-----------------------------------------
Version 8.22 2023-10-28T09:00:14
-----------------------------------------
Patch: SUSE-2018-1332
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Severity: moderate
References: 1073299,1093392
Description:
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------
Patch: SUSE-2018-2463
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Severity: moderate
References: 1104700,1112310
Description:
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------
Patch: SUSE-2018-2550
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Severity: moderate
References: 1113554
Description:
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------
Patch: SUSE-2018-2569
Released: Fri Nov 2 19:00:18 2018
Summary: Recommended update for pam
Severity: moderate
References: 1110700
Description:
This update for pam fixes the following issues:
- Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)
-----------------------------------------
Patch: SUSE-2018-2607
Released: Wed Nov 7 15:42:48 2018
Summary: Optional update for gcc8
Severity: low
References: 1084812,1084842,1087550,1094222,1102564
Description:
The GNU Compiler GCC 8 is being added to the Development Tools Module by this
update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other
gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed,
quite some new warnings added and the error pin-pointing and
fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that
have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html
-----------------------------------------
Patch: SUSE-2018-2825
Released: Mon Dec 3 15:35:02 2018
Summary: Security update for pam
Severity: important
References: 1115640,CVE-2018-17953
Description:
This update for pam fixes the following issue:
Security issue fixed:
- CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).
-----------------------------------------
Patch: SUSE-2018-2861
Released: Thu Dec 6 14:32:01 2018
Summary: Security update for ncurses
Severity: important
References: 1103320,1115929,CVE-2018-19211
Description:
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).
Non-security issue fixed:
- Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).
-----------------------------------------
Patch: SUSE-2019-44
Released: Tue Jan 8 13:07:32 2019
Summary: Recommended update for acl
Severity: low
References: 953659
Description:
This update for acl fixes the following issues:
- test: Add helper library to fake passwd/group files.
- quote: Escape literal backslashes. (bsc#953659)
-----------------------------------------
Patch: SUSE-2019-102
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1120402
Description:
This update for timezone fixes the following issues:
- Update 2018i:
São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------
Patch: SUSE-2019-247
Released: Wed Feb 6 07:18:45 2019
Summary: Security update for lua53
Severity: moderate
References: 1123043,CVE-2019-6706
Description:
This update for lua53 fixes the following issues:
Security issue fixed:
- CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043)
-----------------------------------------
Patch: SUSE-2019-571
Released: Thu Mar 7 18:13:46 2019
Summary: Security update for file
Severity: moderate
References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907
Description:
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in
readelf.c, which allowed remote attackers to cause a denial of service
(application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
-----------------------------------------
Patch: SUSE-2019-790
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1130557
Description:
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------
Patch: SUSE-2019-926
Released: Wed Apr 10 16:33:12 2019
Summary: Security update for tar
Severity: moderate
References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923
Description:
This update for tar fixes the following issues:
Security issues fixed:
- CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
- CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).
-----------------------------------------
Patch: SUSE-2019-1040
Released: Thu Apr 25 17:09:21 2019
Summary: Security update for samba
Severity: important
References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880
Description:
This update for samba fixes the following issues:
Security issue fixed:
- CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).
ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686):
- Out of bound read in ldb_wildcard_compare
- Hold at most 10 outstanding paged result cookies
- Put 'results_store' into a doubly linked list
- Refuse to build Samba against a newer minor version of ldb
Non-security issues fixed:
- Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377).
- Abide to the load_printers parameter in smb.conf (bsc#1124223).
- Provide the 32bit samba winbind PAM module and its dependend 32bit libraries.
-----------------------------------------
Patch: SUSE-2019-1368
Released: Tue May 28 13:15:38 2019
Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
Severity: important
References: 1134524,CVE-2019-5021
Description:
This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:
- CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)
-----------------------------------------
Patch: SUSE-2019-1372
Released: Tue May 28 16:53:28 2019
Summary: Security update for libtasn1
Severity: moderate
References: 1105435,CVE-2018-1000654
Description:
This update for libtasn1 fixes the following issues:
Security issue fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
-----------------------------------------
Patch: SUSE-2019-1631
Released: Fri Jun 21 11:17:21 2019
Summary: Recommended update for xz
Severity: low
References: 1135709
Description:
This update for xz fixes the following issues:
Add SUSE-Public-Domain licence as some parts of xz utils (liblzma,
xz, xzdec, lzmadec, documentation, translated messages, tests,
debug, extra directory) are in public domain licence [bsc#1135709]
-----------------------------------------
Patch: SUSE-2019-1815
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1140016
Description:
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------
Patch: SUSE-2019-2762
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1150451
Description:
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------
Patch: SUSE-2019-2997
Released: Mon Nov 18 15:16:38 2019
Summary: Security update for ncurses
Severity: moderate
References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595
Description:
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).
Non-security issue fixed:
- Removed screen.xterm from terminfo database (bsc#1103320).
-----------------------------------------
Patch: SUSE-2019-3061
Released: Mon Nov 25 17:34:22 2019
Summary: Security update for gcc9
Severity: moderate
References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536
Description:
This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html
The base system compiler libraries libgcc_s1, libstdc++6 and others are
now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 /
CXX=g++-9 during configuration for using it.
Security issues fixed:
- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)
Non-security issues fixed:
- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
-----------------------------------------
Patch: SUSE-2019-3086
Released: Thu Nov 28 10:02:24 2019
Summary: Security update for libidn2
Severity: moderate
References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224
Description:
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
-----------------------------------------
Patch: SUSE-2020-338
Released: Thu Feb 6 13:00:23 2020
Summary: Recommended update for apr
Severity: moderate
References: 1151059
Description:
This update for apr fixes the following issues:
- Increase timeout to fix random failure of testsuite [bsc#1151059].
-----------------------------------------
Patch: SUSE-2020-525
Released: Fri Feb 28 11:49:36 2020
Summary: Recommended update for pam
Severity: moderate
References: 1164562
Description:
This update for pam fixes the following issues:
- Add libdb as build-time dependency to enable pam_userdb module.
Enable pam_userdb.so (jsc#sle-7258, bsc#1164562)
-----------------------------------------
Patch: SUSE-2020-689
Released: Fri Mar 13 17:09:01 2020
Summary: Recommended update for pam
Severity: moderate
References: 1166510
Description:
This update for PAM fixes the following issue:
- The license of libdb linked against pam_userdb is not always wanted,
so we temporary disabled pam_userdb again. It will be published
in a different package at a later time. (bsc#1166510)
-----------------------------------------
Patch: SUSE-2020-917
Released: Fri Apr 3 15:02:25 2020
Summary: Recommended update for pam
Severity: moderate
References: 1166510
Description:
This update for pam fixes the following issues:
- Moved pam_userdb into a separate package pam-extra. (bsc#1166510)
-----------------------------------------
Patch: SUSE-2020-948
Released: Wed Apr 8 07:44:21 2020
Summary: Security update for gmp, gnutls, libnettle
Severity: moderate
References: 1152692,1155327,1166881,1168345,CVE-2020-11501
Description:
This update for gmp, gnutls, libnettle fixes the following issues:
Security issue fixed:
- CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)
FIPS related bugfixes:
- FIPS: Install checksums for binary integrity verification which are
required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
- FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if
input is shorter than block size. (bsc#1166881)
- FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)
-----------------------------------------
Patch: SUSE-2020-1226
Released: Fri May 8 10:51:05 2020
Summary: Recommended update for gcc9
Severity: moderate
References: 1149995,1152590,1167898
Description:
This update for gcc9 fixes the following issues:
This update ships the GCC 9.3 release.
- Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
- Includes fix for binutils version parsing
- Add libstdc++6-pp provides and conflicts to avoid file conflicts
with same minor version of libstdc++6-pp from gcc10.
- Add gcc9 autodetect -g at lto link (bsc#1149995)
- Install go tool buildid for bootstrapping go
-----------------------------------------
Patch: SUSE-2020-1294
Released: Mon May 18 07:38:36 2020
Summary: Security update for file
Severity: moderate
References: 1154661,1169512,CVE-2019-18218
Description:
This update for file fixes the following issues:
Security issues fixed:
- CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661).
Non-security issue fixed:
- Fixed broken '--help' output (bsc#1169512).
-----------------------------------------
Patch: SUSE-2020-1303
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Severity: moderate
References: 1169582
Description:
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------
Patch: SUSE-2020-1328
Released: Mon May 18 17:16:04 2020
Summary: Recommended update for grep
Severity: moderate
References: 1155271
Description:
This update for grep fixes the following issues:
- Update testsuite expectations, no functional changes (bsc#1155271)
-----------------------------------------
Patch: SUSE-2020-1542
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Severity: moderate
References: 1172055
Description:
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------
Patch: SUSE-2020-1954
Released: Sat Jul 18 03:07:15 2020
Summary: Recommended update for cracklib
Severity: moderate
References: 1172396
Description:
This update for cracklib fixes the following issues:
- Fixed a buffer overflow when processing long words.
-----------------------------------------
Patch: SUSE-2020-2083
Released: Thu Jul 30 10:27:59 2020
Summary: Recommended update for diffutils
Severity: moderate
References: 1156913
Description:
This update for diffutils fixes the following issue:
- Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913)
-----------------------------------------
Patch: SUSE-2020-2947
Released: Fri Oct 16 15:23:07 2020
Summary: Security update for gcc10, nvptx-tools
Severity: moderate
References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844
Description:
This update for gcc10, nvptx-tools fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
Changes in nvptx-tools:
- Enable build on aarch64
-----------------------------------------
Patch: SUSE-2020-2983
Released: Wed Oct 21 15:03:03 2020
Summary: Recommended update for file
Severity: moderate
References: 1176123
Description:
This update for file fixes the following issues:
- Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123)
-----------------------------------------
Patch: SUSE-2020-3099
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------
Patch: SUSE-2020-3123
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Severity: important
References: 1177460,1178346,1178350,1178353
Description:
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------
Patch: SUSE-2020-3462
Released: Fri Nov 20 13:14:35 2020
Summary: Recommended update for pam and sudo
Severity: moderate
References: 1174593,1177858,1178727
Description:
This update for pam and sudo fixes the following issue:
pam:
- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)
sudo:
- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)
-----------------------------------------
Patch: SUSE-2020-3620
Released: Thu Dec 3 17:03:55 2020
Summary: Recommended update for pam
Severity: moderate
References:
Description:
This update for pam fixes the following issues:
- Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
- Check whether the password contains a substring of of the user's name of at least `<N>` characters length in
some form. This is enabled by the new parameter `usersubstr=<N>`
-----------------------------------------
Patch: SUSE-2020-3791
Released: Mon Dec 14 17:39:19 2020
Summary: Recommended update for gzip
Severity: moderate
References:
Description:
This update for gzip fixes the following issue:
- Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775)
Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`.
-----------------------------------------
Patch: SUSE-2020-3942
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Severity: moderate
References: 1180138
Description:
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------
Patch: SUSE-2021-179
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------
Patch: SUSE-2021-220
Released: Tue Jan 26 14:00:51 2021
Summary: Recommended update for keyutils
Severity: moderate
References: 1180603
Description:
This update for keyutils fixes the following issues:
- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
-----------------------------------------
Patch: SUSE-2021-293
Released: Wed Feb 3 12:52:34 2021
Summary: Recommended update for gmp
Severity: moderate
References: 1180603
Description:
This update for gmp fixes the following issues:
- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)
-----------------------------------------
Patch: SUSE-2021-301
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------
Patch: SUSE-2021-339
Released: Mon Feb 8 13:16:07 2021
Summary: Optional update for pam
Severity: low
References:
Description:
This update for pam fixes the following issues:
- Added rpm macros for this package, so that other packages can make use of it
This patch is optional to be installed - it doesn't fix any bugs.
-----------------------------------------
Patch: SUSE-2021-924
Released: Tue Mar 23 10:00:49 2021
Summary: Recommended update for filesystem
Severity: moderate
References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
Description:
This update for filesystem the following issues:
- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)
This update for systemd fixes the following issues:
- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)
-----------------------------------------
Patch: SUSE-2021-930
Released: Wed Mar 24 12:09:23 2021
Summary: Security update for nghttp2
Severity: important
References: 1172442,1181358,CVE-2020-11080
Description:
This update for nghttp2 fixes the following issues:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)
-----------------------------------------
Patch: SUSE-2021-974
Released: Mon Mar 29 19:31:27 2021
Summary: Security update for tar
Severity: low
References: 1181131,CVE-2021-20193
Description:
This update for tar fixes the following issues:
CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131)
-----------------------------------------
Patch: SUSE-2021-1018
Released: Tue Apr 6 14:29:13 2021
Summary: Recommended update for gzip
Severity: moderate
References: 1180713
Description:
This update for gzip fixes the following issues:
- Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)
-----------------------------------------
Patch: SUSE-2021-1289
Released: Wed Apr 21 14:02:46 2021
Summary: Recommended update for gzip
Severity: moderate
References: 1177047
Description:
This update for gzip fixes the following issues:
- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)
-----------------------------------------
Patch: SUSE-2021-1643
Released: Wed May 19 13:51:48 2021
Summary: Recommended update for pam
Severity: important
References: 1181443,1184358,1185562
Description:
This update for pam fixes the following issues:
- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)
-----------------------------------------
Patch: SUSE-2021-1861
Released: Fri Jun 4 09:59:40 2021
Summary: Recommended update for gcc10
Severity: moderate
References: 1029961,1106014,1178577,1178624,1178675,1182016
Description:
This update for gcc10 fixes the following issues:
- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)
-----------------------------------------
Patch: SUSE-2021-1935
Released: Thu Jun 10 10:45:09 2021
Summary: Recommended update for gzip
Severity: moderate
References: 1186642
Description:
This update for gzip fixes the following issue:
- gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead
to migration issues. (bsc#1186642)
-----------------------------------------
Patch: SUSE-2021-1937
Released: Thu Jun 10 10:47:09 2021
Summary: Recommended update for nghttp2
Severity: moderate
References: 1186642
Description:
This update for nghttp2 fixes the following issue:
- The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead
to migration issues. (bsc#1186642)
-----------------------------------------
Patch: SUSE-2021-2173
Released: Mon Jun 28 14:59:45 2021
Summary: Recommended update for automake
Severity: moderate
References: 1040589,1047218,1182604,1185540,1186049
Description:
This update for automake fixes the following issues:
- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)
This update for pcre fixes the following issues:
- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)
This update for brp-check-suse fixes the following issues:
- Add fixes to support reproducible builds. (bsc#1186049)
-----------------------------------------
Patch: SUSE-2021-2193
Released: Mon Jun 28 18:38:43 2021
Summary: Recommended update for tar
Severity: moderate
References: 1184124
Description:
This update for tar fixes the following issues:
- Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124)
-----------------------------------------
Patch: SUSE-2021-2196
Released: Tue Jun 29 09:41:39 2021
Summary: Security update for lua53
Severity: moderate
References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371
Description:
This update for lua53 fixes the following issues:
Update to version 5.3.6:
- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
-----------------------------------------
Patch: SUSE-2021-2573
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1188127
Description:
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------
Patch: SUSE-2021-3182
Released: Tue Sep 21 17:04:26 2021
Summary: Recommended update for file
Severity: moderate
References: 1189996
Description:
This update for file fixes the following issues:
- Fixes exception thrown by memory allocation problem (bsc#1189996)
-----------------------------------------
Patch: SUSE-2021-3291
Released: Wed Oct 6 16:45:36 2021
Summary: Security update for glibc
Severity: moderate
References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942
Description:
This update for glibc fixes the following issues:
- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).
-----------------------------------------
Patch: SUSE-2021-3490
Released: Wed Oct 20 16:31:55 2021
Summary: Security update for ncurses
Severity: moderate
References: 1190793,CVE-2021-39537
Description:
This update for ncurses fixes the following issues:
- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)
-----------------------------------------
Patch: SUSE-2021-3494
Released: Wed Oct 20 16:48:46 2021
Summary: Recommended update for pam
Severity: moderate
References: 1190052
Description:
This update for pam fixes the following issues:
- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)
-----------------------------------------
Patch: SUSE-2021-3510
Released: Tue Oct 26 11:22:15 2021
Summary: Recommended update for pam
Severity: important
References: 1191987
Description:
This update for pam fixes the following issues:
- Fixed a bad directive file which resulted in
the 'securetty' file to be installed as 'macros.pam'.
(bsc#1191987)
-----------------------------------------
Patch: SUSE-2021-3529
Released: Wed Oct 27 09:23:32 2021
Summary: Security update for pcre
Severity: moderate
References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155
Description:
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)
-----------------------------------------
Patch: SUSE-2021-3767
Released: Tue Nov 23 14:26:06 2021
Summary: Recommended update for apr-util
Severity: moderate
References: 1191619
Description:
This update for apr-util fixes the following problem:
- The dbm backend is shipped in the libapr-util1-dbm-db package in the Legacy Module.
-----------------------------------------
Patch: SUSE-2021-3799
Released: Wed Nov 24 18:07:54 2021
Summary: Recommended update for gcc11
Severity: moderate
References: 1187153,1187273,1188623
Description:
This update for gcc11 fixes the following issues:
The additional GNU compiler collection GCC 11 is provided:
To select these compilers install the packages:
- gcc11
- gcc-c++11
- and others with 11 prefix.
to select them for building:
- CC='gcc-11'
- CXX='g++-11'
The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.
-----------------------------------------
Patch: SUSE-2021-3872
Released: Thu Dec 2 07:25:55 2021
Summary: Recommended update for cracklib
Severity: moderate
References: 1191736
Description:
This update for cracklib fixes the following issues:
- Enable build time tests (bsc#1191736)
-----------------------------------------
Patch: SUSE-2021-3883
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------
Patch: SUSE-2021-3891
Released: Fri Dec 3 10:21:49 2021
Summary: Recommended update for keyutils
Severity: moderate
References: 1029961,1113013,1187654
Description:
This update for keyutils fixes the following issues:
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
keyutils was updated to 1.6.3 (jsc#SLE-20016):
* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes.
Updated to 1.6:
* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore
Updated to 1.5.11 (bsc#1113013)
* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records
-----------------------------------------
Patch: SUSE-2021-3942
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Severity: moderate
References: 1175825,CVE-2020-8927
Description:
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------
Patch: SUSE-2021-3946
Released: Mon Dec 6 14:57:42 2021
Summary: Security update for gmp
Severity: moderate
References: 1192717,CVE-2021-43618
Description:
This update for gmp fixes the following issues:
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).
-----------------------------------------
Patch: SUSE-2021-3980
Released: Thu Dec 9 16:42:19 2021
Summary: Recommended update for glibc
Severity: moderate
References: 1191592
Description:
glibc was updated to fix the following issue:
- Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)
-----------------------------------------
Patch: SUSE-2022-207
Released: Thu Jan 27 09:24:49 2022
Summary: Recommended update for glibc
Severity: moderate
References:
Description:
This update for glibc fixes the following issues:
- Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049).
-----------------------------------------
Patch: SUSE-2022-330
Released: Fri Feb 4 09:29:08 2022
Summary: Security update for glibc
Severity: important
References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219
Description:
This update for glibc fixes the following issues:
- CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640)
- CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770)
Features added:
- IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195)
-----------------------------------------
Patch: SUSE-2022-692
Released: Thu Mar 3 15:46:47 2022
Summary: Recommended update for filesystem
Severity: moderate
References: 1190447
Description:
This update for filesystem fixes the following issues:
- Release ported filesystem to LTSS channels (bsc#1190447).
-----------------------------------------
Patch: SUSE-2022-789
Released: Thu Mar 10 11:22:05 2022
Summary: Recommended update for update-alternatives
Severity: moderate
References: 1195654
Description:
This update for update-alternatives fixes the following issues:
- Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)
-----------------------------------------
Patch: SUSE-2022-861
Released: Tue Mar 15 23:30:48 2022
Summary: Recommended update for openssl-1_1
Severity: moderate
References: 1182959,1195149,1195792,1195856
Description:
This update for openssl-1_1 fixes the following issues:
openssl-1_1:
- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
glibc:
- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
linux-glibc-devel:
- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1
libxcrypt:
- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1
zlib:
- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1
-----------------------------------------
Patch: SUSE-2022-936
Released: Tue Mar 22 18:10:17 2022
Summary: Recommended update for filesystem and systemd-rpm-macros
Severity: moderate
References: 1196275,1196406
Description:
This update for filesystem and systemd-rpm-macros fixes the following issues:
filesystem:
- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
systemd-rpm-macros:
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)
-----------------------------------------
Patch: SUSE-2022-1047
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Severity: moderate
References: 1196093,1197024
Description:
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------
Patch: SUSE-2022-1118
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------
Patch: SUSE-2022-1158
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Severity: important
References: 1198062,CVE-2022-1271
Description:
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------
Patch: SUSE-2022-1281
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Severity: moderate
References: 1196647
Description:
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------
Patch: SUSE-2022-1374
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Severity: moderate
References: 1191157,1197004
Description:
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------
Patch: SUSE-2022-1409
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Severity: moderate
References: 1195628,1196107
Description:
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------
Patch: SUSE-2022-1451
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Severity: moderate
References: 1193489
Description:
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------
Patch: SUSE-2022-1548
Released: Thu May 5 16:45:28 2022
Summary: Security update for tar
Severity: moderate
References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193
Description:
This update for tar fixes the following issues:
- CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131).
- CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496).
- CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610).
- Update to GNU tar 1.34:
* Fix extraction over pipe
* Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131)
* Fix extraction when . and .. are unreadable
* Gracefully handle duplicate symlinks when extracting
* Re-initialize supplementary groups when switching to user
privileges
- Update to GNU tar 1.33:
* POSIX extended format headers do not include PID by default
* --delay-directory-restore works for archives with reversed
member ordering
* Fix extraction of a symbolic link hardlinked to another
symbolic link
* Wildcards in exclude-vcs-ignore mode don't match slash
* Fix the --no-overwrite-dir option
* Fix handling of chained renames in incremental backups
* Link counting works for file names supplied with -T
* Accept only position-sensitive (file-selection) options in file
list files
- prepare usrmerge (bsc#1029961)
- Update to GNU 1.32
* Fix the use of --checkpoint without explicit --checkpoint-action
* Fix extraction with the -U option
* Fix iconv usage on BSD-based systems
* Fix possible NULL dereference (savannah bug #55369)
[bsc#1130496] [CVE-2019-9923]
* Improve the testsuite
- Update to GNU 1.31
* Fix heap-buffer-overrun with --one-top-level, bug introduced
with the addition of that option in 1.28
* Support for zstd compression
* New option '--zstd' instructs tar to use zstd as compression
program. When listing, extractng and comparing, zstd compressed
archives are recognized automatically. When '-a' option is in
effect, zstd compression is selected if the destination archive
name ends in '.zst' or '.tzst'.
* The -K option interacts properly with member names given in the
command line. Names of members to extract can be specified along
with the '-K NAME' option. In this case, tar will extract NAME
and those of named members that appear in the archive after it,
which is consistent with the semantics of the option. Previous
versions of tar extracted NAME, those of named members that
appeared before it, and everything after it.
* Fix CVE-2018-20482 - When creating archives with the --sparse
option, previous versions of tar would loop endlessly if a
sparse file had been truncated while being archived.
-----------------------------------------
Patch: SUSE-2022-1617
Released: Tue May 10 14:40:12 2022
Summary: Security update for gzip
Severity: important
References: 1198062,1198922,CVE-2022-1271
Description:
This update for gzip fixes the following issues:
- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)
-----------------------------------------
Patch: SUSE-2022-1655
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Severity: moderate
References: 1197794
Description:
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------
Patch: SUSE-2022-1658
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Severity: important
References: 1197771
Description:
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------
Patch: SUSE-2022-1670
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Severity: important
References: 1199240,CVE-2022-29155
Description:
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------
Patch: SUSE-2022-1718
Released: Tue May 17 17:44:43 2022
Summary: Security update for e2fsprogs
Severity: important
References: 1198446,CVE-2022-1304
Description:
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------
Patch: SUSE-2022-1887
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Severity: moderate
References: 1040589
Description:
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------
Patch: SUSE-2022-1899
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Severity: important
References: 1198176
Description:
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------
Patch: SUSE-2022-1909
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Severity: moderate
References: 1198751
Description:
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------
Patch: SUSE-2022-1928
Released: Thu Jun 2 17:34:05 2022
Summary: Security update for php8
Severity: low
References: 1197644
Description:
This update for php8 fixes the following issues:
- Fixed filter_var bypass vulnerability (bsc#1197644).
-----------------------------------------
Patch: SUSE-2022-2019
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
Description:
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------
Patch: SUSE-2022-2112
Released: Fri Jun 17 11:44:24 2022
Summary: Recommended update for gnutls
Severity: moderate
References: 1190698,1191021,1194907
Description:
This update for gnutls fixes the following issues:
- FIPS: Make sure zeroization is performed in all API functions [bsc#1191021]
- FIPS: Add missing requirements for the SLI [bsc#1190698]
* Remove 3DES from FIPS approved algorithms:
* DRBG service (gnutls_rnd) should be considered approved:
- FIPS: Mark AES-GCM as approved in the TLS context [bsc#1194907]
-----------------------------------------
Patch: SUSE-2022-2294
Released: Wed Jul 6 13:34:15 2022
Summary: Security update for expat
Severity: important
References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
Description:
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
-----------------------------------------
Patch: SUSE-2022-2302
Released: Wed Jul 6 13:37:15 2022
Summary: Security update for apache2
Severity: important
References: 1198913,1200338,1200340,1200341,1200345,1200348,1200350,1200352,CVE-2022-26377,CVE-2022-28614,CVE-2022-28615,CVE-2022-29404,CVE-2022-30522,CVE-2022-30556,CVE-2022-31813
Description:
This update for apache2 fixes the following issues:
- CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)
- CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)
- CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)
- CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)
- CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)
- CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)
- CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)
-----------------------------------------
Patch: SUSE-2022-2303
Released: Wed Jul 6 13:37:48 2022
Summary: Security update for php8
Severity: important
References: 1193041,1200628,1200645,CVE-2021-21707,CVE-2022-31625,CVE-2022-31626
Description:
This update for php8 fixes the following issues:
- CVE-2021-21707: Fixed a special character that breaks path in xml parsing. (bsc#1193041)
- CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. (bsc#1200645)
- CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. (bsc#1200628)
-----------------------------------------
Patch: SUSE-2022-2305
Released: Wed Jul 6 13:38:42 2022
Summary: Security update for curl
Severity: important
References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208
Description:
This update for curl fixes the following issues:
- CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------
Patch: SUSE-2022-2360
Released: Tue Jul 12 12:01:39 2022
Summary: Security update for pcre2
Severity: important
References: 1199232,CVE-2022-1586
Description:
This update for pcre2 fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------
Patch: SUSE-2022-2361
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Severity: important
References: 1199232,CVE-2022-1586
Description:
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------
Patch: SUSE-2022-2396
Released: Thu Jul 14 11:57:58 2022
Summary: Security update for logrotate
Severity: important
References: 1192449,1199652,1200278,1200802,CVE-2022-1348
Description:
This update for logrotate fixes the following issues:
Security issues fixed:
- CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652).
- Improved coredump handing for SUID binaries (bsc#1192449).
Non-security issues fixed:
- Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).
-----------------------------------------
Patch: SUSE-2022-2406
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Severity: moderate
References: 1197718,1199140,1200334,1200855
Description:
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------
Patch: SUSE-2022-2469
Released: Thu Jul 21 04:38:31 2022
Summary: Recommended update for systemd
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276
Description:
This update for systemd fixes the following issues:
- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these
directories are read by both udevd and systemd-networkd (bsc#1201276)
- Allow control characters in environment variable values (bsc#1200170)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
-----------------------------------------
Patch: SUSE-2022-2493
Released: Thu Jul 21 14:35:08 2022
Summary: Recommended update for rpm-config-SUSE
Severity: moderate
References: 1193282
Description:
This update for rpm-config-SUSE fixes the following issues:
- Add SBAT values macros for other packages (bsc#1193282)
-----------------------------------------
Patch: SUSE-2022-2494
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Severity: important
References: 1200855,1201560,1201640
Description:
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------
Patch: SUSE-2022-2566
Released: Wed Jul 27 15:04:49 2022
Summary: Security update for pcre2
Severity: important
References: 1199235,CVE-2022-1587
Description:
This update for pcre2 fixes the following issues:
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
-----------------------------------------
Patch: SUSE-2022-2632
Released: Wed Aug 3 09:51:00 2022
Summary: Security update for permissions
Severity: important
References: 1198720,1200747,1201385
Description:
This update for permissions fixes the following issues:
* apptainer: fix starter-suid location (bsc#1198720)
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
-----------------------------------------
Patch: SUSE-2022-2717
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Severity: moderate
References: 1198627,CVE-2022-29458
Description:
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------
Patch: SUSE-2022-2735
Released: Wed Aug 10 04:31:41 2022
Summary: Recommended update for tar
Severity: moderate
References: 1200657
Description:
This update for tar fixes the following issues:
- Fix race condition while creating intermediate subdirectories (bsc#1200657)
-----------------------------------------
Patch: SUSE-2022-2796
Released: Fri Aug 12 14:34:31 2022
Summary: Recommended update for jitterentropy
Severity: moderate
References:
Description:
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
-----------------------------------------
Patch: SUSE-2022-2844
Released: Thu Aug 18 14:41:25 2022
Summary: Recommended update for tar
Severity: important
References: 1202436
Description:
This update for tar fixes the following issues:
- A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436)
-----------------------------------------
Patch: SUSE-2022-2901
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Severity: moderate
References:
Description:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------
Patch: SUSE-2022-2904
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Severity: moderate
References: 1198341
Description:
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------
Patch: SUSE-2022-2919
Released: Fri Aug 26 15:04:20 2022
Summary: Security update for gnutls
Severity: important
References: 1190698,1198979,1202020,CVE-2022-2509
Description:
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
Non-security fixes:
- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]
- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]
- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]
-----------------------------------------
Patch: SUSE-2022-2920
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Severity: important
References: 1195059,1201795
Description:
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
-----------------------------------------
Patch: SUSE-2022-2929
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Severity: important
References: 1202310
Description:
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------
Patch: SUSE-2022-3003
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Severity: low
References: 1202593,CVE-2022-35252
Description:
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------
Patch: SUSE-2022-3020
Released: Mon Sep 5 11:23:15 2022
Summary: Security update for php-composer2
Severity: important
References: 1198494,CVE-2022-24828
Description:
This update for php-composer2 fixes the following issues:
- CVE-2022-24828: Fixed a code injection issue that affected
integrators using specific APIs to read untrusted input files (bsc#1198494).
-----------------------------------------
Patch: SUSE-2022-3127
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Severity: moderate
References: 1198752,1200800
Description:
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------
Patch: SUSE-2022-3262
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Severity: moderate
References: 1199140
Description:
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------
Patch: SUSE-2022-3271
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Severity: moderate
References: 1047178,CVE-2017-6512
Description:
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------
Patch: SUSE-2022-3305
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Severity: important
References: 1201680,CVE-2021-46828
Description:
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------
Patch: SUSE-2022-3316
Released: Tue Sep 20 11:12:14 2022
Summary: Recommended update for gnutls
Severity: moderate
References: 1190698,1191021,1202146
Description:
This update for gnutls fixes the following issues:
- FIPS: Zeroize the calculated hmac and new_hmac in the
check_binary_integrity() function. [bsc#1191021]
- FIPS: Additional modifications to the SLI. [bsc#1190698]
* Mark CMAC and GMAC and non-approved in gnutls_pbkfd2().
* Mark HMAC keylength less than 112 bits as non-approved in
gnutls_pbkfd2().
- FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941]
* Add new dependency on jitterentropy
-----------------------------------------
Patch: SUSE-2022-3327
Released: Wed Sep 21 12:47:17 2022
Summary: Security update for oniguruma
Severity: important
References: 1142847,1150130,1157805,1164550,1164569,1177179,CVE-2019-13224,CVE-2019-16163,CVE-2019-19203,CVE-2019-19204,CVE-2019-19246,CVE-2020-26159
Description:
This update for oniguruma fixes the following issues:
- CVE-2019-19246: Fixed an out of bounds access during regular
expression matching (bsc#1157805).
- CVE-2019-19204: Fixed an out of bounds access when compiling a
crafted regular expression (bsc#1164569).
- CVE-2019-19203: Fixed an out of bounds access when performing a
string search (bsc#1164550).
- CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling
a crafted regular expression, which could lead to denial of service (bsc#1150130).
- CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179).
- CVE-2019-13224: Fixed a potential use-after-free when handling
multiple different encodings (bsc#1142847).
-----------------------------------------
Patch: SUSE-2022-3328
Released: Wed Sep 21 12:48:56 2022
Summary: Recommended update for jitterentropy
Severity: moderate
References: 1202870
Description:
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
-----------------------------------------
Patch: SUSE-2022-3353
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Severity: moderate
References: 1203018,CVE-2022-31252
Description:
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
-----------------------------------------
Patch: SUSE-2022-3452
Released: Wed Sep 28 12:13:43 2022
Summary: Recommended update for glibc
Severity: moderate
References: 1201942
Description:
This update for glibc fixes the following issues:
- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)
-----------------------------------------
Patch: SUSE-2022-3489
Released: Sat Oct 1 13:35:24 2022
Summary: Security update for expat
Severity: important
References: 1203438,CVE-2022-40674
Description:
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
-----------------------------------------
Patch: SUSE-2022-3555
Released: Mon Oct 10 14:05:12 2022
Summary: Recommended update for aaa_base
Severity: important
References: 1199492
Description:
This update for aaa_base fixes the following issues:
- The wrapper rootsh is not a restricted shell. (bsc#1199492)
-----------------------------------------
Patch: SUSE-2022-3661
Released: Wed Oct 19 14:00:28 2022
Summary: Security update for php8
Severity: important
References: 1192050,1200772,1203867,1203870,CVE-2021-21703,CVE-2022-31628,CVE-2022-31629
Description:
This update for php8 fixes the following issues:
- php8 was updated to version 8.0.24
- php8 was updated to version 8.0.23 (jsc#SLE-23639).
- CVE-2021-21703: Fixed a local privilege escalation via PHP-FPM. (bsc#1192050)
- CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. (bsc#1203867)
- CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the victim's browser. (bsc#1203870)
- Fixed missing devel package requires pear and pecl extensions (jsc#SLE-24723, bsc#1200772).
-----------------------------------------
Patch: SUSE-2022-3784
Released: Wed Oct 26 18:03:28 2022
Summary: Security update for libtasn1
Severity: critical
References: 1204690,CVE-2021-46848
Description:
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)
-----------------------------------------
Patch: SUSE-2022-3785
Released: Wed Oct 26 20:20:19 2022
Summary: Security update for curl
Severity: important
References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916
Description:
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
- CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).
-----------------------------------------
Patch: SUSE-2022-3787
Released: Thu Oct 27 04:41:09 2022
Summary: Recommended update for permissions
Severity: important
References: 1194047,1203911
Description:
This update for permissions fixes the following issues:
- Fix regression introduced by backport of security fix (bsc#1203911)
- Add permissions for enlightenment helper on 32bit arches (bsc#1194047)
-----------------------------------------
Patch: SUSE-2022-3799
Released: Thu Oct 27 14:59:06 2022
Summary: Recommended update for gnutls
Severity: important
References: 1202146,1203779
Description:
This update for gnutls fixes the following issues:
- FIPS: Set error state when jent init failed in FIPS mode (bsc#1202146)
- FIPS: Make XTS key check failure not fatal (bsc#1203779)
-----------------------------------------
Patch: SUSE-2022-3884
Released: Mon Nov 7 10:59:26 2022
Summary: Security update for expat
Severity: important
References: 1204708,CVE-2022-43680
Description:
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
-----------------------------------------
Patch: SUSE-2022-3885
Released: Mon Nov 7 11:32:04 2022
Summary: Recommended update for gnutls
Severity: moderate
References: 1203299
Description:
This update for gnutls fixes the following issues:
- Fix AVX CPU feature detection for OSXSAVE (bsc#1203299)
This fixes a SIGILL termination at the verzoupper instruction when
trying to run GnuTLS on a Linux kernel with the noxsave command
line parameter set. Relevant mostly for virtual systems.
-----------------------------------------
Patch: SUSE-2022-3910
Released: Tue Nov 8 13:05:04 2022
Summary: Recommended update for pam
Severity: moderate
References:
Description:
This update for pam fixes the following issue:
- Update pam_motd to the most current version. (PED-1712)
-----------------------------------------
Patch: SUSE-2022-3999
Released: Tue Nov 15 17:08:04 2022
Summary: Security update for systemd
Severity: moderate
References: 1204179,1204968,CVE-2022-3821
Description:
This update for systemd fixes the following issues:
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
- Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428
* 0469b9f2bc pstore: do not try to load all known pstore modules
* ad05f54439 pstore: Run after modules are loaded
* ccad817445 core: Add trigger limit for path units
* 281d818fe3 core/mount: also add default before dependency for automount mount units
* ffe5b4afa8 logind: fix crash in logind on user-specified message string
- Document udev naming scheme (bsc#1204179)
- Make 'sle15-sp3' net naming scheme still available for backward compatibility
reason
-----------------------------------------
Patch: SUSE-2022-4005
Released: Tue Nov 15 17:10:33 2022
Summary: Security update for php8
Severity: important
References: 1204577,1204979,CVE-2022-31630,CVE-2022-37454
Description:
This update for php8 fixes the following issues:
- CVE-2022-37454: Fixed buffer overflow in hash_update() on long parameter (bug#81738) (bsc#1204577).
- CVE-2022-31630: Fixed OOB read due to insufficient input validation in imageloadfont() (bug#81739) (bsc#1204979).
- version update to 8.0.25 (27 Oct 2022)
* Session: Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method).
* Streams: Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).
-----------------------------------------
Patch: SUSE-2022-4066
Released: Fri Nov 18 10:43:00 2022
Summary: Recommended update for timezone
Severity: important
References: 1177460,1202324,1204649,1205156
Description:
This update for timezone fixes the following issues:
Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):
- Mexico will no longer observe DST except near the US border
- Chihuahua moves to year-round -06 on 2022-10-30
- Fiji no longer observes DST
- In vanguard form, GMT is now a Zone and Etc/GMT a link
- zic now supports links to links, and vanguard form uses this
- Simplify four Ontario zones
- Fix a Y2438 bug when reading TZif data
- Enable 64-bit time_t on 32-bit glibc platforms
- Omit large-file support when no longer needed
- Jordan and Syria switch from +02/+03 with DST to year-round +03
- Palestine transitions are now Saturdays at 02:00
- Simplify three Ukraine zones into one
- Improve tzselect on intercontinental Zones
- Chile's DST is delayed by a week in September 2022 (bsc#1202324)
- Iran no longer observes DST after 2022
- Rename Europe/Kiev to Europe/Kyiv
- New `zic -R` command option
- Vanguard form now uses %z
-----------------------------------------
Patch: SUSE-2022-4081
Released: Fri Nov 18 15:40:46 2022
Summary: Security update for dpkg
Severity: low
References: 1199944,CVE-2022-1664
Description:
This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
-----------------------------------------
Patch: SUSE-2022-4135
Released: Mon Nov 21 00:13:40 2022
Summary: Recommended update for libeconf
Severity: moderate
References: 1198165
Description:
This update for libeconf fixes the following issues:
- Update to version 0.4.6+git
- econftool:
Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter.
- libeconf:
Parse files correctly on space characters (1198165)
- Update to version 0.4.5+git
- econftool:
New call 'syntax' for checking the configuration files only. Returns an error string with line number if error.
New options '--comment' and '--delimeters'
-----------------------------------------
Patch: SUSE-2022-4256
Released: Mon Nov 28 12:36:32 2022
Summary: Recommended update for gcc12
Severity: moderate
References:
Description:
This update for gcc12 fixes the following issues:
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.
The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
-----------------------------------------
Patch: SUSE-2022-4312
Released: Fri Dec 2 11:16:47 2022
Summary: Recommended update for tar
Severity: moderate
References: 1200657,1203600
Description:
This update for tar fixes the following issues:
- Fix unexpected inconsistency when making directory (bsc#1203600)
- Update race condition fix (bsc#1200657)
-----------------------------------------
Patch: SUSE-2022-4597
Released: Wed Dec 21 10:13:11 2022
Summary: Security update for curl
Severity: important
References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552
Description:
This update for curl fixes the following issues:
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).
-----------------------------------------
Patch: SUSE-2022-4629
Released: Wed Dec 28 09:24:07 2022
Summary: Security update for systemd
Severity: important
References: 1200723,1205000,CVE-2022-4415
Description:
This update for systemd fixes the following issues:
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
Bug fixes:
- Support by-path devlink for multipath nvme block devices (bsc#1200723).
-----------------------------------------
Patch: SUSE-2023-25
Released: Thu Jan 5 09:51:41 2023
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
Version update from 2022f to 2022g (bsc#1177460):
- In the Mexican state of Chihuahua:
* The border strip near the US will change to agree with nearby US locations on 2022-11-30.
* The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules,
like El Paso, TX.
* The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX.
* A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
- Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving
time becomes standard time.
- Changes for pre-1996 northern Canada
- Update to past DST transition in Colombia (1993), Singapore (1981)
- 'timegm' is now supported by default
-----------------------------------------
Patch: SUSE-2023-48
Released: Mon Jan 9 10:37:54 2023
Summary: Recommended update for libtirpc
Severity: moderate
References: 1199467
Description:
This update for libtirpc fixes the following issues:
- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)
-----------------------------------------
Patch: SUSE-2023-50
Released: Mon Jan 9 10:42:21 2023
Summary: Recommended update for shadow
Severity: moderate
References: 1205502
Description:
This update for shadow fixes the following issues:
- Fix issue with user id field that cannot be interpreted (bsc#1205502)
-----------------------------------------
Patch: SUSE-2023-55
Released: Mon Jan 9 10:49:56 2023
Summary: Recommended update for php8
Severity: moderate
References: 1205782
Description:
This update for php8 fixes the following issues:
- Don't expect the user to always have the php8 module loaded in Apache (bsc#1205782)
-----------------------------------------
Patch: SUSE-2023-74
Released: Wed Jan 11 18:43:26 2023
Summary: Security update for php8
Severity: important
References: 1206958,CVE-2022-31631
Description:
This update for php8 fixes the following issues:
- Updated to version 8.0.27:
- CVE-2022-31631: Fixed an issue where PDO::quote would return an
unquoted string (bsc#1206958).
Non-security fixes:
- Fixed a NULL pointer dereference with -w/-s options.
- Fixed a crash in Generator when interrupted during argument
evaluation with extra named params.
- Fixed a crash in Generator when memory limit was exceeded during
initialization.
- Fixed a memory leak in Generator when interrupted during argument
evaluation.
- Fixed an issue in the DateTimeZone constructor where an extra null
byte could be added to the input.
- Fixed a hang in SaltStack when using php-fpm 8.1.11.
- Fixed mysqli_query warnings being shown despite using silenced
error mode.
- Fixed a NULL pointer dereference when serializing a SOAP response
call.
-----------------------------------------
Patch: SUSE-2023-175
Released: Thu Jan 26 20:53:51 2023
Summary: Recommended update for gnutls
Severity: moderate
References: 1207183,1207346
Description:
This update for gnutls fixes the following issues:
- FIPS: Added GnuTLS DH/ECDH pairwise consistency check for public key regeneration [bsc#1207183]
- FIPS: Change all the 140-2 references to FIPS 140-3 in order to account for the new FIPS certification [bsc#1207346]
-----------------------------------------
Patch: SUSE-2023-179
Released: Thu Jan 26 21:54:30 2023
Summary: Recommended update for tar
Severity: low
References: 1202436
Description:
This update for tar fixes the following issue:
- Fix hang when unpacking test tarball (bsc#1202436)
-----------------------------------------
Patch: SUSE-2023-201
Released: Fri Jan 27 15:24:15 2023
Summary: Security update for systemd
Severity: moderate
References: 1204944,1205000,1207264,CVE-2022-4415
Description:
This update for systemd fixes the following issues:
- CVE-2022-4415: Fixed an issue where users could access coredumps
with changed uid, gid or capabilities (bsc#1205000).
Non-security fixes:
- Enabled the pstore service (jsc#PED-2663).
- Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944).
- Fixed an issue where a pamd file could get accidentally overwritten
after an update (bsc#1207264).
-----------------------------------------
Patch: SUSE-2023-322
Released: Wed Feb 8 16:19:37 2023
Summary: Security update for apache2
Severity: important
References: 1207247,1207250,1207251,CVE-2006-20001,CVE-2022-36760,CVE-2022-37436
Description:
This update for apache2 fixes the following issues:
- CVE-2022-37436: Fixed an issue in mod_proxy where a malicious
backend could cause the response headers to be truncated early,
resulting in some headers being incorporated into the response body
(bsc#1207251).
- CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow
request smuggling attacks (bsc#1207250).
- CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request
header could cause memory corruption (bsc#1207247).
-----------------------------------------
Patch: SUSE-2023-389
Released: Mon Feb 13 09:41:49 2023
Summary: Security update for apr-util
Severity: critical
References: 1207866,CVE-2022-25147
Description:
This update for apr-util fixes the following issues:
- CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866)
-----------------------------------------
Patch: SUSE-2023-429
Released: Wed Feb 15 17:41:22 2023
Summary: Security update for curl
Severity: important
References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916
Description:
This update for curl fixes the following issues:
- CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990).
- CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).
-----------------------------------------
Patch: SUSE-2023-463
Released: Mon Feb 20 16:33:39 2023
Summary: Security update for tar
Severity: moderate
References: 1202436,1207753,CVE-2022-48303
Description:
This update for tar fixes the following issues:
- CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753).
Bug fixes:
- Fix hang when unpacking test tarball (bsc#1202436).
-----------------------------------------
Patch: SUSE-2023-464
Released: Mon Feb 20 18:11:37 2023
Summary: Recommended update for systemd
Severity: moderate
References:
Description:
This update for systemd fixes the following issues:
- Merge of v249.15
- Drop workaround related to systemd-timesyncd that addressed a Factory issue.
- Conditionalize the use of /lib/modprobe.d only on systems with split usr
support enabled (i.e. SLE).
- Make use of the %systemd_* rpm macros consistently. Using the upstream
variants will ease the backports of Factory changes to SLE since Factory
systemd uses the upstream variants exclusively.
- machines.target belongs to systemd-container, do its init/cleanup steps from
the scriptlets of this sub-package.
- Make sure we apply the presets on units shipped by systemd package.
- systemd-testsuite: move the integration tests in a dedicated sub directory.
- Move systemd-cryptenroll into udev package.
-----------------------------------------
Patch: SUSE-2023-475
Released: Wed Feb 22 10:49:14 2023
Summary: Security update for gnutls
Severity: moderate
References: 1207183,1208143,1208146,CVE-2023-0361
Description:
This update for gnutls fixes the following issues:
- CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143).
- FIPS: Make the jitterentropy calls thread-safe (bsc#1208146).
- FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183).
-----------------------------------------
Patch: SUSE-2023-527
Released: Mon Feb 27 14:30:44 2023
Summary: Security update for php8
Severity: important
References: 1208366,1208367,CVE-2023-0568,CVE-2023-0662
Description:
This update for php8 fixes the following issues:
php8 was updated to version 8.0.28:
- CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir (bnc#1208366).
- CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body (bnc#1208367).
-----------------------------------------
Patch: SUSE-2023-617
Released: Fri Mar 3 16:49:06 2023
Summary: Recommended update for jitterentropy
Severity: moderate
References: 1207789
Description:
This update for jitterentropy fixes the following issues:
- build jitterentropy library with debuginfo (bsc#1207789)
-----------------------------------------
Patch: SUSE-2023-632
Released: Mon Mar 6 20:33:59 2023
Summary: Recommended update for gnutls
Severity: moderate
References: 1207183,1208237
Description:
This update for gnutls fixes the following issues:
- FIPS: Fix pct_test() return code in case of error (bsc#1207183)
- Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562]
-----------------------------------------
Patch: SUSE-2023-743
Released: Wed Mar 15 11:18:23 2023
Summary: Recommended update for gnutls
Severity: moderate
References: 1209001
Description:
This update for gnutls fixes the following issues:
FIPS: Establish PBKDF2 additional requirements [bsc#1209001]
* Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N)
* Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1)
* Set the minimum iterations count to 1000 (SP 800-132 sec 5.2)
* Set the minimum passlen of 20 characters (SP SP800-132 sec 5)
* Add regression tests for the new PBKDF2 requirements.
-----------------------------------------
Patch: SUSE-2023-776
Released: Thu Mar 16 17:29:23 2023
Summary: Recommended update for gcc12
Severity: moderate
References:
Description:
This update for gcc12 fixes the following issues:
This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.
SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
-----------------------------------------
Patch: SUSE-2023-1582
Released: Mon Mar 27 10:31:52 2023
Summary: Security update for curl
Severity: moderate
References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538
Description:
This update for curl fixes the following issues:
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
-----------------------------------------
Patch: SUSE-2023-1658
Released: Wed Mar 29 09:44:07 2023
Summary: Security update for apache2
Severity: important
References: 1207327,1208708,1209047,1209049,CVE-2023-25690,CVE-2023-27522
Description:
This update for apache2 fixes the following issues:
- CVE-2023-27522: Fixed HTTP response splitting in mod_proxy_uwsgi (bsc#1209049).
- CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047).
The following non-security bugs were fixed:
- Fixed mod_proxy handling of very long urls (bsc#1207327)
- Fixed passing health check does not recover worker from its error state (bsc#1208708).
-----------------------------------------
Patch: SUSE-2023-1662
Released: Wed Mar 29 10:36:23 2023
Summary: Recommended update for patterns-base
Severity: moderate
References: 1203537
Description:
This update for patterns-base fixes the following issues:
- change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537)
-----------------------------------------
Patch: SUSE-2023-1688
Released: Wed Mar 29 18:19:10 2023
Summary: Security update for zstd
Severity: moderate
References: 1209533,CVE-2022-4899
Description:
This update for zstd fixes the following issues:
- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).
-----------------------------------------
Patch: SUSE-2023-1718
Released: Fri Mar 31 15:47:34 2023
Summary: Security update for glibc
Severity: moderate
References: 1207571,1207957,1207975,1208358,CVE-2023-0687
Description:
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)
Other issues fixed:
- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)
-----------------------------------------
Patch: SUSE-2023-1779
Released: Thu Apr 6 08:16:58 2023
Summary: Recommended update for systemd
Severity: moderate
References: 1208432
Description:
This update for systemd fixes the following issues:
- Fix return non-zero value when disabling SysVinit service (bsc#1208432)
- Drop build requirement on libpci, it's not no longer needed
- Move systemd-boot and all components managing (secure) UEFI boot into udev
sub-package, so they aren't installed in systemd based containers
-----------------------------------------
Patch: SUSE-2023-1805
Released: Tue Apr 11 10:12:41 2023
Summary: Recommended update for timezone
Severity: important
References:
Description:
This update for timezone fixes the following issues:
- Version update from 2022g to 2023c:
* Egypt now uses DST again, from April through October.
* This year Morocco springs forward April 23, not April 30.
* Palestine delays the start of DST this year.
* Much of Greenland still uses DST from 2024 on.
* America/Yellowknife now links to America/Edmonton.
* tzselect can now use current time to help infer timezone.
* The code now defaults to C99 or later.
-----------------------------------------
Patch: SUSE-2023-1891
Released: Tue Apr 18 11:28:04 2023
Summary: Recommended update for php8
Severity: moderate
References: 1205162,1208199
Description:
This update for php8 fixes the following issues:
- ensure extension=mysqlnd will be called before extension=mysqli (bsc#1205162)
- fix potential buffer overflow (bsc#1208199)
-----------------------------------------
Patch: SUSE-2023-2066
Released: Fri Apr 28 13:54:17 2023
Summary: Security update for shadow
Severity: moderate
References: 1210507,CVE-2023-29383
Description:
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
-----------------------------------------
Patch: SUSE-2023-2111
Released: Fri May 5 14:34:00 2023
Summary: Security update for ncurses
Severity: moderate
References: 1210434,CVE-2023-29491
Description:
This update for ncurses fixes the following issues:
- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).
-----------------------------------------
Patch: SUSE-2023-2224
Released: Wed May 17 09:53:54 2023
Summary: Security update for curl
Severity: important
References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322
Description:
This update for curl adds the following feature:
Update to version 8.0.1 (jsc#PED-2580)
- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).
-----------------------------------------
Patch: SUSE-2023-2240
Released: Wed May 17 19:56:54 2023
Summary: Recommended update for systemd
Severity: moderate
References: 1203141,1207410
Description:
This update for systemd fixes the following issues:
- udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
- Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141)
- Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626)
-----------------------------------------
Patch: SUSE-2023-2484
Released: Mon Jun 12 08:49:58 2023
Summary: Security update for openldap2
Severity: moderate
References: 1211795,CVE-2023-2953
Description:
This update for openldap2 fixes the following issues:
- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).
-----------------------------------------
Patch: 29171
Released: Tue Jun 20 12:29:00 2023
Summary: Security update for openssl-1_1
Severity: important
References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect tests (bsc#1201627)
-----------------------------------------
Patch: SUSE-2023-2610
Released: Thu Jun 22 09:53:34 2023
Summary: Security update for php8
Severity: moderate
References: 1212349,CVE-2023-3247
Description:
This update for php8 fixes the following issues:
- CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349).
-----------------------------------------
Patch: SUSE-2023-2625
Released: Fri Jun 23 17:16:11 2023
Summary: Recommended update for gcc12
Severity: moderate
References:
Description:
This update for gcc12 fixes the following issues:
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression and other bug fixes
- Speed up builds with --enable-link-serialization.
- Update embedded newlib to version 4.2.0
-----------------------------------------
Patch: SUSE-2023-2765
Released: Mon Jul 3 20:28:14 2023
Summary: Security update for libcap
Severity: moderate
References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603
Description:
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
-----------------------------------------
Patch: SUSE-2023-2827
Released: Fri Jul 14 11:27:47 2023
Summary: Recommended update for libxml2
Severity: moderate
References:
Description:
This update for libxml2 fixes the following issues:
- Build also for modern python version (jsc#PED-68)
-----------------------------------------
Patch: SUSE-2023-2847
Released: Mon Jul 17 08:40:42 2023
Summary: Recommended update for audit
Severity: moderate
References: 1210004
Description:
This update for audit fixes the following issues:
- Check for AF_UNIX unnamed sockets (bsc#1210004)
- Enable livepatching on main library on x86_64
-----------------------------------------
Patch: SUSE-2023-2855
Released: Mon Jul 17 16:35:21 2023
Summary: Recommended update for openldap2
Severity: moderate
References: 1212260
Description:
This update for openldap2 fixes the following issues:
- libldap2 crashes on ldap_sasl_bind_s (bsc#1212260)
-----------------------------------------
Patch: SUSE-2023-2882
Released: Wed Jul 19 11:49:39 2023
Summary: Security update for perl
Severity: important
References: 1210999,CVE-2023-31484
Description:
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
-----------------------------------------
Patch: SUSE-2023-2885
Released: Wed Jul 19 16:58:43 2023
Summary: Recommended update for glibc
Severity: moderate
References: 1208721,1209229,1211828
Description:
This update for glibc fixes the following issues:
- getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235)
- Exclude static archives from preparation for live patching (bsc#1208721)
- resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527)
-----------------------------------------
Patch: SUSE-2023-2891
Released: Wed Jul 19 21:14:33 2023
Summary: Security update for curl
Severity: moderate
References: 1213237,CVE-2023-32001
Description:
This update for curl fixes the following issues:
- CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).
-----------------------------------------
Patch: SUSE-2023-2965
Released: Tue Jul 25 12:30:22 2023
Summary: Security update for openssl-1_1
Severity: moderate
References: 1213487,CVE-2023-3446
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
-----------------------------------------
Patch: SUSE-2023-2966
Released: Tue Jul 25 14:26:14 2023
Summary: Recommended update for libxml2
Severity: moderate
References:
Description:
This update for libxml2 fixes the following issues:
- Build also for modern python version (jsc#PED-68)
-----------------------------------------
Patch: SUSE-2023-3102
Released: Tue Aug 1 14:11:53 2023
Summary: Recommended update for openssl-1_1
Severity: moderate
References: 1213517
Description:
This update for openssl-1_1 fixes the following issues:
- Dont pass zero length input to EVP_Cipher (bsc#1213517)
-----------------------------------------
Patch: SUSE-2023-3242
Released: Tue Aug 8 18:19:40 2023
Summary: Security update for openssl-1_1
Severity: moderate
References: 1213853,CVE-2023-3817
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
-----------------------------------------
Patch: SUSE-2023-3285
Released: Fri Aug 11 10:30:38 2023
Summary: Recommended update for shadow
Severity: moderate
References: 1206627,1213189
Description:
This update for shadow fixes the following issues:
- Prevent lock files from remaining after power interruptions (bsc#1213189)
- Add --prefix support to passwd, chpasswd and chage (bsc#1206627)
-----------------------------------------
Patch: SUSE-2023-3325
Released: Wed Aug 16 08:26:08 2023
Summary: Security update for krb5
Severity: important
References: 1214054,CVE-2023-36054
Description:
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
-----------------------------------------
Patch: SUSE-2023-3327
Released: Wed Aug 16 08:45:25 2023
Summary: Security update for pcre2
Severity: moderate
References: 1213514,CVE-2022-41409
Description:
This update for pcre2 fixes the following issues:
- CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).
-----------------------------------------
Patch: SUSE-2023-3410
Released: Thu Aug 24 06:56:32 2023
Summary: Recommended update for audit
Severity: moderate
References: 1201519,1204844
Description:
This update for audit fixes the following issues:
- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)
-----------------------------------------
Patch: SUSE-2023-3451
Released: Mon Aug 28 12:15:22 2023
Summary: Recommended update for systemd
Severity: moderate
References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873
Description:
This update for systemd fixes the following issues:
- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)
- Decrease devlink priority for iso disks (bsc#1213185)
- Do not ignore mount point paths longer than 255 characters (bsc#1208194)
- Refuse hibernation if there's no possible way to resume (bsc#1186606)
- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)
- Drop some entries no longer needed by YaST (bsc#1194609)
- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)
- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)
-----------------------------------------
Patch: SUSE-2023-3528
Released: Tue Sep 5 09:59:27 2023
Summary: Security update for php7
Severity: important
References: 1214103,1214106,CVE-2023-3823,CVE-2023-3824
Description:
This update for php7 fixes the following issues:
- CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106)
- CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103)
-----------------------------------------
Patch: SUSE-2023-3577
Released: Mon Sep 11 15:04:01 2023
Summary: Recommended update for crypto-policies
Severity: low
References: 1209998
Description:
This update for crypto-policies fixes the following issues:
- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)
-----------------------------------------
Patch: SUSE-2023-3611
Released: Fri Sep 15 09:28:36 2023
Summary: Recommended update for sysuser-tools
Severity: moderate
References: 1195391,1205161,1207778,1213240,1214140
Description:
This update for sysuser-tools fixes the following issues:
- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391)
- Remove all systemd requires not supported on SLE15 (bsc#1214140)
-----------------------------------------
Patch: SUSE-2023-3661
Released: Mon Sep 18 21:44:09 2023
Summary: Security update for gcc12
Severity: important
References: 1214052,CVE-2023-4039
Description:
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
-----------------------------------------
Patch: SUSE-2023-3666
Released: Mon Sep 18 21:52:18 2023
Summary: Security update for libxml2
Severity: important
References: 1214768,CVE-2023-39615
Description:
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
-----------------------------------------
Patch: SUSE-2023-3814
Released: Wed Sep 27 18:08:17 2023
Summary: Recommended update for glibc
Severity: moderate
References: 1211829,1212819,1212910
Description:
This update for glibc fixes the following issues:
- nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)
- Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)
- elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)
- elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)
- ld.so: Always use MAP_COPY to map the first segment (BZ #30452)
- add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
-----------------------------------------
Patch: SUSE-2023-3823
Released: Wed Sep 27 18:42:38 2023
Summary: Security update for curl
Severity: important
References: 1215026,CVE-2023-38039
Description:
This update for curl fixes the following issues:
- CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)
-----------------------------------------
Patch: SUSE-2023-3954
Released: Tue Oct 3 20:09:47 2023
Summary: Security update for libeconf
Severity: important
References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181
Description:
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
-----------------------------------------
Patch: SUSE-2023-3997
Released: Fri Oct 6 14:13:56 2023
Summary: Security update for nghttp2
Severity: important
References: 1215713,CVE-2023-35945
Description:
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
-----------------------------------------
Patch: SUSE-2023-4024
Released: Tue Oct 10 13:24:40 2023
Summary: Security update for shadow
Severity: low
References: 1214806,CVE-2023-4641
Description:
This update for shadow fixes the following issues:
- CVE-2023-4641: Fixed potential password leak (bsc#1214806).
-----------------------------------------
Patch: SUSE-2023-4041
Released: Tue Oct 10 18:28:16 2023
Summary: Security update for php-composer2
Severity: moderate
References: 1215859,CVE-2023-43655
Description:
This update for php-composer2 fixes the following issues:
- CVE-2023-43655: Fixed a remote code execution issue that could be
triggered if users published a web-accessible composer.phar file
(bsc#1215859).
-----------------------------------------
Patch: SUSE-2023-4044
Released: Wed Oct 11 09:01:14 2023
Summary: Security update for curl
Severity: important
References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546
Description:
This update for curl fixes the following issues:
- CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
- CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)
-----------------------------------------
Patch: SUSE-2023-4073
Released: Fri Oct 13 11:40:26 2023
Summary: Recommended update for rpm
Severity: low
References:
Description:
This update for rpm fixes the following issue:
- Enables build for all python modules (jsc#PED-68, jsc#PED-1988)
-----------------------------------------
Patch: SUSE-2023-4105
Released: Wed Oct 18 08:15:40 2023
Summary: Recommended update for openssl-1_1
Severity: moderate
References: 1215215
Description:
This update for openssl-1_1 fixes the following issues:
- Displays 'fips' in the version string (bsc#1215215)
-----------------------------------------
Patch: SUSE-2023-4110
Released: Wed Oct 18 12:35:26 2023
Summary: Security update for glibc
Severity: important
References: 1215286,1215891,CVE-2023-4813
Description:
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)
Also a regression from a previous update was fixed:
- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)
-----------------------------------------
Patch: SUSE-2023-4153
Released: Fri Oct 20 19:27:58 2023
Summary: Recommended update for systemd
Severity: moderate
References: 1215313
Description:
This update for systemd fixes the following issues:
- Fix mismatch of nss-resolve version in Package Hub (no source code changes)
-----------------------------------------
Patch: SUSE-2023-4154
Released: Fri Oct 20 19:33:25 2023
Summary: Recommended update for aaa_base
Severity: moderate
References: 1107342,1215434
Description:
This update for aaa_base fixes the following issues:
- Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342)
-----------------------------------------
Patch: SUSE-2023-4162
Released: Mon Oct 23 15:33:03 2023
Summary: Security update for gcc13
Severity: important
References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039
Description:
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
-----------------------------------------
Patch: SUSE-2023-4200
Released: Wed Oct 25 12:04:29 2023
Summary: Security update for nghttp2
Severity: important
References: 1216123,1216174,CVE-2023-44487
Description:
This update for nghttp2 fixes the following issues:
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)
-----------------------------------------
Patch: SUSE-2023-4215
Released: Thu Oct 26 12:19:25 2023
Summary: Security update for zlib
Severity: moderate
References: 1216378,CVE-2023-45853
Description:
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).