request-key: Provide a command line option to suppress helper execution.
- request-key: Find least-wildcard match rather than first match.
- Remove the dependency on MIT Kerberos.
- Fix some error messages
- keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
- Fix doc and comment typos.
- Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
- Add pkg-config support for finding libkeyutils.
- upstream isn't offering PGP signatures for the source tarballs anymore
Updated to 1.5.11 (bsc#1113013)
- Add keyring restriction support.
- Add KDF support to the Diffie-Helman function.
- DNS: Add support for AFS config files and SRV records
| Advisory ID | SUSE-SU-2021:3942-1
|
| Released | Mon Dec 6 14:46:05 2021 |
| Summary | Security update for brotli |
| Type | security |
| Severity | moderate |
| References | 1175825,CVE-2020-8927 |
Description:
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
| Advisory ID | SUSE-SU-2021:3946-1
|
| Released | Mon Dec 6 14:57:42 2021 |
| Summary | Security update for gmp |
| Type | security |
| Severity | moderate |
| References | 1192717,CVE-2021-43618 |
Description:
This update for gmp fixes the following issues:
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).
| Advisory ID | SUSE-RU-2021:3980-1
|
| Released | Thu Dec 9 16:42:19 2021 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | 1191592 |
Description:
glibc was updated to fix the following issue:
- Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)
| Advisory ID | SUSE-RU-2021:4009-1
|
| Released | Mon Dec 13 11:24:43 2021 |
| Summary | Recommended update for systemd-rpm-macros |
| Type | recommended |
| Severity | low |
| References | |
Description:
This update for systemd-rpm-macros fixes the following issues:
- Introduce rpm macro %_systemd_util_dir
| Advisory ID | SUSE-SU-2021:4104-1
|
| Released | Thu Dec 16 11:14:12 2021 |
| Summary | Security update for python3 |
| Type | security |
| Severity | moderate |
| References | 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 |
Description:
This update for python3 fixes the following issues:
- CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374).
- CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241).
- CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287).
- We do not require python-rpm-macros package (bsc#1180125).
- Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858).
- Stop providing 'python' symbol, which means python2 currently (bsc#1185588).
- Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668).
| Advisory ID | SUSE-RU-2021:4165-1
|
| Released | Wed Dec 22 22:52:11 2021 |
| Summary | Recommended update for kmod |
| Type | recommended |
| Severity | moderate |
| References | 1193430 |
Description:
This update for kmod fixes the following issues:
- Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430)
| Advisory ID | SUSE-RU-2022:48-1
|
| Released | Tue Jan 11 09:17:57 2022 |
| Summary | Recommended update for python3 |
| Type | recommended |
| Severity | moderate |
| References | 1190566,1192249,1193179 |
Description:
This update for python3 fixes the following issues:
- Don't use OpenSSL 1.1 on platforms which don't have it.
- Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249).
- Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566)
- Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'.
| Advisory ID | SUSE-SU-2022:184-1
|
| Released | Tue Jan 25 18:20:56 2022 |
| Summary | Security update for json-c |
| Type | security |
| Severity | important |
| References | 1171479,CVE-2020-12762 |
Description:
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479)
| Advisory ID | SUSE-RU-2022:207-1
|
| Released | Thu Jan 27 09:24:49 2022 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for glibc fixes the following issues:
- Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049).
| Advisory ID | SUSE-RU-2022:228-1
|
| Released | Mon Jan 31 06:07:52 2022 |
| Summary | Recommended update for boost |
| Type | recommended |
| Severity | moderate |
| References | 1194522 |
Description:
This update for boost fixes the following issues:
- Fix compilation errors (bsc#1194522)
| Advisory ID | SUSE-SU-2022:330-1
|
| Released | Fri Feb 4 09:29:08 2022 |
| Summary | Security update for glibc |
| Type | security |
| Severity | important |
| References | 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 |
Description:
This update for glibc fixes the following issues:
- CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640)
- CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770)
Features added:
- IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195)
| Advisory ID | SUSE-RU-2022:353-1
|
| Released | Tue Feb 8 17:41:48 2022 |
| Summary | Recommended update for systemd-rpm-macros |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for systemd-rpm-macros fixes the following issues:
- %sysusers_create_inline was wrongly marked as deprecated
- %sysusers_create can be useful in certain cases and won't go away until we'll
move to file triggers. So don't mark it as deprecated too
| Advisory ID | SUSE-RU-2022:789-1
|
| Released | Thu Mar 10 11:22:05 2022 |
| Summary | Recommended update for update-alternatives |
| Type | recommended |
| Severity | moderate |
| References | 1195654 |
Description:
This update for update-alternatives fixes the following issues:
- Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)
| Advisory ID | SUSE-RU-2022:808-1
|
| Released | Fri Mar 11 06:07:58 2022 |
| Summary | Recommended update for procps |
| Type | recommended |
| Severity | moderate |
| References | 1195468 |
Description:
This update for procps fixes the following issues:
- Stop registering signal handler for SIGURG, to avoid `ps` failure if
someone sends such signal. Without the signal handler, SIGURG will
just be ignored. (bsc#1195468)
| Advisory ID | SUSE-RU-2022:861-1
|
| Released | Tue Mar 15 23:31:21 2022 |
| Summary | Recommended update for openssl-1_1 |
| Type | recommended |
| Severity | moderate |
| References | 1182959,1195149,1195792,1195856 |
Description:
This update for openssl-1_1 fixes the following issues:
openssl-1_1:
- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
glibc:
- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
linux-glibc-devel:
- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1
libxcrypt:
- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1
zlib:
- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1
| Advisory ID | SUSE-RU-2022:936-1
|
| Released | Tue Mar 22 18:10:17 2022 |
| Summary | Recommended update for filesystem and systemd-rpm-macros |
| Type | recommended |
| Severity | moderate |
| References | 1196275,1196406 |
Description:
This update for filesystem and systemd-rpm-macros fixes the following issues:
filesystem:
- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
systemd-rpm-macros:
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)
| Advisory ID | SUSE-SU-2022:942-1
|
| Released | Thu Mar 24 10:30:15 2022 |
| Summary | Security update for python3 |
| Type | security |
| Severity | moderate |
| References | 1186819,CVE-2021-3572 |
Description:
This update for python3 fixes the following issues:
- CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819).
| Advisory ID | SUSE-SU-2022:1040-1
|
| Released | Wed Mar 30 09:40:58 2022 |
| Summary | Security update for protobuf |
| Type | security |
| Severity | moderate |
| References | 1195258,CVE-2021-22570 |
Description:
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
| Advisory ID | SUSE-RU-2022:1047-1
|
| Released | Wed Mar 30 16:20:56 2022 |
| Summary | Recommended update for pam |
| Type | recommended |
| Severity | moderate |
| References | 1196093,1197024 |
Description:
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
| Advisory ID | SUSE-RU-2022:1118-1
|
| Released | Tue Apr 5 18:34:06 2022 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1177460 |
Description:
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
| Advisory ID | SUSE-RU-2022:1119-1
|
| Released | Wed Apr 6 09:16:06 2022 |
| Summary | Recommended update for supportutils |
| Type | recommended |
| Severity | moderate |
| References | 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 |
Description:
This update for supportutils fixes the following issues:
- Add command `blkid`
- Add email.txt based on OPTION_EMAIL (bsc#1189028)
- Add rpcinfo -p output #116
- Add s390x specific files and output
- Add shared memory as a log directory for emergency use (bsc#1190943)
- Fix cron package for RPM validation (bsc#1190315)
- Fix for invalid argument during updates (bsc#1193204)
- Fix iscsi initiator name (bsc#1195797)
- Improve `lsblk` readability with `--ascsi` option
- Include 'multipath -t' output in mpio.txt
- Include /etc/sssd/conf.d configuration files
- Include udev rules in /lib/udev/rules.d/
- Made /proc directory and network names spaces configurable (bsc#1193868)
- Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect
SUSE Linux Enterprise 15 Serivce Pack 3 and 4 (bsc#1191096)
- Move localmessage/warm logs out of messages.txt to new localwarn.txt
- Optimize configuration files
- Remove chronyc DNS lookups with -n switch (bsc#1193732)
- Remove duplicate commands in network.txt
- Remove duplicate firewalld status output
- getappcore identifies compressed core files (bsc#1191794)
| Advisory ID | SUSE-SU-2022:1158-1
|
| Released | Tue Apr 12 14:44:43 2022 |
| Summary | Security update for xz |
| Type | security |
| Severity | important |
| References | 1198062,CVE-2022-1271 |
Description:
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
| Advisory ID | SUSE-RU-2022:1281-1
|
| Released | Wed Apr 20 12:26:38 2022 |
| Summary | Recommended update for libtirpc |
| Type | recommended |
| Severity | moderate |
| References | 1196647 |
Description:
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
| Advisory ID | SUSE-RU-2022:1374-1
|
| Released | Mon Apr 25 15:02:13 2022 |
| Summary | Recommended update for openldap2 |
| Type | recommended |
| Severity | moderate |
| References | 1191157,1197004 |
Description:
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
| Advisory ID | SUSE-RU-2022:1409-1
|
| Released | Tue Apr 26 12:54:57 2022 |
| Summary | Recommended update for gcc11 |
| Type | recommended |
| Severity | moderate |
| References | 1195628,1196107 |
Description:
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
| Advisory ID | SUSE-RU-2022:1451-1
|
| Released | Thu Apr 28 10:47:22 2022 |
| Summary | Recommended update for perl |
| Type | recommended |
| Severity | moderate |
| References | 1193489 |
Description:
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
| Advisory ID | SUSE-SU-2022:1548-1
|
| Released | Thu May 5 16:45:28 2022 |
| Summary | Security update for tar |
| Type | security |
| Severity | moderate |
| References | 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 |
Description:
This update for tar fixes the following issues:
- CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131).
- CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496).
- CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610).
- Update to GNU tar 1.34:
* Fix extraction over pipe
* Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131)
* Fix extraction when . and .. are unreadable
* Gracefully handle duplicate symlinks when extracting
* Re-initialize supplementary groups when switching to user
privileges
- Update to GNU tar 1.33:
* POSIX extended format headers do not include PID by default
* --delay-directory-restore works for archives with reversed
member ordering
* Fix extraction of a symbolic link hardlinked to another
symbolic link
* Wildcards in exclude-vcs-ignore mode don't match slash
* Fix the --no-overwrite-dir option
* Fix handling of chained renames in incremental backups
* Link counting works for file names supplied with -T
* Accept only position-sensitive (file-selection) options in file
list files
- prepare usrmerge (bsc#1029961)
- Update to GNU 1.32
* Fix the use of --checkpoint without explicit --checkpoint-action
* Fix extraction with the -U option
* Fix iconv usage on BSD-based systems
* Fix possible NULL dereference (savannah bug #55369)
[bsc#1130496] [CVE-2019-9923]
* Improve the testsuite
- Update to GNU 1.31
* Fix heap-buffer-overrun with --one-top-level, bug introduced
with the addition of that option in 1.28
* Support for zstd compression
* New option '--zstd' instructs tar to use zstd as compression
program. When listing, extractng and comparing, zstd compressed
archives are recognized automatically. When '-a' option is in
effect, zstd compression is selected if the destination archive
name ends in '.zst' or '.tzst'.
* The -K option interacts properly with member names given in the
command line. Names of members to extract can be specified along
with the '-K NAME' option. In this case, tar will extract NAME
and those of named members that appear in the archive after it,
which is consistent with the semantics of the option. Previous
versions of tar extracted NAME, those of named members that
appeared before it, and everything after it.
* Fix CVE-2018-20482 - When creating archives with the --sparse
option, previous versions of tar would loop endlessly if a
sparse file had been truncated while being archived.
| Advisory ID | SUSE-SU-2022:1617-1
|
| Released | Tue May 10 14:40:12 2022 |
| Summary | Security update for gzip |
| Type | security |
| Severity | important |
| References | 1198062,1198922,CVE-2022-1271 |
Description:
This update for gzip fixes the following issues:
- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)
| Advisory ID | SUSE-RU-2022:1655-1
|
| Released | Fri May 13 15:36:10 2022 |
| Summary | Recommended update for pam |
| Type | recommended |
| Severity | moderate |
| References | 1197794 |
Description:
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
| Advisory ID | SUSE-RU-2022:1658-1
|
| Released | Fri May 13 15:40:20 2022 |
| Summary | Recommended update for libpsl |
| Type | recommended |
| Severity | important |
| References | 1197771 |
Description:
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
| Advisory ID | SUSE-SU-2022:1670-1
|
| Released | Mon May 16 10:06:30 2022 |
| Summary | Security update for openldap2 |
| Type | security |
| Severity | important |
| References | 1199240,CVE-2022-29155 |
Description:
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
| Advisory ID | SUSE-SU-2022:1718-1
|
| Released | Tue May 17 17:44:43 2022 |
| Summary | Security update for e2fsprogs |
| Type | security |
| Severity | important |
| References | 1198446,CVE-2022-1304 |
Description:
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
| Advisory ID | SUSE-RU-2022:1887-1
|
| Released | Tue May 31 09:24:18 2022 |
| Summary | Recommended update for grep |
| Type | recommended |
| Severity | moderate |
| References | 1040589 |
Description:
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
| Advisory ID | SUSE-RU-2022:1899-1
|
| Released | Wed Jun 1 10:43:22 2022 |
| Summary | Recommended update for libtirpc |
| Type | recommended |
| Severity | important |
| References | 1198176 |
Description:
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
| Advisory ID | SUSE-RU-2022:1909-1
|
| Released | Wed Jun 1 16:25:35 2022 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | 1198751 |
Description:
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
| Advisory ID | SUSE-RU-2022:2019-1
|
| Released | Wed Jun 8 16:50:07 2022 |
| Summary | Recommended update for gcc11 |
| Type | recommended |
| Severity | moderate |
| References | 1192951,1193659,1195283,1196861,1197065 |
Description:
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
- includes SLS hardening backport on x86_64. [bsc#1195283]
- includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
- fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
- use --with-cpu rather than specifying --with-arch/--with-tune
- Fix D memory corruption in -M output.
- Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
- fixes issue with debug dumping together with -o /dev/null
- fixes libgccjit issue showing up in emacs build [bsc#1192951]
- Package mwaitintrin.h
| Advisory ID | SUSE-SU-2022:2294-1
|
| Released | Wed Jul 6 13:34:15 2022 |
| Summary | Security update for expat |
| Type | security |
| Severity | important |
| References | 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 |
Description:
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
| Advisory ID | SUSE-SU-2022:2305-1
|
| Released | Wed Jul 6 13:38:42 2022 |
| Summary | Security update for curl |
| Type | security |
| Severity | important |
| References | 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 |
Description:
This update for curl fixes the following issues:
- CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
| Advisory ID | SUSE-SU-2022:2357-1
|
| Released | Mon Jul 11 20:34:20 2022 |
| Summary | Security update for python3 |
| Type | security |
| Severity | important |
| References | 1198511,CVE-2015-20107 |
Description:
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
| Advisory ID | SUSE-RU-2022:2358-1
|
| Released | Tue Jul 12 04:21:59 2022 |
| Summary | Recommended update for augeas |
| Type | recommended |
| Severity | moderate |
| References | 1197443 |
Description:
This update for augeas fixes the following issues:
- Fix handling of keywords in new sysctl.conf (bsc#1197443)
| Advisory ID | SUSE-SU-2022:2361-1
|
| Released | Tue Jul 12 12:05:01 2022 |
| Summary | Security update for pcre |
| Type | security |
| Severity | important |
| References | 1199232,CVE-2022-1586 |
Description:
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
| Advisory ID | SUSE-RU-2022:2406-1
|
| Released | Fri Jul 15 11:49:01 2022 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | 1197718,1199140,1200334,1200855 |
Description:
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
| Advisory ID | SUSE-RU-2022:2469-1
|
| Released | Thu Jul 21 04:38:31 2022 |
| Summary | Recommended update for systemd |
| Type | recommended |
| Severity | important |
| References | 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 |
Description:
This update for systemd fixes the following issues:
- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these
directories are read by both udevd and systemd-networkd (bsc#1201276)
- Allow control characters in environment variable values (bsc#1200170)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
| Advisory ID | SUSE-RU-2022:2493-1
|
| Released | Thu Jul 21 14:35:08 2022 |
| Summary | Recommended update for rpm-config-SUSE |
| Type | recommended |
| Severity | moderate |
| References | 1193282 |
Description:
This update for rpm-config-SUSE fixes the following issues:
- Add SBAT values macros for other packages (bsc#1193282)
| Advisory ID | SUSE-RU-2022:2494-1
|
| Released | Thu Jul 21 15:16:42 2022 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | important |
| References | 1200855,1201560,1201640 |
Description:
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
| Advisory ID | SUSE-SU-2022:2546-1
|
| Released | Mon Jul 25 14:43:22 2022 |
| Summary | Security update for gpg2 |
| Type | security |
| Severity | important |
| References | 1196125,1201225,CVE-2022-34903 |
Description:
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
| Advisory ID | SUSE-RU-2022:2573-1
|
| Released | Thu Jul 28 04:24:19 2022 |
| Summary | Recommended update for libzypp, zypper |
| Type | recommended |
| Severity | moderate |
| References | 1194550,1197684,1199042 |
Description:
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
| Advisory ID | SUSE-SU-2022:2632-1
|
| Released | Wed Aug 3 09:51:00 2022 |
| Summary | Security update for permissions |
| Type | security |
| Severity | important |
| References | 1198720,1200747,1201385 |
Description:
This update for permissions fixes the following issues:
- apptainer: fix starter-suid location (bsc#1198720)
- static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
- postfix: add postlog setgid for maildrop binary (bsc#1201385)
| Advisory ID | SUSE-RU-2022:2640-1
|
| Released | Wed Aug 3 10:43:44 2022 |
| Summary | Recommended update for yaml-cpp |
| Type | recommended |
| Severity | moderate |
| References | 1160171,1178331,1178332,1200624 |
Description:
This update for yaml-cpp fixes the following issue:
- Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old
ABI to prevent ABI breakage and crash of applications compiled with 0.6.1
(bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171).
| Advisory ID | SUSE-SU-2022:2717-1
|
| Released | Tue Aug 9 12:54:16 2022 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1198627,CVE-2022-29458 |
Description:
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
| Advisory ID | SUSE-RU-2022:2735-1
|
| Released | Wed Aug 10 04:31:41 2022 |
| Summary | Recommended update for tar |
| Type | recommended |
| Severity | moderate |
| References | 1200657 |
Description:
This update for tar fixes the following issues:
- Fix race condition while creating intermediate subdirectories (bsc#1200657)
| Advisory ID | SUSE-RU-2022:2796-1
|
| Released | Fri Aug 12 14:34:31 2022 |
| Summary | Recommended update for jitterentropy |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
| Advisory ID | SUSE-RU-2022:2844-1
|
| Released | Thu Aug 18 14:41:25 2022 |
| Summary | Recommended update for tar |
| Type | recommended |
| Severity | important |
| References | 1202436 |
Description:
This update for tar fixes the following issues:
- A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436)
| Advisory ID | SUSE-RU-2022:2901-1
|
| Released | Fri Aug 26 03:34:23 2022 |
| Summary | Recommended update for elfutils |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
| Advisory ID | SUSE-RU-2022:2904-1
|
| Released | Fri Aug 26 05:28:34 2022 |
| Summary | Recommended update for openldap2 |
| Type | recommended |
| Severity | moderate |
| References | 1198341 |
Description:
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
| Advisory ID | SUSE-RU-2022:2920-1
|
| Released | Fri Aug 26 15:17:02 2022 |
| Summary | Recommended update for systemd |
| Type | recommended |
| Severity | important |
| References | 1195059,1201795 |
Description:
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
| Advisory ID | SUSE-RU-2022:2929-1
|
| Released | Mon Aug 29 11:21:47 2022 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | important |
| References | 1202310 |
Description:
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
| Advisory ID | SUSE-RU-2022:2944-1
|
| Released | Wed Aug 31 05:39:14 2022 |
| Summary | Recommended update for procps |
| Type | recommended |
| Severity | important |
| References | 1181475 |
Description:
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
| Advisory ID | SUSE-SU-2022:3003-1
|
| Released | Fri Sep 2 15:01:44 2022 |
| Summary | Security update for curl |
| Type | security |
| Severity | low |
| References | 1202593,CVE-2022-35252 |
Description:
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
| Advisory ID | SUSE-feature-2022:3126-1
|
| Released | Wed Sep 7 04:34:30 2022 |
| Summary | Feature update for gdb |
| Type | feature |
| Severity | important |
| References | 1185605 |
Description:
This feature update for gdb fixes the following issues:
- Enable build option `--with-debuginfod` (bsc#1185605, jsc#PED-1246, jsc#PED-1149, jsc#PED-1138)
| Advisory ID | SUSE-RU-2022:3127-1
|
| Released | Wed Sep 7 04:36:10 2022 |
| Summary | Recommended update for libtirpc |
| Type | recommended |
| Severity | moderate |
| References | 1198752,1200800 |
Description:
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
| Advisory ID | SUSE-SU-2022:3142-1
|
| Released | Wed Sep 7 09:54:18 2022 |
| Summary | Security update for icu |
| Type | security |
| Severity | moderate |
| References | 1193951,CVE-2020-21913 |
Description:
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
| Advisory ID | SUSE-RU-2022:3220-1
|
| Released | Fri Sep 9 04:30:52 2022 |
| Summary | Recommended update for libzypp, zypper |
| Type | recommended |
| Severity | moderate |
| References | 1199895,1200993,1201092,1201576,1201638 |
Description:
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes
| Advisory ID | SUSE-RU-2022:3262-1
|
| Released | Tue Sep 13 15:34:29 2022 |
| Summary | Recommended update for gcc11 |
| Type | recommended |
| Severity | moderate |
| References | 1199140 |
Description:
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
| Advisory ID | SUSE-SU-2022:3271-1
|
| Released | Wed Sep 14 06:45:39 2022 |
| Summary | Security update for perl |
| Type | security |
| Severity | moderate |
| References | 1047178,CVE-2017-6512 |
Description:
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
| Advisory ID | SUSE-RU-2022:3304-1
|
| Released | Mon Sep 19 11:43:25 2022 |
| Summary | Recommended update for libassuan |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
| Advisory ID | SUSE-SU-2022:3305-1
|
| Released | Mon Sep 19 11:45:57 2022 |
| Summary | Security update for libtirpc |
| Type | security |
| Severity | important |
| References | 1201680,CVE-2021-46828 |
Description:
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
| Advisory ID | SUSE-SU-2022:3307-1
|
| Released | Mon Sep 19 13:26:51 2022 |
| Summary | Security update for sqlite3 |
| Type | security |
| Severity | moderate |
| References | 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 |
Description:
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
| Advisory ID | SUSE-RU-2022:3328-1
|
| Released | Wed Sep 21 12:48:56 2022 |
| Summary | Recommended update for jitterentropy |
| Type | recommended |
| Severity | moderate |
| References | 1202870 |
Description:
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
| Advisory ID | SUSE-SU-2022:3353-1
|
| Released | Fri Sep 23 15:23:40 2022 |
| Summary | Security update for permissions |
| Type | security |
| Severity | moderate |
| References | 1203018,CVE-2022-31252 |
Description:
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
| Advisory ID | SUSE-RU-2022:3452-1
|
| Released | Wed Sep 28 12:13:43 2022 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | 1201942 |
Description:
This update for glibc fixes the following issues:
- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)
| Advisory ID | SUSE-SU-2022:3489-1
|
| Released | Sat Oct 1 13:35:24 2022 |
| Summary | Security update for expat |
| Type | security |
| Severity | important |
| References | 1203438,CVE-2022-40674 |
Description:
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
| Advisory ID | SUSE-SU-2022:3544-1
|
| Released | Thu Oct 6 13:48:42 2022 |
| Summary | Security update for python3 |
| Type | security |
| Severity | important |
| References | 1202624,CVE-2021-28861 |
Description:
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
| Advisory ID | SUSE-RU-2022:3555-1
|
| Released | Mon Oct 10 14:05:12 2022 |
| Summary | Recommended update for aaa_base |
| Type | recommended |
| Severity | important |
| References | 1199492 |
Description:
This update for aaa_base fixes the following issues:
- The wrapper rootsh is not a restricted shell. (bsc#1199492)
| Advisory ID | SUSE-RU-2022:3564-1
|
| Released | Tue Oct 11 16:15:57 2022 |
| Summary | Recommended update for libzypp, zypper |
| Type | recommended |
| Severity | critical |
| References | 1189282,1201972,1203649 |
Description:
This update for libzypp, zypper fixes the following issues:
libzypp:
- Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282)
- Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
- Remove migration code that is no longer needed (bsc#1203649)
- Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined
zypper:
- Fix contradiction in the man page: `--download-in-advance` option is the default behavior
- Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
- Fix tests to use locale 'C.UTF-8' rather than 'en_US'
- Make sure 'up' respects solver related CLI options (bsc#1201972)
- Remove unneeded code to compute the PPP status because it is now auto established
- Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined
| Advisory ID | SUSE-RU-2022:3670-1
|
| Released | Thu Oct 20 10:44:13 2022 |
| Summary | Recommended update for zchunk |
| Type | recommended |
| Severity | moderate |
| References | 1204244 |
Description:
This update for zchunk fixes the following issues:
- Make sure to ship libzck1 to Micro 5.3 (bsc#1204244)
| Advisory ID | SUSE-SU-2022:3683-1
|
| Released | Fri Oct 21 11:48:39 2022 |
| Summary | Security update for libksba |
| Type | security |
| Severity | critical |
| References | 1204357,CVE-2022-3515 |
Description:
This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).
| Advisory ID | SUSE-SU-2022:3785-1
|
| Released | Wed Oct 26 20:20:19 2022 |
| Summary | Security update for curl |
| Type | security |
| Severity | important |
| References | 1204383,1204386,CVE-2022-32221,CVE-2022-42916 |
Description:
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
- CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).
| Advisory ID | SUSE-RU-2022:3787-1
|
| Released | Thu Oct 27 04:41:09 2022 |
| Summary | Recommended update for permissions |
| Type | recommended |
| Severity | important |
| References | 1194047,1203911 |
Description:
This update for permissions fixes the following issues:
- Fix regression introduced by backport of security fix (bsc#1203911)
- Add permissions for enlightenment helper on 32bit arches (bsc#1194047)
| Advisory ID | SUSE-SU-2022:3806-1
|
| Released | Thu Oct 27 17:21:11 2022 |
| Summary | Security update for dbus-1 |
| Type | security |
| Severity | important |
| References | 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 |
Description:
This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).
| Advisory ID | SUSE-SU-2022:3884-1
|
| Released | Mon Nov 7 10:59:26 2022 |
| Summary | Security update for expat |
| Type | security |
| Severity | important |
| References | 1204708,CVE-2022-43680 |
Description:
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
| Advisory ID | SUSE-RU-2022:3910-1
|
| Released | Tue Nov 8 13:05:04 2022 |
| Summary | Recommended update for pam |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for pam fixes the following issue:
- Update pam_motd to the most current version. (PED-1712)
| Advisory ID | SUSE-SU-2022:3922-1
|
| Released | Wed Nov 9 09:03:33 2022 |
| Summary | Security update for protobuf |
| Type | security |
| Severity | important |
| References | 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 |
Description:
This update for protobuf fixes the following issues:
- CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530).
- CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681)
- CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256)
| Advisory ID | SUSE-SU-2022:3999-1
|
| Released | Tue Nov 15 17:08:04 2022 |
| Summary | Security update for systemd |
| Type | security |
| Severity | moderate |
| References | 1204179,1204968,CVE-2022-3821 |
Description:
This update for systemd fixes the following issues:
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
- Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428
* 0469b9f2bc pstore: do not try to load all known pstore modules
* ad05f54439 pstore: Run after modules are loaded
* ccad817445 core: Add trigger limit for path units
* 281d818fe3 core/mount: also add default before dependency for automount mount units
* ffe5b4afa8 logind: fix crash in logind on user-specified message string
- Document udev naming scheme (bsc#1204179)
- Make 'sle15-sp3' net naming scheme still available for backward compatibility
reason
| Advisory ID | SUSE-RU-2022:4062-1
|
| Released | Fri Nov 18 09:05:07 2022 |
| Summary | Recommended update for libusb-1_0 |
| Type | recommended |
| Severity | moderate |
| References | 1201590 |
Description:
This update for libusb-1_0 fixes the following issues:
- Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590)
| Advisory ID | SUSE-RU-2022:4066-1
|
| Released | Fri Nov 18 10:43:00 2022 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | important |
| References | 1177460,1202324,1204649,1205156 |
Description:
This update for timezone fixes the following issues:
Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):
- Mexico will no longer observe DST except near the US border
- Chihuahua moves to year-round -06 on 2022-10-30
- Fiji no longer observes DST
- In vanguard form, GMT is now a Zone and Etc/GMT a link
- zic now supports links to links, and vanguard form uses this
- Simplify four Ontario zones
- Fix a Y2438 bug when reading TZif data
- Enable 64-bit time_t on 32-bit glibc platforms
- Omit large-file support when no longer needed
- Jordan and Syria switch from +02/+03 with DST to year-round +03
- Palestine transitions are now Saturdays at 02:00
- Simplify three Ukraine zones into one
- Improve tzselect on intercontinental Zones
- Chile's DST is delayed by a week in September 2022 (bsc#1202324)
- Iran no longer observes DST after 2022
- Rename Europe/Kiev to Europe/Kyiv
- New `zic -R` command option
- Vanguard form now uses %z
| Advisory ID | SUSE-SU-2022:4081-1
|
| Released | Fri Nov 18 15:40:46 2022 |
| Summary | Security update for dpkg |
| Type | security |
| Severity | low |
| References | 1199944,CVE-2022-1664 |
Description:
This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
| Advisory ID | SUSE-RU-2022:4135-1
|
| Released | Mon Nov 21 00:13:40 2022 |
| Summary | Recommended update for libeconf |
| Type | recommended |
| Severity | moderate |
| References | 1198165 |
Description:
This update for libeconf fixes the following issues:
- Update to version 0.4.6+git
- econftool:
Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter.
- libeconf:
Parse files correctly on space characters (1198165)
- Update to version 0.4.5+git
- econftool:
New call 'syntax' for checking the configuration files only. Returns an error string with line number if error.
New options '--comment' and '--delimeters'
| Advisory ID | SUSE-RU-2022:4256-1
|
| Released | Mon Nov 28 12:36:32 2022 |
| Summary | Recommended update for gcc12 |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for gcc12 fixes the following issues:
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.
The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
| Advisory ID | SUSE-SU-2022:4278-1
|
| Released | Tue Nov 29 15:43:49 2022 |
| Summary | Security update for supportutils |
| Type | security |
| Severity | moderate |
| References | 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 |
Description:
This update for supportutils fixes the following issues:
Security issues fixed:
- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
Bug fixes:
- Added lifecycle information
- Fixed KVM virtualization detection on bare metal (bsc#1184689)
- Added logging using journalctl (bsc#1200330)
- Get current sar data before collecting files (bsc#1192648)
- Collects everything in /etc/multipath/ (bsc#1192252)
- Collects power management information in hardware.txt (bsc#1197428)
- Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
- Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269)
- Update to nvme_info and block_info (bsc#1202417)
- Added includedir directories from /etc/sudoers (bsc#1188086)
| Advisory ID | SUSE-SU-2022:4281-1
|
| Released | Tue Nov 29 15:46:10 2022 |
| Summary | Security update for python3 |
| Type | security |
| Severity | important |
| References | 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 |
Description:
This update for python3 fixes the following issues:
- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)
The following non-security bug was fixed:
- Fixed a crash in the garbage collection (bsc#1188607).
| Advisory ID | SUSE-RU-2022:4312-1
|
| Released | Fri Dec 2 11:16:47 2022 |
| Summary | Recommended update for tar |
| Type | recommended |
| Severity | moderate |
| References | 1200657,1203600 |
Description:
This update for tar fixes the following issues:
- Fix unexpected inconsistency when making directory (bsc#1203600)
- Update race condition fix (bsc#1200657)
| Advisory ID | SUSE-RU-2022:4336-1
|
| Released | Tue Dec 6 16:27:50 2022 |
| Summary | Recommended update for gdb |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
gdb was updated to version 12.1:
- DBX mode is deprecated, and will be removed in GDB 13.
- GDB 12 is the last release of GDB that will support building against
Python 2. From GDB 13, it will only be possible to build GDB itself
with Python 3 support.
- Improved C++ template support:
GDB now treats functions/types involving C++ templates like it does function
overloads. Users may omit parameter lists to set breakpoints on families of
template functions, including types/functions composed of multiple template types:
(gdb) break template_func(template_1, int)
The above will set breakpoints at every function `template_func' where
the first function parameter is any template type named `template_1' and
the second function parameter is `int'.
TAB completion also gains similar improvements.
- maint set backtrace-on-fatal-signal on|off
- maint show backtrace-on-fatal-signal
This setting is 'on' by default. When 'on' GDB will print a limited
backtrace to stderr in the situation where GDB terminates with a
fatal signal. This only supported on some platforms where the
backtrace and backtrace_symbols_fd functions are available.
- set source open on|off
- show source open
This setting, which is on by default, controls whether GDB will try
to open source code files. Switching this off will stop GDB trying
to open and read source code files, which can be useful if the files
are located over a slow network connection.
- set varsize-limit
- show varsize-limit
These are now deprecated aliases for 'set max-value-size' and
'show max-value-size'.
- task apply [all | TASK-IDS...] [FLAG]... COMMAND
Like 'thread apply', but applies COMMAND to Ada tasks.
- watch [...] task ID
Watchpoints can now be restricted to a specific Ada task.
- maint set internal-error backtrace on|off
- maint show internal-error backtrace
- maint set internal-warning backtrace on|off
- maint show internal-warning backtrace
GDB can now print a backtrace of itself when it encounters either an
internal-error, or an internal-warning. This is on by default for
internal-error and off by default for internal-warning.
- set logging on|off
Deprecated and replaced by 'set logging enabled on|off'.
- set logging enabled on|off
- show logging enabled
These commands set or show whether logging is enabled or disabled.
- exit
You can now exit GDB by using the new command 'exit', in addition to
the existing 'quit' command.
- set debug threads on|off
- show debug threads
Print additional debug messages about thread creation and deletion.
- set debug linux-nat on|off
- show debug linux-nat
These new commands replaced the old 'set debug lin-lwp' and 'show
debug lin-lwp' respectively. Turning this setting on prints debug
messages relating to GDB's handling of native Linux inferiors.
- maint flush source-cache
Flush the contents of the source code cache.
- maint set gnu-source-highlight enabled on|off
- maint show gnu-source-highlight enabled
Whether GDB should use the GNU Source Highlight library for adding
styling to source code. When off, the library will not be used, even
when available. When GNU Source Highlight isn't used, or can't add
styling to a particular source file, then the Python Pygments
library will be used instead.
- set suppress-cli-notifications (on|off)
- show suppress-cli-notifications
This controls whether printing the notifications is suppressed for CLI.
CLI notifications occur when you change the selected context
(i.e., the current inferior, thread and/or the frame), or when
the program being debugged stops (e.g., because of hitting a
breakpoint, completing source-stepping, an interrupt, etc.).
- set style disassembler enabled on|off
- show style disassembler enabled
If GDB is compiled with Python support, and the Python Pygments
package is available, then, when this setting is on, disassembler
output will have styling applied.
- set ada source-charset
- show ada source-charset
Set the character set encoding that is assumed for Ada symbols. Valid
values for this follow the values that can be passed to the GNAT
compiler via the '-gnati' option. The default is ISO-8859-1.
- print
Printing of floating-point values with base-modifying formats like
/x has been changed to display the underlying bytes of the value in
the desired base. This was GDB's documented behavior, but was never
implemented correctly.
- maint packet
This command can now print a reply, if the reply includes
non-printable characters. Any non-printable characters are printed
as escaped hex, e.g. \x?? where '??' is replaces with the value of
the non-printable character.
- clone-inferior
The clone-inferior command now ensures that the TTY, CMD and ARGS
settings are copied from the original inferior to the new one.
All modifications to the environment variables done using the 'set
environment' or 'unset environment' commands are also copied to the new
inferior.
- set debug lin-lwp on|off
- show debug lin-lwp
These commands have been removed from GDB. The new command 'set
debug linux-nat' and 'show debug linux-nat' should be used
instead.
- info win
This command now includes information about the width of the tui
windows in its output.
- GDB's Ada parser now supports an extension for specifying the exact
byte contents of a floating-point literal. This can be useful for
setting floating-point registers to a precise value without loss of
precision. The syntax is an extension of the based literal syntax.
Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width
of the floating-point type, and the 'f' is the marker for floating
point.
** The '-add-inferior' with no option flags now inherits the
connection of the current inferior, this restores the behaviour of
GDB as it was prior to GDB 10.
** The '-add-inferior' command now accepts a '--no-connection'
option, which causes the new inferior to start without a
connection.
** New function gdb.add_history(), which takes a gdb.Value object
and adds the value it represents to GDB's history list. An
integer, the index of the new item in the history list, is
returned.
** New function gdb.history_count(), which returns the number of
values in GDB's value history.
** New gdb.events.gdb_exiting event. This event is called with a
gdb.GdbExitingEvent object which has the read-only attribute
'exit_code', which contains the value of the GDB exit code. This
event is triggered once GDB decides it is going to exit, but
before GDB starts to clean up its internal state.
** New function gdb.architecture_names(), which returns a list
containing all of the possible Architecture.name() values. Each
entry is a string.
** New function gdb.Architecture.integer_type(), which returns an
integer type given a size and a signed-ness.
** New gdb.TargetConnection object type that represents a connection
(as displayed by the 'info connections' command). A sub-class,
gdb.RemoteTargetConnection, is used to represent 'remote' and
'extended-remote' connections.
** The gdb.Inferior type now has a 'connection' property which is an
instance of gdb.TargetConnection, the connection used by this
inferior. This can be None if the inferior has no connection.
** New 'gdb.events.connection_removed' event registry, which emits a
'gdb.ConnectionEvent' when a connection is removed from GDB.
This event has a 'connection' property, a gdb.TargetConnection
object for the connection being removed.
** New gdb.connections() function that returns a list of all
currently active connections.
** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This
is equivalent to the existing 'maint packet' CLI command; it
allows a user specified packet to be sent to the remote target.
** New function gdb.host_charset(), returns a string, which is the
name of the current host charset.
** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter
NAME to VALUE.
** New gdb.with_parameter(NAME, VALUE). This returns a context
manager that temporarily sets the gdb parameter NAME to VALUE,
then resets it when the context is exited.
** The gdb.Value.format_string method now takes a 'styling'
argument, which is a boolean. When true, the returned string can
include escape sequences to apply styling. The styling will only
be present if styling is otherwise turned on in GDB (see 'help
set styling'). When false, which is the default if the argument
is not given, then no styling is applied to the returned string.
** New read-only attribute gdb.InferiorThread.details, which is
either a string, containing additional, target specific thread
state information, or None, if there is no such additional
information.
** New read-only attribute gdb.Type.is_scalar, which is True for
scalar types, and False for all other types.
** New read-only attribute gdb.Type.is_signed. This attribute
should only be read when Type.is_scalar is True, and will be True
for signed types, and False for all other types. Attempting to
read this attribute for non-scalar types will raise a ValueError.
** It is now possible to add GDB/MI commands implemented in Python.
Update libipt to v2.0.5.
| Advisory ID | SUSE-SU-2022:4597-1
|
| Released | Wed Dec 21 10:13:11 2022 |
| Summary | Security update for curl |
| Type | security |
| Severity | important |
| References | 1206308,1206309,CVE-2022-43551,CVE-2022-43552 |
Description:
This update for curl fixes the following issues:
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).
| Advisory ID | SUSE-feature-2022:4601-1
|
| Released | Wed Dec 21 12:23:59 2022 |
| Summary | Feature update for GNOME 41 |
| Type | feature |
| Severity | moderate |
| References | 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 |
Description:
This update for GNOME 41 fixes the following issues:
atkmm1_6:
- Version update from 2.28.1 to 2.28.3 (jsc#PED-2235):
* Meson build: Avoid unnecessary configuration warnings
* Meson build: Perl is not required by new versions of mm-common
* Meson build: Require meson >= 0.55.0
* Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson.
* Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build
* Support building with Visual Studio 2022
eog:
- Version update from 41.1 to 41.2 (jsc#PED-2235):
* eog-window: use correct type for display_profile
* Fix discovery of Evince for multi-page images
evince:
- Version update 41.3 to 41.4 (jsc#PED-2235):
* shell: Fix failures when thumbnail extraction takes too long
* Fix build with meson 0.60.0 and newer
evolution:
- Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235)
evolution-data-center:
- Version update from 3.42.4 to 3.42.5 (jsc#PED-2235):
* Google OAuth out-of-band (oob) flow will be deprecated
folks:
- Version update 0.15.3 to 0.15.5 (jsc#PED-2235):
* vapi: Add missing generic type argument
* Fix docs build against newer eds version
* Fix build against newer eds version
* Remove volatile keyword from tests
gcr:
- Version update 3.41.0 to 3.41.1 (jsc#PED-2235):
* Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands
* Add gi-docgen dependency which is needed by the docs
* Fix build with meson 0.60.0 and newer
* Fix build without systemd
* Several CI fixes
geocode-glib:
- Version update from 3.26.2 to 3.26.4 (jsc#PED-2235):
* Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port
* Add support for libsoup 3.x
gjs:
- Version update from 1.70.1 to 1.70.2 (jsc#PED-2235):
* Build and compatibility fixes backported from the development branch
* Reverse order of running-from-source checks
- Require xorg-x11-Xvfb for proper package build (bsc#1203274)
glib2:
- Version update from 2.70.4 to 2.70.5 (jsc#PED-2235):
* Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555
* Split gtk-docs from -devel package, these are not needed during building projects using glib2
gnome-control-center:
- Fix the size of logo icon in About system (bsc#1200581)
- Version update from 41.4 to 41.7 (jsc#PED-2235):
* Cellular: Remove duplicate line from .desktop
* Info: Allow changing 'Device Name' by pressing 'Enter'
* Info: Remove trailing space after CPU name
* Keyboard: Fix crash resetting all keyboard shortcuts
* Keyboard: Fix leaks
* Network: Fix saving passwords for non-wifi connections
* Network: Fix critical when opening VPN details page
* Wacom: Fix leaks
gnome-desktop:
- Version update from 41.2 to 41.8 (jsc#PED-2235):
* Version increase but no actual changes
gnome-music:
- Version update from 41.0 to 41.1 (jsc#PED-2235):
* Ensure the correct album is played
* Fix build with meson 0.61.0 and newer
* Fix crash on empty selection
* Fix incorrect playlist import
* Fix time displayed in RTL languages
* Improve async queue work
* Make random shuffle actually random
* Make shuffle random
* Speed increase on first startup on larger collections
* Time is reversed in RTL
gnome-remote-desktop:
- Version update from 41.2 to 41.3 (jsc#PED-2235):
* Add Icelandic translation
gnome-session:
- Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867)
- Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882)
gnome-shell:
- Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.9 (jsc#PED-2235):
* Allow extension updates with only Extension Manager installed
* Allow more intermediate icon sizes in app grid
* Disable workspace switching while in search.
* Do not create systemd scope for D-Bus activated apps
* Fix calendar to correctly align world clocks header in RTL
* Fix drag placeholder position in dash in RTL locales
* Fix edge case where windows stay dimmed after a modal is closed
* Fix feedback when turning on a11y features by keyboard
* Fix focus tracking in magnifier on wayland
* Fix fractional timezone offsets in world clock
* Fix glitches in overview transition
* Fix logging in with realmd
* Fix memory leak
* Fix opening device settings for enterprise WPA networks
* Fix programatically set scrollview fade
* Fix regression in ibus support
* Fix unresponsive top bar in overview when in fullscreen
* Handle monitor changes during startup animation
* Hide overview after 'Show Details' from app context menu
* Improve Belgian on-screen keyboard layout
* Improve CSS shadow appearance
* Make sure startup animation completes
* Misc. bug fixes and cleanups
* Only close messages via delete key if they can be closed
* Respect IM hint for candidates list in on-screen keyboard
gnome-software:
- Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832)
- Version update from 41.4 to 41.5 (jsc#PED-2235):
* Added several appstream-related fixed
* Disable scroll-by-mouse-wheel on featured carousel
* Ensure details page shows app provided on command line
gnome-terminal:
- Version update from 3.42.2 to 3.42.3 (jsc#PED-2235):
* Fix build with meson 0.61.0 and newer
* window: Use a normal menu for the popup menu
gnome-user-docs:
- Version update from 41.1 to 41.5 (jsc#PED-2235):
* Added missing icon for network-wired-symbolic
gspell:
- Version update from 1.8.4 to 1.10.0 (jsc#PED-2235):
* Build: distribute more files in tarballs
* Documentation improvements
gtkmm3:
- Version update from 3.24.5 to 3.24.6 (jsc#PED-2235):
* Build with Meson: MSVC build: Support Visual Studio 2022
* Check if Perl is required for building documentation
* Don't use deprecated python3.path() and execute (..., gui_app...)
* GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler
* Object::_release_c_instance(): Unref orphan managed widgets
* SizeGroup demo: Set active items in the combo boxs, so something is shown
* Specify 'check' option in run_command()
gtk-vnc:
- Version update from 1.3.0 to 1.3.1 (jsc#PED-2235):
* Add 'check' arg to meson run_command()
* Fix invalid use of subprojects with meson
* Support ZRLE encoding for zero size alpha cursors
gupnp-av:
- Version update from 0.12.11 to 0.14.1 (jsc#PED-2235):
* Add utility function to format GDateTime to the iso variant DIDL expects
* Allow to be used as a subproject
* Drop autotools
* Fix stripping @refID
* Fix unsetting subtitleFileType
* Make Feature derivable again
* Obsolete code removal.
* Port to modern GObject
* Remove hand-written ref-counting, use RcBox/AtomicRcBox instead.
* Switch to meson build system, following upstream
- Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library
- Conflict with the wrongly provided libgupnp-av-1_0-2
gvfs:
- Version update from 1.48.1 to 1.48.2 (jsc#PED-2235):
* sftp: Adapt on new OpenSSH password prompts
* smb: Rework anonymous handling to avoid EINVAL
* smb: Ignore EINVAL for kerberos/ccache login
libgsf:
- Version update from 1.14.48 to 1.14.50 (jsc#PED-2235):
* Fix error handling problem when writing ole files
* Fix problems with non-western text in OLE properties
* Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available
libmediaart:
- Version update from 1.9.5 to 1.9.6 (jsc#PED-2235):
* build: Add introspection/vapi/tests options
* build: Use library() to optionally build a static library
libnma:
- Version update from 1.8.32 to 1.8.40 (jsc#PED-2235):
* Ad-Hoc networks now default to using WPA2 instead of WEP
* Add possibility of building libnma-gtk4 library with Gtk4 support
* Do not allow setting empty 802.1x domain for EAP TLS
* Fixed keyboard accelerator for certificate chooser
* Fixed libnma-gtk4 version of mobile-wizard
* Include OWE wireless security option
* The GtkBuilder files for Gtk4 are now included in the release tarball
* WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status
- New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel
- Split out documentation files in own docs sub-package
libnotify:
- Version update from 0.7.10 to 0.7.12 (jsc#PED-2235):
* Delete unused notifynotification.xml
* Fix potential build errors with old glib version we require
* docs/notify-send: Add --transient option to manpage
* notification: Bookend calling NotifyActionCallback with temporary reference
* notification: Include sender-pid hint by default if not provided
* notify-send: Add debug message about server not supporting persistence
* notify-send: Add explicit option to create transient notifications
* notify-send: Add support for boolean hints
* notify-send: Move server capabilities check to a separate function
* notify-send: Support passing any hint value, by parsing variant strings
libpeas:
- Version update from 1.30.0 to 1.32.0 (jsc#PED-2235):
* Icon licenses have been corrected
* Parallel build system operation fixes
* Use gi-docgen for documentation
* Various build warnings squashed
* Various GIR data that should not have been exported was removed
- Stop packaging the demo files/sub-package
librsvg:
- Version update from 2.52.6 to 2.52.9 (jsc#PED-2235):
* Catch circular references when rendering patterns
* Fix regressions when computing element geometries
* Fix regression outputting all text as paths
libsecret:
- Version update from 0.20.4 to 0.20.5 (jsc#PED-2235):
* Add bash-completion for secret-tool
* Add locking capabilities to secret tool
* Add support for TPM2 based secret storage
* Create default collection after DBus.Error.UnknownObject
* Detect local storage in snaps in the same way as flatpaks
* Drop autotools-based build
* GI annotation and documentation fixes
* Port documentation to gi-docgen
* Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask
* secret-file-backend: Avoid closing the same file descriptor twice
mutter:
- Version update from 41.5 to 41.9 (jsc#PED-2235):
* Fix '--replace option'
* Fix missing root window properties after XWayland start
* Fix night light without GAMMA_LUT property
* KMS: Survive missing GAMMA_LUT property
* wayland: Fix rotation transform
* Misc. bug fixes
nautilus:
- Version update from 41.2 to 41.5(jsc#PED-2235):
* Drag-and-drop bugfixes
* HighContrast style fixes
orca:
- Version update from 41.1 to 41.3 (jsc#PED-2235):
* Add more event-flood detection and handling for improved performance
* Fix bug causing accessing preferences to fail for Esperanto
* Web: Fix bug causing widgets descending from off-screen label elements to be skipped over
* Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant)
* WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x
python-cairo:
- Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo
python-gobject:
- Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584)
- Version update from 3.42.0 to 3.42.2 (jsc#PED-2235):
* Add a workaround for a PyPy 3.9+ bug when threads are used
* Do not error out for unknown scopes
* Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases
* Fix a crash/refcounting error in case marshaling a hash table fails
* Fix crashes when marshaling zero terminated arrays for certain item types
* Implement DynamicImporter.find_spec() to silence deprecation warning
* Make the test suite pass again with PyPy
* Some test/CI fixes
* gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4
* gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4
* interface: Fix leak when overriding GInterfaceInfo
* setup.py: look up pycairo headers without importing the module
trackers-python:
- Allow system calls used by gstreamer (bsc#1196205)
- Version update from 3.2.2 to 3.2.1 (jsc#PED-2235):
* Backport seccomp rules for rseq and mbind syscalls
vala:
- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
* Add missing TraverseVisitor.visit_data_type()
* Add support for 'copy_/free_function' metadata for compact classes
* Catch and throw possible inner error of lock statements
* Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore
* Don't count instance-parameter when checking for backwards closure reference
* Fix a few binding errors
* Free empty stack list for code contexts
* Handle duplicated and unnamed symbols.
* Improve UI parsing and handling of nested objects and properties
* Make sure to drop our 'trap' jump target in case of an error
* Move dynamic property errors to semantic analyzer pass
* Require lvalue access of delegate target/destroy 'fields'
* Show source location when reporting deprecations
* Transform assignment of an array element as needed
* manual: Update from wiki.gnome.org
* parser: Improve handling of nullable VarType in with-statement
* parser: Reduce the source reference of main block method to its beginning
xdg-desktop-portal-gnome:
- Version update from 0.54.6 to 0.54.8 (jsc#PED-2235):
* Properly bind property in Lockdown portal
| Advisory ID | SUSE-SU-2022:4628-1
|
| Released | Wed Dec 28 09:23:13 2022 |
| Summary | Security update for sqlite3 |
| Type | security |
| Severity | moderate |
| References | 1206337,CVE-2022-46908 |
Description:
This update for sqlite3 fixes the following issues:
- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,
when relying on --safe for execution of an untrusted CLI script (bsc#1206337).
| Advisory ID | SUSE-SU-2022:4629-1
|
| Released | Wed Dec 28 09:24:07 2022 |
| Summary | Security update for systemd |
| Type | security |
| Severity | important |
| References | 1200723,1205000,CVE-2022-4415 |
Description:
This update for systemd fixes the following issues:
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
Bug fixes:
- Support by-path devlink for multipath nvme block devices (bsc#1200723).
| Advisory ID | SUSE-RU-2023:25-1
|
| Released | Thu Jan 5 09:51:41 2023 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | moderate |
| References | 1177460 |
Description:
This update for timezone fixes the following issues:
Version update from 2022f to 2022g (bsc#1177460):
- In the Mexican state of Chihuahua:
* The border strip near the US will change to agree with nearby US locations on 2022-11-30.
* The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules,
like El Paso, TX.
* The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX.
* A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
- Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving
time becomes standard time.
- Changes for pre-1996 northern Canada
- Update to past DST transition in Colombia (1993), Singapore (1981)
- 'timegm' is now supported by default
| Advisory ID | SUSE-RU-2023:48-1
|
| Released | Mon Jan 9 10:37:54 2023 |
| Summary | Recommended update for libtirpc |
| Type | recommended |
| Severity | moderate |
| References | 1199467 |
Description:
This update for libtirpc fixes the following issues:
- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)
| Advisory ID | SUSE-SU-2023:56-1
|
| Released | Mon Jan 9 11:13:43 2023 |
| Summary | Security update for libksba |
| Type | security |
| Severity | moderate |
| References | 1206579,CVE-2022-47629 |
Description:
This update for libksba fixes the following issues:
- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
signature parser (bsc#1206579).
| Advisory ID | SUSE-RU-2023:179-1
|
| Released | Thu Jan 26 21:54:30 2023 |
| Summary | Recommended update for tar |
| Type | recommended |
| Severity | low |
| References | 1202436 |
Description:
This update for tar fixes the following issue:
- Fix hang when unpacking test tarball (bsc#1202436)
| Advisory ID | SUSE-RU-2023:181-1
|
| Released | Thu Jan 26 21:55:43 2023 |
| Summary | Recommended update for procps |
| Type | recommended |
| Severity | low |
| References | 1206412 |
Description:
This update for procps fixes the following issues:
- Improve memory handling/usage (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)
| Advisory ID | SUSE-SU-2023:201-1
|
| Released | Fri Jan 27 15:24:15 2023 |
| Summary | Security update for systemd |
| Type | security |
| Severity | moderate |
| References | 1204944,1205000,1207264,CVE-2022-4415 |
Description:
This update for systemd fixes the following issues:
- CVE-2022-4415: Fixed an issue where users could access coredumps
with changed uid, gid or capabilities (bsc#1205000).
Non-security fixes:
- Enabled the pstore service (jsc#PED-2663).
- Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944).
- Fixed an issue where a pamd file could get accidentally overwritten
after an update (bsc#1207264).
| Advisory ID | SUSE-SU-2023:225-1
|
| Released | Wed Feb 1 09:37:51 2023 |
| Summary | Security update for ctags |
| Type | security |
| Severity | important |
| References | 1206543,CVE-2022-4515 |
Description:
This update for ctags fixes the following issues:
- CVE-2022-4515: Fixed a command injection issue via a tag file wih a
crafted filename (bsc#1206543).
| Advisory ID | SUSE-SU-2023:348-1
|
| Released | Fri Feb 10 15:08:41 2023 |
| Summary | Security update for less |
| Type | security |
| Severity | moderate |
| References | 1207815,CVE-2022-46663 |
Description:
This update for less fixes the following issues:
- CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815).
| Advisory ID | SUSE-SU-2023:429-1
|
| Released | Wed Feb 15 17:41:22 2023 |
| Summary | Security update for curl |
| Type | security |
| Severity | important |
| References | 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 |
Description:
This update for curl fixes the following issues:
- CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990).
- CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).
| Advisory ID | SUSE-SU-2023:463-1
|
| Released | Mon Feb 20 16:33:39 2023 |
| Summary | Security update for tar |
| Type | security |
| Severity | moderate |
| References | 1202436,1207753,CVE-2022-48303 |
Description:
This update for tar fixes the following issues:
- CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753).
Bug fixes:
- Fix hang when unpacking test tarball (bsc#1202436).
| Advisory ID | SUSE-RU-2023:464-1
|
| Released | Mon Feb 20 18:11:37 2023 |
| Summary | Recommended update for systemd |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for systemd fixes the following issues:
- Merge of v249.15
- Drop workaround related to systemd-timesyncd that addressed a Factory issue.
- Conditionalize the use of /lib/modprobe.d only on systems with split usr
support enabled (i.e. SLE).
- Make use of the %systemd_* rpm macros consistently. Using the upstream
variants will ease the backports of Factory changes to SLE since Factory
systemd uses the upstream variants exclusively.
- machines.target belongs to systemd-container, do its init/cleanup steps from
the scriptlets of this sub-package.
- Make sure we apply the presets on units shipped by systemd package.
- systemd-testsuite: move the integration tests in a dedicated sub directory.
- Move systemd-cryptenroll into udev package.
| Advisory ID | SUSE-SU-2023:549-1
|
| Released | Mon Feb 27 17:35:07 2023 |
| Summary | Security update for python3 |
| Type | security |
| Severity | moderate |
| References | 1205244,1208443,CVE-2022-45061 |
Description:
This update for python3 fixes the following issues:
- CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244).
Bugfixes:
- Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443).
| Advisory ID | SUSE-RU-2023:617-1
|
| Released | Fri Mar 3 16:49:06 2023 |
| Summary | Recommended update for jitterentropy |
| Type | recommended |
| Severity | moderate |
| References | 1207789 |
Description:
This update for jitterentropy fixes the following issues:
- build jitterentropy library with debuginfo (bsc#1207789)
| Advisory ID | SUSE-RU-2023:709-1
|
| Released | Fri Mar 10 16:04:41 2023 |
| Summary | Recommended update for console-setup |
| Type | recommended |
| Severity | moderate |
| References | 1202853 |
Description:
This update for console-setup and kbd fixes the following issue:
- Fix Caps_Lock mapping for us.map and others (bsc#1202853)
| Advisory ID | SUSE-RU-2023:776-1
|
| Released | Thu Mar 16 17:29:23 2023 |
| Summary | Recommended update for gcc12 |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for gcc12 fixes the following issues:
This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.
SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
| Advisory ID | SUSE-RU-2023:788-1
|
| Released | Thu Mar 16 19:37:59 2023 |
| Summary | Recommended update for libsolv, libzypp, zypper |
| Type | recommended |
| Severity | important |
| References | 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 |
Description:
This update for libsolv, libzypp, zypper fixes the following issues:
libsolv:
- Do not autouninstall SUSE PTF packages
- Ensure 'duplinvolvedmap_all' is reset when a solver is reused
- Fix 'keep installed' jobs not disabling 'best update' rules
- New '-P' and '-W' options for `testsolv`
- New introspection interface for weak dependencies similar to ruleinfos
- Ensure special case file dependencies are written correctly in the testcase writer
- Support better info about alternatives
- Support decision reason queries
- Support merging of related decisions
- Support stringification of multiple solvables
- Support stringification of ruleinfo, decisioninfo and decision reasons
libzypp:
- Avoid calling getsockopt when we know the info already.
This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when
accepting new socket connections (bsc#1178233)
- Avoid redirecting 'history.logfile=/dev/null' into the target
- Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956)
- Enhance yaml-cpp detection
- Improve download of optional files
- MultiCurl: Make sure to reset the progress function when falling back.
- Properly reset range requests (bsc#1204548)
- Removing a PTF without enabled repos should always fail (bsc#1203248)
Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well.
To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the
installed PTF packages to theit latest version.
- Skip media.1/media download for http repo status calc.
This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed.
This optimisation only takes place if the repo does specify only downloading base urls.
- Use a dynamic fallback for BLKSIZE in downloads.
When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed,
relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar
metric as the MirrorCache implementation on the server side.
- ProgressData: enforce reporting the INIT||END state (bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems (bsc#1205636)
zypper:
- Allow to (re)add a service with the same URL (bsc#1203715)
- Bump dependency requirement to libzypp-devel 17.31.7 or greater
- Explain outdatedness of repositories
- patterns: Avoid dispylaing superfluous @System entries (bsc#1205570)
- Provide `removeptf` command (bsc#1203249)
A remove command which prefers replacing dependant packages to removing them as well.
A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant
packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the
remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official
update versions.
- Update man page and explain '.no_auto_prune' (bsc#1204956)
| Advisory ID | SUSE-SU-2023:868-1
|
| Released | Wed Mar 22 09:41:01 2023 |
| Summary | Security update for python3 |
| Type | security |
| Severity | important |
| References | 1203355,1208471,CVE-2023-24329 |
Description:
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
The following non-security bug was fixed:
- Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).
| Advisory ID | SUSE-SU-2023:1582-1
|
| Released | Mon Mar 27 10:31:52 2023 |
| Summary | Security update for curl |
| Type | security |
| Severity | moderate |
| References | 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 |
Description:
This update for curl fixes the following issues:
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
| Advisory ID | SUSE-RU-2023:1662-1
|
| Released | Wed Mar 29 10:36:23 2023 |
| Summary | Recommended update for patterns-base |
| Type | recommended |
| Severity | moderate |
| References | 1203537 |
Description:
This update for patterns-base fixes the following issues:
- change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537)
| Advisory ID | SUSE-SU-2023:1688-1
|
| Released | Wed Mar 29 18:19:10 2023 |
| Summary | Security update for zstd |
| Type | security |
| Severity | moderate |
| References | 1209533,CVE-2022-4899 |
Description:
This update for zstd fixes the following issues:
- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).
| Advisory ID | SUSE-SU-2023:1718-1
|
| Released | Fri Mar 31 15:47:34 2023 |
| Summary | Security update for glibc |
| Type | security |
| Severity | moderate |
| References | 1207571,1207957,1207975,1208358,CVE-2023-0687 |
Description:
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)
Other issues fixed:
- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)
| Advisory ID | SUSE-RU-2023:1779-1
|
| Released | Thu Apr 6 08:16:58 2023 |
| Summary | Recommended update for systemd |
| Type | recommended |
| Severity | moderate |
| References | 1208432 |
Description:
This update for systemd fixes the following issues:
- Fix return non-zero value when disabling SysVinit service (bsc#1208432)
- Drop build requirement on libpci, it's not no longer needed
- Move systemd-boot and all components managing (secure) UEFI boot into udev
sub-package, so they aren't installed in systemd based containers
| Advisory ID | SUSE-RU-2023:1805-1
|
| Released | Tue Apr 11 10:12:41 2023 |
| Summary | Recommended update for timezone |
| Type | recommended |
| Severity | important |
| References | |
Description:
This update for timezone fixes the following issues:
- Version update from 2022g to 2023c:
* Egypt now uses DST again, from April through October.
* This year Morocco springs forward April 23, not April 30.
* Palestine delays the start of DST this year.
* Much of Greenland still uses DST from 2024 on.
* America/Yellowknife now links to America/Edmonton.
* tzselect can now use current time to help infer timezone.
* The code now defaults to C99 or later.
| Advisory ID | SUSE-RU-2023:1808-1
|
| Released | Tue Apr 11 11:33:51 2023 |
| Summary | Recommended update for gdb |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
gdb was updated to version 12.1:
- DBX mode is deprecated, and will be removed in GDB 13.
- GDB 12 is the last release of GDB that will support building against
Python 2. From GDB 13, it will only be possible to build GDB itself
with Python 3 support.
- Improved C++ template support:
GDB now treats functions/types involving C++ templates like it does function
overloads. Users may omit parameter lists to set breakpoints on families of
template functions, including types/functions composed of multiple template types:
(gdb) break template_func(template_1, int)
The above will set breakpoints at every function `template_func' where
the first function parameter is any template type named `template_1' and
the second function parameter is `int'.
TAB completion also gains similar improvements.
- maint set backtrace-on-fatal-signal on|off
- maint show backtrace-on-fatal-signal
This setting is 'on' by default. When 'on' GDB will print a limited
backtrace to stderr in the situation where GDB terminates with a
fatal signal. This only supported on some platforms where the
backtrace and backtrace_symbols_fd functions are available.
- set source open on|off
- show source open
This setting, which is on by default, controls whether GDB will try
to open source code files. Switching this off will stop GDB trying
to open and read source code files, which can be useful if the files
are located over a slow network connection.
- set varsize-limit
- show varsize-limit
These are now deprecated aliases for 'set max-value-size' and
'show max-value-size'.
- task apply [all | TASK-IDS...] [FLAG]... COMMAND
Like 'thread apply', but applies COMMAND to Ada tasks.
- watch [...] task ID
Watchpoints can now be restricted to a specific Ada task.
- maint set internal-error backtrace on|off
- maint show internal-error backtrace
- maint set internal-warning backtrace on|off
- maint show internal-warning backtrace
GDB can now print a backtrace of itself when it encounters either an
internal-error, or an internal-warning. This is on by default for
internal-error and off by default for internal-warning.
- set logging on|off
Deprecated and replaced by 'set logging enabled on|off'.
- set logging enabled on|off
- show logging enabled
These commands set or show whether logging is enabled or disabled.
- exit
You can now exit GDB by using the new command 'exit', in addition to
the existing 'quit' command.
- set debug threads on|off
- show debug threads
Print additional debug messages about thread creation and deletion.
- set debug linux-nat on|off
- show debug linux-nat
These new commands replaced the old 'set debug lin-lwp' and 'show
debug lin-lwp' respectively. Turning this setting on prints debug
messages relating to GDB's handling of native Linux inferiors.
- maint flush source-cache
Flush the contents of the source code cache.
- maint set gnu-source-highlight enabled on|off
- maint show gnu-source-highlight enabled
Whether GDB should use the GNU Source Highlight library for adding
styling to source code. When off, the library will not be used, even
when available. When GNU Source Highlight isn't used, or can't add
styling to a particular source file, then the Python Pygments
library will be used instead.
- set suppress-cli-notifications (on|off)
- show suppress-cli-notifications
This controls whether printing the notifications is suppressed for CLI.
CLI notifications occur when you change the selected context
(i.e., the current inferior, thread and/or the frame), or when
the program being debugged stops (e.g., because of hitting a
breakpoint, completing source-stepping, an interrupt, etc.).
- set style disassembler enabled on|off
- show style disassembler enabled
If GDB is compiled with Python support, and the Python Pygments
package is available, then, when this setting is on, disassembler
output will have styling applied.
- set ada source-charset
- show ada source-charset
Set the character set encoding that is assumed for Ada symbols. Valid
values for this follow the values that can be passed to the GNAT
compiler via the '-gnati' option. The default is ISO-8859-1.
- print
Printing of floating-point values with base-modifying formats like
/x has been changed to display the underlying bytes of the value in
the desired base. This was GDB's documented behavior, but was never
implemented correctly.
- maint packet
This command can now print a reply, if the reply includes
non-printable characters. Any non-printable characters are printed
as escaped hex, e.g. \x?? where '??' is replaces with the value of
the non-printable character.
- clone-inferior
The clone-inferior command now ensures that the TTY, CMD and ARGS
settings are copied from the original inferior to the new one.
All modifications to the environment variables done using the 'set
environment' or 'unset environment' commands are also copied to the new
inferior.
- set debug lin-lwp on|off
- show debug lin-lwp
These commands have been removed from GDB. The new command 'set
debug linux-nat' and 'show debug linux-nat' should be used
instead.
- info win
This command now includes information about the width of the tui
windows in its output.
- GDB's Ada parser now supports an extension for specifying the exact
byte contents of a floating-point literal. This can be useful for
setting floating-point registers to a precise value without loss of
precision. The syntax is an extension of the based literal syntax.
Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width
of the floating-point type, and the 'f' is the marker for floating
point.
** The '-add-inferior' with no option flags now inherits the
connection of the current inferior, this restores the behaviour of
GDB as it was prior to GDB 10.
** The '-add-inferior' command now accepts a '--no-connection'
option, which causes the new inferior to start without a
connection.
** New function gdb.add_history(), which takes a gdb.Value object
and adds the value it represents to GDB's history list. An
integer, the index of the new item in the history list, is
returned.
** New function gdb.history_count(), which returns the number of
values in GDB's value history.
** New gdb.events.gdb_exiting event. This event is called with a
gdb.GdbExitingEvent object which has the read-only attribute
'exit_code', which contains the value of the GDB exit code. This
event is triggered once GDB decides it is going to exit, but
before GDB starts to clean up its internal state.
** New function gdb.architecture_names(), which returns a list
containing all of the possible Architecture.name() values. Each
entry is a string.
** New function gdb.Architecture.integer_type(), which returns an
integer type given a size and a signed-ness.
** New gdb.TargetConnection object type that represents a connection
(as displayed by the 'info connections' command). A sub-class,
gdb.RemoteTargetConnection, is used to represent 'remote' and
'extended-remote' connections.
** The gdb.Inferior type now has a 'connection' property which is an
instance of gdb.TargetConnection, the connection used by this
inferior. This can be None if the inferior has no connection.
** New 'gdb.events.connection_removed' event registry, which emits a
'gdb.ConnectionEvent' when a connection is removed from GDB.
This event has a 'connection' property, a gdb.TargetConnection
object for the connection being removed.
** New gdb.connections() function that returns a list of all
currently active connections.
** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This
is equivalent to the existing 'maint packet' CLI command; it
allows a user specified packet to be sent to the remote target.
** New function gdb.host_charset(), returns a string, which is the
name of the current host charset.
** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter
NAME to VALUE.
** New gdb.with_parameter(NAME, VALUE). This returns a context
manager that temporarily sets the gdb parameter NAME to VALUE,
then resets it when the context is exited.
** The gdb.Value.format_string method now takes a 'styling'
argument, which is a boolean. When true, the returned string can
include escape sequences to apply styling. The styling will only
be present if styling is otherwise turned on in GDB (see 'help
set styling'). When false, which is the default if the argument
is not given, then no styling is applied to the returned string.
** New read-only attribute gdb.InferiorThread.details, which is
either a string, containing additional, target specific thread
state information, or None, if there is no such additional
information.
** New read-only attribute gdb.Type.is_scalar, which is True for
scalar types, and False for all other types.
** New read-only attribute gdb.Type.is_signed. This attribute
should only be read when Type.is_scalar is True, and will be True
for signed types, and False for all other types. Attempting to
read this attribute for non-scalar types will raise a ValueError.
** It is now possible to add GDB/MI commands implemented in Python.
Update libipt to v2.0.5.
| Advisory ID | SUSE-RU-2023:1880-1
|
| Released | Tue Apr 18 11:11:27 2023 |
| Summary | Recommended update for systemd-rpm-macros |
| Type | recommended |
| Severity | low |
| References | 1208079 |
Description:
This update for systemd-rpm-macros fixes the following issue:
- Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079).
| Advisory ID | SUSE-SU-2023:2060-1
|
| Released | Thu Apr 27 17:04:25 2023 |
| Summary | Security update for glib2 |
| Type | security |
| Severity | moderate |
| References | 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 |
Description:
This update for glib2 fixes the following issues:
- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).
The following non-security bug was fixed:
- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).
| Advisory ID | SUSE-RU-2023:2104-1
|
| Released | Thu May 4 21:05:30 2023 |
| Summary | Recommended update for procps |
| Type | recommended |
| Severity | moderate |
| References | 1209122 |
Description:
This update for procps fixes the following issue:
- Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122)
| Advisory ID | SUSE-SU-2023:2111-1
|
| Released | Fri May 5 14:34:00 2023 |
| Summary | Security update for ncurses |
| Type | security |
| Severity | moderate |
| References | 1210434,CVE-2023-29491 |
Description:
This update for ncurses fixes the following issues:
- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).
| Advisory ID | SUSE-RU-2023:2209-1
|
| Released | Tue May 16 10:34:54 2023 |
| Summary | Recommended update for gdb |
| Type | recommended |
| Severity | moderate |
| References | 1207712,1210081 |
Description:
This update for gdb fixes the following issues:
- Fix license of gdb to be GPLv3, due to a mistake the testsuite results license was used (bsc#1210081).
| Advisory ID | SUSE-SU-2023:2224-1
|
| Released | Wed May 17 09:53:54 2023 |
| Summary | Security update for curl |
| Type | security |
| Severity | important |
| References | 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 |
Description:
This update for curl adds the following feature:
Update to version 8.0.1 (jsc#PED-2580)
- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).
| Advisory ID | SUSE-RU-2023:2240-1
|
| Released | Wed May 17 19:56:54 2023 |
| Summary | Recommended update for systemd |
| Type | recommended |
| Severity | moderate |
| References | 1203141,1207410 |
Description:
This update for systemd fixes the following issues:
- udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
- Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141)
- Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626)
| Advisory ID | SUSE-RU-2023:2245-1
|
| Released | Thu May 18 17:01:47 2023 |
| Summary | Recommended update for libzypp, zypper |
| Type | recommended |
| Severity | moderate |
| References | 1127591,1195633,1208329,1209406,1210870 |
Description:
This update for libzypp, zypper fixes the following issues:
- Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633)
- multicurl: propagate ssl settings stored in repo url (bsc#1127591)
- MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870)
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329)
- Teach MediaNetwork to retry on HTTP2 errors.
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority
| Advisory ID | SUSE-RU-2023:2307-1
|
| Released | Mon May 29 10:29:49 2023 |
| Summary | Recommended update for kbd |
| Type | recommended |
| Severity | low |
| References | 1210702 |
Description:
This update for kbd fixes the following issue:
- Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702)
| Advisory ID | SUSE-RU-2023:2341-1
|
| Released | Thu Jun 1 11:31:27 2023 |
| Summary | Recommended update for libsigc++2 |
| Type | recommended |
| Severity | moderate |
| References | 1209094,1209140 |
Description:
This update for libsigc++2 fixes the following issues:
- Remove executable permission for file (bsc#1209094, bsc#1209140)
| Advisory ID | SUSE-RU-2023:2482-1
|
| Released | Mon Jun 12 07:19:53 2023 |
| Summary | Recommended update for systemd-rpm-macros |
| Type | recommended |
| Severity | moderate |
| References | 1211272 |
Description:
This update for systemd-rpm-macros fixes the following issues:
- Adjust functions so they are disabled when called from a chroot (bsc#1211272)
| Advisory ID | SUSE-SU-2023:2484-1
|
| Released | Mon Jun 12 08:49:58 2023 |
| Summary | Security update for openldap2 |
| Type | security |
| Severity | moderate |
| References | 1211795,CVE-2023-2953 |
Description:
This update for openldap2 fixes the following issues:
- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).
| Advisory ID | SUSE-RU-2023:2495-1
|
| Released | Tue Jun 13 15:05:27 2023 |
| Summary | Recommended update for libzypp |
| Type | recommended |
| Severity | important |
| References | 1211661,1212187 |
Description:
This update for libzypp fixes the following issues:
- Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187]
- Do not unconditionally release a medium if provideFile failed. [bsc#1211661]
| Advisory ID | SUSE-SU-2023:2517-1
|
| Released | Thu Jun 15 07:09:52 2023 |
| Summary | Security update for python3 |
| Type | security |
| Severity | moderate |
| References | 1203750,1211158,CVE-2007-4559 |
Description:
This update for python3 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).
| Advisory ID | SUSE-RU-2023:2519-1
|
| Released | Thu Jun 15 08:25:19 2023 |
| Summary | Recommended update for supportutils |
| Type | recommended |
| Severity | moderate |
| References | 1203818 |
Description:
This update for supportutils fixes the following issues:
- Added missed sanitation check on crash.txt (bsc#1203818)
- Added check to _sanitize_file
- Using variable for replement text in _sanitize_file
| Advisory ID | SUSE-RU-2023:2550-1
|
| Released | Mon Jun 19 17:51:21 2023 |
| Summary | Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings |
| Type | recommended |
| Severity | moderate |
| References | 1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189 |
Description:
This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to
the INSTALLER self-update channel.
yast2-pkg-bindings:
- Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)
autoyast2:
- Selected products are not installed after resetting the package manager internally (bsc#1202234)
libyui:
- Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354)
- Fixed loading icons from an absolute path (bsc#1210591)
- Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112)
- Force messages from .ui file through our translation mechanism (bsc#1198097)
| Advisory ID | 29171
|
| Released | Tue Jun 20 12:29:00 2023 |
| Summary | Security update for openssl-1_1 |
| Type | security |
| Severity | important |
| References | 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 |
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect tests (bsc#1201627)
| Advisory ID | SUSE-RU-2023:2625-1
|
| Released | Fri Jun 23 17:16:11 2023 |
| Summary | Recommended update for gcc12 |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for gcc12 fixes the following issues:
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression and other bug fixes
- Speed up builds with --enable-link-serialization.
- Update embedded newlib to version 4.2.0
| Advisory ID | SUSE-RU-2023:2742-1
|
| Released | Fri Jun 30 11:40:59 2023 |
| Summary | Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper |
| Type | recommended |
| Severity | moderate |
| References | 1202234,1209565,1211261,1212187,1212222 |
Description:
This update for yast2-pkg-bindings fixes the following issues:
libzypp was updated to version 17.31.14 (22):
- Curl: trim all custom headers (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. So we make
sure all custom headers are trimmed. This also includes headers
returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)
zypper was updated to version 1.14.61:
- targetos: Add an error note if XPath:/product/register/target
is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
yast2-pkg-bindings, autoyast:
- Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- Selected products are not installed after resetting the package manager internally (bsc#1202234)
yast2-update:
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
| Advisory ID | SUSE-SU-2023:2765-1
|
| Released | Mon Jul 3 20:28:14 2023 |
| Summary | Security update for libcap |
| Type | security |
| Severity | moderate |
| References | 1211418,1211419,CVE-2023-2602,CVE-2023-2603 |
Description:
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
| Advisory ID | SUSE-RU-2023:2772-1
|
| Released | Tue Jul 4 09:54:23 2023 |
| Summary | Recommended update for libzypp, zypper |
| Type | recommended |
| Severity | moderate |
| References | 1211261,1212187,1212222 |
Description:
This update for libzypp, zypper fixes the following issues:
libzypp was updated to version 17.31.14 (22):
- Curl: trim all custom headers (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. So we make
sure all custom headers are trimmed. This also includes headers
returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)
zypper was updated to version 1.14.61:
- targetos: Add an error note if XPath:/product/register/target
is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
| Advisory ID | SUSE-RU-2023:2827-1
|
| Released | Fri Jul 14 11:27:47 2023 |
| Summary | Recommended update for libxml2 |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for libxml2 fixes the following issues:
- Build also for modern python version (jsc#PED-68)
| Advisory ID | SUSE-RU-2023:2847-1
|
| Released | Mon Jul 17 08:40:42 2023 |
| Summary | Recommended update for audit |
| Type | recommended |
| Severity | moderate |
| References | 1210004 |
Description:
This update for audit fixes the following issues:
- Check for AF_UNIX unnamed sockets (bsc#1210004)
- Enable livepatching on main library on x86_64
| Advisory ID | SUSE-RU-2023:2855-1
|
| Released | Mon Jul 17 16:35:21 2023 |
| Summary | Recommended update for openldap2 |
| Type | recommended |
| Severity | moderate |
| References | 1212260 |
Description:
This update for openldap2 fixes the following issues:
- libldap2 crashes on ldap_sasl_bind_s (bsc#1212260)
| Advisory ID | SUSE-SU-2023:2877-1
|
| Released | Wed Jul 19 09:43:42 2023 |
| Summary | Security update for dbus-1 |
| Type | security |
| Severity | moderate |
| References | 1212126,CVE-2023-34969 |
Description:
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
| Advisory ID | SUSE-SU-2023:2882-1
|
| Released | Wed Jul 19 11:49:39 2023 |
| Summary | Security update for perl |
| Type | security |
| Severity | important |
| References | 1210999,CVE-2023-31484 |
Description:
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
| Advisory ID | SUSE-RU-2023:2885-1
|
| Released | Wed Jul 19 16:58:43 2023 |
| Summary | Recommended update for glibc |
| Type | recommended |
| Severity | moderate |
| References | 1208721,1209229,1211828 |
Description:
This update for glibc fixes the following issues:
- getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235)
- Exclude static archives from preparation for live patching (bsc#1208721)
- resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527)
| Advisory ID | SUSE-SU-2023:2891-1
|
| Released | Wed Jul 19 21:14:33 2023 |
| Summary | Security update for curl |
| Type | security |
| Severity | moderate |
| References | 1213237,CVE-2023-32001 |
Description:
This update for curl fixes the following issues:
- CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).
| Advisory ID | SUSE-RU-2023:2901-1
|
| Released | Thu Jul 20 09:49:16 2023 |
| Summary | Recommended update for lvm2 |
| Type | recommended |
| Severity | important |
| References | 1212613 |
Description:
This update for lvm2 fixes the following issues:
- multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613)
| Advisory ID | SUSE-RU-2023:2918-1
|
| Released | Thu Jul 20 12:00:17 2023 |
| Summary | Recommended update for gpgme |
| Type | recommended |
| Severity | moderate |
| References | 1089497 |
Description:
This update for gpgme fixes the following issues:
gpgme:
- Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497)
libassuan:
- Version upgrade to 2.5.5 in LTSS to address gpgme new requirements
| Advisory ID | SUSE-SU-2023:2965-1
|
| Released | Tue Jul 25 12:30:22 2023 |
| Summary | Security update for openssl-1_1 |
| Type | security |
| Severity | moderate |
| References | 1213487,CVE-2023-3446 |
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
| Advisory ID | SUSE-RU-2023:2966-1
|
| Released | Tue Jul 25 14:26:14 2023 |
| Summary | Recommended update for libxml2 |
| Type | recommended |
| Severity | moderate |
| References | |
Description:
This update for libxml2 fixes the following issues:
- Build also for modern python version (jsc#PED-68)