-----------------------------------------
Version 42.6 2024-10-04T09:00:25
-----------------------------------------
Patch: SUSE-2018-2569
Released: Fri Nov 2 19:00:18 2018
Summary: Recommended update for pam
Severity: moderate
References: 1110700
Description:
This update for pam fixes the following issues:
- Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)
-----------------------------------------
Patch: SUSE-2018-2607
Released: Wed Nov 7 15:42:48 2018
Summary: Optional update for gcc8
Severity: low
References: 1084812,1084842,1087550,1094222,1102564
Description:
The GNU Compiler GCC 8 is being added to the Development Tools Module by this
update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other
gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed,
quite some new warnings added and the error pin-pointing and
fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that
have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html
-----------------------------------------
Patch: SUSE-2018-2825
Released: Mon Dec 3 15:35:02 2018
Summary: Security update for pam
Severity: important
References: 1115640,CVE-2018-17953
Description:
This update for pam fixes the following issue:
Security issue fixed:
- CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).
-----------------------------------------
Patch: SUSE-2018-2861
Released: Thu Dec 6 14:32:01 2018
Summary: Security update for ncurses
Severity: important
References: 1103320,1115929,CVE-2018-19211
Description:
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).
Non-security issue fixed:
- Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).
-----------------------------------------
Patch: SUSE-2019-44
Released: Tue Jan 8 13:07:32 2019
Summary: Recommended update for acl
Severity: low
References: 953659
Description:
This update for acl fixes the following issues:
- test: Add helper library to fake passwd/group files.
- quote: Escape literal backslashes. (bsc#953659)
-----------------------------------------
Patch: SUSE-2019-247
Released: Wed Feb 6 07:18:45 2019
Summary: Security update for lua53
Severity: moderate
References: 1123043,CVE-2019-6706
Description:
This update for lua53 fixes the following issues:
Security issue fixed:
- CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043)
-----------------------------------------
Patch: SUSE-2019-1040
Released: Thu Apr 25 17:09:21 2019
Summary: Security update for samba
Severity: important
References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880
Description:
This update for samba fixes the following issues:
Security issue fixed:
- CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060).
ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686):
- Out of bound read in ldb_wildcard_compare
- Hold at most 10 outstanding paged result cookies
- Put 'results_store' into a doubly linked list
- Refuse to build Samba against a newer minor version of ldb
Non-security issues fixed:
- Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377).
- Abide to the load_printers parameter in smb.conf (bsc#1124223).
- Provide the 32bit samba winbind PAM module and its dependend 32bit libraries.
-----------------------------------------
Patch: SUSE-2019-1368
Released: Tue May 28 13:15:38 2019
Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
Severity: important
References: 1134524,CVE-2019-5021
Description:
This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:
- CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)
-----------------------------------------
Patch: SUSE-2019-1372
Released: Tue May 28 16:53:28 2019
Summary: Security update for libtasn1
Severity: moderate
References: 1105435,CVE-2018-1000654
Description:
This update for libtasn1 fixes the following issues:
Security issue fixed:
- CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435).
-----------------------------------------
Patch: SUSE-2019-2997
Released: Mon Nov 18 15:16:38 2019
Summary: Security update for ncurses
Severity: moderate
References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595
Description:
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).
Non-security issue fixed:
- Removed screen.xterm from terminfo database (bsc#1103320).
-----------------------------------------
Patch: SUSE-2019-3061
Released: Mon Nov 25 17:34:22 2019
Summary: Security update for gcc9
Severity: moderate
References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536
Description:
This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html
The base system compiler libraries libgcc_s1, libstdc++6 and others are
now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 /
CXX=g++-9 during configuration for using it.
Security issues fixed:
- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)
Non-security issues fixed:
- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
-----------------------------------------
Patch: SUSE-2019-3086
Released: Thu Nov 28 10:02:24 2019
Summary: Security update for libidn2
Severity: moderate
References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224
Description:
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
-----------------------------------------
Patch: SUSE-2020-338
Released: Thu Feb 6 13:00:23 2020
Summary: Recommended update for apr
Severity: moderate
References: 1151059
Description:
This update for apr fixes the following issues:
- Increase timeout to fix random failure of testsuite [bsc#1151059].
-----------------------------------------
Patch: SUSE-2020-525
Released: Fri Feb 28 11:49:36 2020
Summary: Recommended update for pam
Severity: moderate
References: 1164562
Description:
This update for pam fixes the following issues:
- Add libdb as build-time dependency to enable pam_userdb module.
Enable pam_userdb.so (jsc#sle-7258, bsc#1164562)
-----------------------------------------
Patch: SUSE-2020-689
Released: Fri Mar 13 17:09:01 2020
Summary: Recommended update for pam
Severity: moderate
References: 1166510
Description:
This update for PAM fixes the following issue:
- The license of libdb linked against pam_userdb is not always wanted,
so we temporary disabled pam_userdb again. It will be published
in a different package at a later time. (bsc#1166510)
-----------------------------------------
Patch: SUSE-2020-917
Released: Fri Apr 3 15:02:25 2020
Summary: Recommended update for pam
Severity: moderate
References: 1166510
Description:
This update for pam fixes the following issues:
- Moved pam_userdb into a separate package pam-extra. (bsc#1166510)
-----------------------------------------
Patch: SUSE-2020-948
Released: Wed Apr 8 07:44:21 2020
Summary: Security update for gmp, gnutls, libnettle
Severity: moderate
References: 1152692,1155327,1166881,1168345,CVE-2020-11501
Description:
This update for gmp, gnutls, libnettle fixes the following issues:
Security issue fixed:
- CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)
FIPS related bugfixes:
- FIPS: Install checksums for binary integrity verification which are
required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
- FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if
input is shorter than block size. (bsc#1166881)
- FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)
-----------------------------------------
Patch: SUSE-2020-1226
Released: Fri May 8 10:51:05 2020
Summary: Recommended update for gcc9
Severity: moderate
References: 1149995,1152590,1167898
Description:
This update for gcc9 fixes the following issues:
This update ships the GCC 9.3 release.
- Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
- Includes fix for binutils version parsing
- Add libstdc++6-pp provides and conflicts to avoid file conflicts
with same minor version of libstdc++6-pp from gcc10.
- Add gcc9 autodetect -g at lto link (bsc#1149995)
- Install go tool buildid for bootstrapping go
-----------------------------------------
Patch: SUSE-2020-1328
Released: Mon May 18 17:16:04 2020
Summary: Recommended update for grep
Severity: moderate
References: 1155271
Description:
This update for grep fixes the following issues:
- Update testsuite expectations, no functional changes (bsc#1155271)
-----------------------------------------
Patch: SUSE-2020-1906
Released: Tue Jul 14 15:58:16 2020
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Severity: moderate
References: 1173407
Description:
This update for lifecycle-data-sle-module-development-tools fixes the following issue:
- Ensure package is installed with its corresponding module when lifecycle package is installed. (bsc#1173407)
-----------------------------------------
Patch: SUSE-2020-2083
Released: Thu Jul 30 10:27:59 2020
Summary: Recommended update for diffutils
Severity: moderate
References: 1156913
Description:
This update for diffutils fixes the following issue:
- Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913)
-----------------------------------------
Patch: SUSE-2020-2947
Released: Fri Oct 16 15:23:07 2020
Summary: Security update for gcc10, nvptx-tools
Severity: moderate
References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844
Description:
This update for gcc10, nvptx-tools fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
Changes in nvptx-tools:
- Enable build on aarch64
-----------------------------------------
Patch: SUSE-2020-3462
Released: Fri Nov 20 13:14:35 2020
Summary: Recommended update for pam and sudo
Severity: moderate
References: 1174593,1177858,1178727
Description:
This update for pam and sudo fixes the following issue:
pam:
- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)
sudo:
- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)
-----------------------------------------
Patch: SUSE-2020-3603
Released: Wed Dec 2 15:11:46 2020
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Severity: moderate
References:
Description:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- Added expiration data for the GCC 9 yearly update for the Toolchain/Development modules.
(jsc#ECO-2373, jsc#SLE-10950, jsc#SLE-10951)
-----------------------------------------
Patch: SUSE-2020-3620
Released: Thu Dec 3 17:03:55 2020
Summary: Recommended update for pam
Severity: moderate
References:
Description:
This update for pam fixes the following issues:
- Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
- Check whether the password contains a substring of of the user's name of at least `<N>` characters length in
some form. This is enabled by the new parameter `usersubstr=<N>`
-----------------------------------------
Patch: SUSE-2020-3942
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Severity: moderate
References: 1180138
Description:
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------
Patch: SUSE-2021-220
Released: Tue Jan 26 14:00:51 2021
Summary: Recommended update for keyutils
Severity: moderate
References: 1180603
Description:
This update for keyutils fixes the following issues:
- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
-----------------------------------------
Patch: SUSE-2021-293
Released: Wed Feb 3 12:52:34 2021
Summary: Recommended update for gmp
Severity: moderate
References: 1180603
Description:
This update for gmp fixes the following issues:
- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)
-----------------------------------------
Patch: SUSE-2021-339
Released: Mon Feb 8 13:16:07 2021
Summary: Optional update for pam
Severity: low
References:
Description:
This update for pam fixes the following issues:
- Added rpm macros for this package, so that other packages can make use of it
This patch is optional to be installed - it doesn't fix any bugs.
-----------------------------------------
Patch: SUSE-2021-924
Released: Tue Mar 23 10:00:49 2021
Summary: Recommended update for filesystem
Severity: moderate
References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
Description:
This update for filesystem the following issues:
- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)
This update for systemd fixes the following issues:
- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)
-----------------------------------------
Patch: SUSE-2021-1643
Released: Wed May 19 13:51:48 2021
Summary: Recommended update for pam
Severity: important
References: 1181443,1184358,1185562
Description:
This update for pam fixes the following issues:
- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)
-----------------------------------------
Patch: SUSE-2021-1861
Released: Fri Jun 4 09:59:40 2021
Summary: Recommended update for gcc10
Severity: moderate
References: 1029961,1106014,1178577,1178624,1178675,1182016
Description:
This update for gcc10 fixes the following issues:
- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)
-----------------------------------------
Patch: SUSE-2021-2173
Released: Mon Jun 28 14:59:45 2021
Summary: Recommended update for automake
Severity: moderate
References: 1040589,1047218,1182604,1185540,1186049
Description:
This update for automake fixes the following issues:
- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)
This update for pcre fixes the following issues:
- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)
This update for brp-check-suse fixes the following issues:
- Add fixes to support reproducible builds. (bsc#1186049)
-----------------------------------------
Patch: SUSE-2021-2196
Released: Tue Jun 29 09:41:39 2021
Summary: Security update for lua53
Severity: moderate
References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371
Description:
This update for lua53 fixes the following issues:
Update to version 5.3.6:
- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
-----------------------------------------
Patch: SUSE-2021-2245
Released: Mon Jul 5 12:14:52 2021
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Severity: moderate
References:
Description:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- mark go1.14 as 'end of life' as go1.16 was released and we only support 2 go versions parallel (jsc#ECO-1484)
-----------------------------------------
Patch: SUSE-2021-3490
Released: Wed Oct 20 16:31:55 2021
Summary: Security update for ncurses
Severity: moderate
References: 1190793,CVE-2021-39537
Description:
This update for ncurses fixes the following issues:
- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)
-----------------------------------------
Patch: SUSE-2021-3494
Released: Wed Oct 20 16:48:46 2021
Summary: Recommended update for pam
Severity: moderate
References: 1190052
Description:
This update for pam fixes the following issues:
- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)
-----------------------------------------
Patch: SUSE-2021-3510
Released: Tue Oct 26 11:22:15 2021
Summary: Recommended update for pam
Severity: important
References: 1191987
Description:
This update for pam fixes the following issues:
- Fixed a bad directive file which resulted in
the 'securetty' file to be installed as 'macros.pam'.
(bsc#1191987)
-----------------------------------------
Patch: SUSE-2021-3529
Released: Wed Oct 27 09:23:32 2021
Summary: Security update for pcre
Severity: moderate
References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155
Description:
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)
-----------------------------------------
Patch: SUSE-2021-3799
Released: Wed Nov 24 18:07:54 2021
Summary: Recommended update for gcc11
Severity: moderate
References: 1187153,1187273,1188623
Description:
This update for gcc11 fixes the following issues:
The additional GNU compiler collection GCC 11 is provided:
To select these compilers install the packages:
- gcc11
- gcc-c++11
- and others with 11 prefix.
to select them for building:
- CC='gcc-11'
- CXX='g++-11'
The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.
-----------------------------------------
Patch: SUSE-2021-3891
Released: Fri Dec 3 10:21:49 2021
Summary: Recommended update for keyutils
Severity: moderate
References: 1029961,1113013,1187654
Description:
This update for keyutils fixes the following issues:
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
keyutils was updated to 1.6.3 (jsc#SLE-20016):
* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes.
Updated to 1.6:
* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore
Updated to 1.5.11 (bsc#1113013)
* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records
-----------------------------------------
Patch: SUSE-2021-3942
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Severity: moderate
References: 1175825,CVE-2020-8927
Description:
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------
Patch: SUSE-2021-3946
Released: Mon Dec 6 14:57:42 2021
Summary: Security update for gmp
Severity: moderate
References: 1192717,CVE-2021-43618
Description:
This update for gmp fixes the following issues:
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).
-----------------------------------------
Patch: SUSE-2022-692
Released: Thu Mar 3 15:46:47 2022
Summary: Recommended update for filesystem
Severity: moderate
References: 1190447
Description:
This update for filesystem fixes the following issues:
- Release ported filesystem to LTSS channels (bsc#1190447).
-----------------------------------------
Patch: SUSE-2022-789
Released: Thu Mar 10 11:22:05 2022
Summary: Recommended update for update-alternatives
Severity: moderate
References: 1195654
Description:
This update for update-alternatives fixes the following issues:
- Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)
-----------------------------------------
Patch: SUSE-2022-861
Released: Tue Mar 15 23:31:21 2022
Summary: Recommended update for openssl-1_1
Severity: moderate
References: 1182959,1195149,1195792,1195856
Description:
This update for openssl-1_1 fixes the following issues:
openssl-1_1:
- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
glibc:
- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
linux-glibc-devel:
- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1
libxcrypt:
- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1
zlib:
- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1
-----------------------------------------
Patch: SUSE-2022-936
Released: Tue Mar 22 18:10:17 2022
Summary: Recommended update for filesystem and systemd-rpm-macros
Severity: moderate
References: 1196275,1196406
Description:
This update for filesystem and systemd-rpm-macros fixes the following issues:
filesystem:
- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
systemd-rpm-macros:
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)
-----------------------------------------
Patch: SUSE-2022-950
Released: Fri Mar 25 12:47:04 2022
Summary: Feature update for lifecycle-data-sle-module-development-tools
Severity: moderate
References:
Description:
This feature update for lifecycle-data-sle-module-development-tools fixes the following issues:
- Added expiration data for GCC 10 yearly update for the Toolchain/Development modules
(jsc#ECO-2373, jsc#SLE-16821, jsc#SLE-16822)
-----------------------------------------
Patch: SUSE-2022-1047
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Severity: moderate
References: 1196093,1197024
Description:
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------
Patch: SUSE-2022-1281
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Severity: moderate
References: 1196647
Description:
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------
Patch: SUSE-2022-1409
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Severity: moderate
References: 1195628,1196107
Description:
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------
Patch: SUSE-2022-1655
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Severity: moderate
References: 1197794
Description:
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------
Patch: SUSE-2022-1658
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Severity: important
References: 1197771
Description:
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------
Patch: SUSE-2022-1887
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Severity: moderate
References: 1040589
Description:
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------
Patch: SUSE-2022-1899
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Severity: important
References: 1198176
Description:
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------
Patch: SUSE-2022-2019
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
Description:
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------
Patch: SUSE-2022-2294
Released: Wed Jul 6 13:34:15 2022
Summary: Security update for expat
Severity: important
References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
Description:
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
-----------------------------------------
Patch: SUSE-2022-2361
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Severity: important
References: 1199232,CVE-2022-1586
Description:
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------
Patch: SUSE-2022-2396
Released: Thu Jul 14 11:57:58 2022
Summary: Security update for logrotate
Severity: important
References: 1192449,1199652,1200278,1200802,CVE-2022-1348
Description:
This update for logrotate fixes the following issues:
Security issues fixed:
- CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652).
- Improved coredump handing for SUID binaries (bsc#1192449).
Non-security issues fixed:
- Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).
-----------------------------------------
Patch: SUSE-2022-2406
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Severity: moderate
References: 1197718,1199140,1200334,1200855
Description:
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------
Patch: SUSE-2022-2717
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Severity: moderate
References: 1198627,CVE-2022-29458
Description:
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------
Patch: SUSE-2022-2796
Released: Fri Aug 12 14:34:31 2022
Summary: Recommended update for jitterentropy
Severity: moderate
References:
Description:
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
-----------------------------------------
Patch: SUSE-2022-3127
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Severity: moderate
References: 1198752,1200800
Description:
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------
Patch: SUSE-2022-3262
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Severity: moderate
References: 1199140
Description:
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------
Patch: SUSE-2022-3305
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Severity: important
References: 1201680,CVE-2021-46828
Description:
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------
Patch: SUSE-2022-3327
Released: Wed Sep 21 12:47:17 2022
Summary: Security update for oniguruma
Severity: important
References: 1142847,1150130,1157805,1164550,1164569,1177179,CVE-2019-13224,CVE-2019-16163,CVE-2019-19203,CVE-2019-19204,CVE-2019-19246,CVE-2020-26159
Description:
This update for oniguruma fixes the following issues:
- CVE-2019-19246: Fixed an out of bounds access during regular
expression matching (bsc#1157805).
- CVE-2019-19204: Fixed an out of bounds access when compiling a
crafted regular expression (bsc#1164569).
- CVE-2019-19203: Fixed an out of bounds access when performing a
string search (bsc#1164550).
- CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling
a crafted regular expression, which could lead to denial of service (bsc#1150130).
- CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179).
- CVE-2019-13224: Fixed a potential use-after-free when handling
multiple different encodings (bsc#1142847).
-----------------------------------------
Patch: SUSE-2022-3328
Released: Wed Sep 21 12:48:56 2022
Summary: Recommended update for jitterentropy
Severity: moderate
References: 1202870
Description:
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
-----------------------------------------
Patch: SUSE-2022-3489
Released: Sat Oct 1 13:35:24 2022
Summary: Security update for expat
Severity: important
References: 1203438,CVE-2022-40674
Description:
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
-----------------------------------------
Patch: SUSE-2022-3784
Released: Wed Oct 26 18:03:28 2022
Summary: Security update for libtasn1
Severity: critical
References: 1204690,CVE-2021-46848
Description:
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)
-----------------------------------------
Patch: SUSE-2022-3884
Released: Mon Nov 7 10:59:26 2022
Summary: Security update for expat
Severity: important
References: 1204708,CVE-2022-43680
Description:
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
-----------------------------------------
Patch: SUSE-2022-3910
Released: Tue Nov 8 13:05:04 2022
Summary: Recommended update for pam
Severity: moderate
References:
Description:
This update for pam fixes the following issue:
- Update pam_motd to the most current version. (PED-1712)
-----------------------------------------
Patch: SUSE-2022-4081
Released: Fri Nov 18 15:40:46 2022
Summary: Security update for dpkg
Severity: low
References: 1199944,CVE-2022-1664
Description:
This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
-----------------------------------------
Patch: SUSE-2022-4135
Released: Mon Nov 21 00:13:40 2022
Summary: Recommended update for libeconf
Severity: moderate
References: 1198165
Description:
This update for libeconf fixes the following issues:
- Update to version 0.4.6+git
- econftool:
Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter.
- libeconf:
Parse files correctly on space characters (1198165)
- Update to version 0.4.5+git
- econftool:
New call 'syntax' for checking the configuration files only. Returns an error string with line number if error.
New options '--comment' and '--delimeters'
-----------------------------------------
Patch: SUSE-2022-4256
Released: Mon Nov 28 12:36:32 2022
Summary: Recommended update for gcc12
Severity: moderate
References:
Description:
This update for gcc12 fixes the following issues:
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.
The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
-----------------------------------------
Patch: SUSE-2023-48
Released: Mon Jan 9 10:37:54 2023
Summary: Recommended update for libtirpc
Severity: moderate
References: 1199467
Description:
This update for libtirpc fixes the following issues:
- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)
-----------------------------------------
Patch: SUSE-2023-617
Released: Fri Mar 3 16:49:06 2023
Summary: Recommended update for jitterentropy
Severity: moderate
References: 1207789
Description:
This update for jitterentropy fixes the following issues:
- build jitterentropy library with debuginfo (bsc#1207789)
-----------------------------------------
Patch: SUSE-2023-776
Released: Thu Mar 16 17:29:23 2023
Summary: Recommended update for gcc12
Severity: moderate
References:
Description:
This update for gcc12 fixes the following issues:
This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.
SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
-----------------------------------------
Patch: SUSE-2023-2111
Released: Fri May 5 14:34:00 2023
Summary: Security update for ncurses
Severity: moderate
References: 1210434,CVE-2023-29491
Description:
This update for ncurses fixes the following issues:
- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).
-----------------------------------------
Patch: SUSE-2023-2523
Released: Fri Jun 16 11:15:25 2023
Summary: Feature update for lifecycle-data-sle-module-development-tools
Severity: moderate
References:
Description:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- Added expiration data for GCC 11 yearly update for the Toolchain/Development modules
(jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035)
-----------------------------------------
Patch: SUSE-2023-2625
Released: Fri Jun 23 17:16:11 2023
Summary: Recommended update for gcc12
Severity: moderate
References:
Description:
This update for gcc12 fixes the following issues:
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression and other bug fixes
- Speed up builds with --enable-link-serialization.
- Update embedded newlib to version 4.2.0
-----------------------------------------
Patch: SUSE-2023-2761
Released: Mon Jul 3 15:16:44 2023
Summary: Recommended update for libjansson
Severity: moderate
References: 1201817
Description:
This update for libjansson fixes the following issues:
- Update to 2.14 (bsc#1201817):
* New Features:
+ Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
corresponding `nocheck` functions.
+ Add jansson_version_str() and jansson_version_cmp() for runtime version checking
+ Add json_object_update_new(), json_object_update_existing_new()
and json_object_update_missing_new() functions
+ Add json_object_update_recursive()
+ Add `json_pack()` format specifiers s*, o* and O* for values
that can be omitted if null
+ Add `json_error_code()` to retrieve numeric error codes
+ Enable thread safety for `json_dump()` on all systems.
Enable thread safe `json_decref()` and `json_incref()` for
modern compilers
+ Add `json_sprintf()` and `json_vsprintf()`
* Fixes:
+ Handle `sprintf` corner cases.
+ Add infinite loop check in json_deep_copy()
+ Enhance JANSSON_ATTRS macro to support earlier C standard(C89)
+ Update version detection for sphinx-build
+ Fix error message in `json_pack()` for NULL object
+ Avoid invalid memory read in `json_pack()`
+ Call va_end after va_copy in `json_vsprintf()`
+ Improve handling of formats with '?' and '*' in `json_pack()`
+ Remove inappropriate `jsonp_free()` which caused
segmentation fault in error handling
+ Fix incorrect report of success from `json_dump_file()` when
an error is returned by `fclose()`
+ Make json_equal() const-correct
+ Fix incomplete stealing of references by `json_pack()`
- Use GitHub as source URLs: Release hasn't been uploaded to digip.org.
- Add check section.
-----------------------------------------
Patch: SUSE-2023-2765
Released: Mon Jul 3 20:28:14 2023
Summary: Security update for libcap
Severity: moderate
References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603
Description:
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
-----------------------------------------
Patch: SUSE-2023-2827
Released: Fri Jul 14 11:27:47 2023
Summary: Recommended update for libxml2
Severity: moderate
References:
Description:
This update for libxml2 fixes the following issues:
- Build also for modern python version (jsc#PED-68)
-----------------------------------------
Patch: SUSE-2023-2847
Released: Mon Jul 17 08:40:42 2023
Summary: Recommended update for audit
Severity: moderate
References: 1210004
Description:
This update for audit fixes the following issues:
- Check for AF_UNIX unnamed sockets (bsc#1210004)
- Enable livepatching on main library on x86_64
-----------------------------------------
Patch: SUSE-2023-2966
Released: Tue Jul 25 14:26:14 2023
Summary: Recommended update for libxml2
Severity: moderate
References:
Description:
This update for libxml2 fixes the following issues:
- Build also for modern python version (jsc#PED-68)
-----------------------------------------
Patch: SUSE-2023-3410
Released: Thu Aug 24 06:56:32 2023
Summary: Recommended update for audit
Severity: moderate
References: 1201519,1204844
Description:
This update for audit fixes the following issues:
- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)
-----------------------------------------
Patch: SUSE-2023-3611
Released: Fri Sep 15 09:28:36 2023
Summary: Recommended update for sysuser-tools
Severity: moderate
References: 1195391,1205161,1207778,1213240,1214140
Description:
This update for sysuser-tools fixes the following issues:
- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391)
- Remove all systemd requires not supported on SLE15 (bsc#1214140)
-----------------------------------------
Patch: SUSE-2023-3661
Released: Mon Sep 18 21:44:09 2023
Summary: Security update for gcc12
Severity: important
References: 1214052,CVE-2023-4039
Description:
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
-----------------------------------------
Patch: SUSE-2023-3666
Released: Mon Sep 18 21:52:18 2023
Summary: Security update for libxml2
Severity: important
References: 1214768,CVE-2023-39615
Description:
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
-----------------------------------------
Patch: SUSE-2023-3954
Released: Tue Oct 3 20:09:47 2023
Summary: Security update for libeconf
Severity: important
References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181
Description:
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
-----------------------------------------
Patch: SUSE-2023-4162
Released: Mon Oct 23 15:33:03 2023
Summary: Security update for gcc13
Severity: important
References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039
Description:
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
-----------------------------------------
Patch: SUSE-2023-4193
Released: Wed Oct 25 10:36:43 2023
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Severity: moderate
References:
Description:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- added EOL dates for previous go1.xx compiler packages (go1.15 to go1.19)
- added EOL dates for previous rust compiler versions (1.43 up to 1.70)
-----------------------------------------
Patch: SUSE-2023-4215
Released: Thu Oct 26 12:19:25 2023
Summary: Security update for zlib
Severity: moderate
References: 1216378,CVE-2023-45853
Description:
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
-----------------------------------------
Patch: SUSE-2023-4310
Released: Tue Oct 31 14:10:47 2023
Summary: Recommended update for libtirpc
Severity: moderate
References: 1196647
Description:
This Update for libtirpc to 1.3.4, fixing the following issues:
Update to 1.3.4 (bsc#1199467)
* binddynport.c honor ip_local_reserved_ports
- replaces: binddynport-honor-ip_local_reserved_ports.patch
* gss-api: expose gss major/minor error in authgss_refresh()
* rpcb_clnt.c: Eliminate double frees in delete_cache()
* rpcb_clnt.c: memory leak in destroy_addr
* portmapper: allow TCP-only portmapper
* getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
* clnt_raw.c: fix a possible null pointer dereference
* bindresvport.c: fix a potential resource leakage
Update to 1.3.3:
* Fix DoS vulnerability in libtirpc
- replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
* _rpc_dtablesize: use portable system call
* libtirpc: Fix use-after-free accessing the error number
* Fix potential memory leak of parms.r_addr
- replaces 0001-fix-parms.r_addr-memory-leak.patch
* rpcb_clnt.c add mechanism to try v2 protocol first
- preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
* Eliminate deadlocks in connects with an MT environment
* clnt_dg_freeres() uncleared set active state may deadlock
* thread safe clnt destruction
* SUNRPC: mutexed access blacklist_read state variable
* SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
Update to 1.3.2:
* Replace the final SunRPC licenses with BSD licenses
* blacklist: Add a few more well known ports
* libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
Update to 1.3.1:
* Remove AUTH_DES interfaces from auth_des.h
The unsupported AUTH_DES authentication has be
compiled out since commit d918e41d889 (Wed Oct 9 2019)
replaced by API routines that return errors.
* svc_dg: Free xp_netid during destroy
* Fix memory management issues of fd locks
* libtirpc: replace array with list for per-fd locks
* __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
* __rpc_dtbsize: rlim_cur instead of rlim_max
* pkg-config: use the correct replacements for libdir/includedir
-----------------------------------------
Patch: SUSE-2023-4453
Released: Wed Nov 15 14:24:58 2023
Summary: Recommended update for libjansson
Severity: moderate
References: 1216541
Description:
This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5.
-----------------------------------------
Patch: SUSE-2023-4458
Released: Thu Nov 16 14:38:48 2023
Summary: Security update for gcc13
Severity: important
References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039
Description:
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
-----------------------------------------
Patch: SUSE-2023-4504
Released: Tue Nov 21 13:27:50 2023
Summary: Security update for libxml2
Severity: moderate
References: 1216129,CVE-2023-45322
Description:
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
-----------------------------------------
Patch: SUSE-2023-4671
Released: Wed Dec 6 14:33:41 2023
Summary: Recommended update for man
Severity: moderate
References:
Description:
This update of man fixes the following problem:
- The 'man' commands is delivered to SUSE Linux Enterprise Micro
to allow browsing man pages.
-----------------------------------------
Patch: SUSE-2023-4695
Released: Fri Dec 8 09:01:20 2023
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Severity: moderate
References: 1216578
Description:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578)
- Mark gcc12 EOL date to April 30th of 2024 (6 months after release of
gcc13) (jsc#PED-6584)
-----------------------------------------
Patch: SUSE-2023-4700
Released: Mon Dec 11 07:03:27 2023
Summary: Recommended update for p11-kit
Severity: moderate
References:
Description:
This update for p11-kit fixes the following issues:
- Ensure that programs using <p11-kit/pkcs11x.h> can be compiled with CRYPTOKI_GNU.
Fixes GnuTLS builds (jsc#PED-6705).
-----------------------------------------
Patch: SUSE-2023-4723
Released: Tue Dec 12 09:57:51 2023
Summary: Recommended update for libtirpc
Severity: moderate
References: 1216862
Description:
This update for libtirpc fixes the following issue:
- fix sed parsing in specfile (bsc#1216862)
-----------------------------------------
Patch: SUSE-2023-4891
Released: Mon Dec 18 16:31:49 2023
Summary: Security update for ncurses
Severity: moderate
References: 1201384,1218014,CVE-2023-50495
Description:
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
-----------------------------------------
Patch: SUSE-2024-62
Released: Mon Jan 8 11:44:47 2024
Summary: Recommended update for libxcrypt
Severity: moderate
References: 1215496
Description:
This update for libxcrypt fixes the following issues:
- fix variable name for datamember [bsc#1215496]
- added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2
-----------------------------------------
Patch: SUSE-2024-136
Released: Thu Jan 18 09:53:47 2024
Summary: Security update for pam
Severity: moderate
References: 1217000,1218475,CVE-2024-22365
Description:
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
-----------------------------------------
Patch: SUSE-2024-555
Released: Tue Feb 20 17:22:17 2024
Summary: Security update for libxml2
Severity: moderate
References: 1219576,CVE-2024-25062
Description:
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
-----------------------------------------
Patch: SUSE-2024-907
Released: Fri Mar 15 08:57:38 2024
Summary: Recommended update for audit
Severity: moderate
References: 1215377
Description:
This update for audit fixes the following issue:
- Fix plugin termination when using systemd service units (bsc#1215377)
-----------------------------------------
Patch: SUSE-2024-929
Released: Tue Mar 19 06:36:24 2024
Summary: Recommended update for coreutils
Severity: moderate
References: 1219321
Description:
This update for coreutils fixes the following issues:
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
-----------------------------------------
Patch: SUSE-2024-1129
Released: Mon Apr 8 09:12:08 2024
Summary: Security update for expat
Severity: important
References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757
Description:
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
-----------------------------------------
Patch: SUSE-2024-1133
Released: Mon Apr 8 11:29:02 2024
Summary: Security update for ncurses
Severity: moderate
References: 1220061,CVE-2023-45918
Description:
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
-----------------------------------------
Patch: SUSE-2024-1253
Released: Fri Apr 12 08:15:18 2024
Summary: Recommended update for gcc13
Severity: moderate
References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
Description:
This update for gcc13 fixes the following issues:
- Fix unwinding for JIT code. [bsc#1221239]
- Revert libgccjit dependency change. [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Add support for -fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM. [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686. [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
-----------------------------------------
Patch: SUSE-2024-1449
Released: Fri Apr 26 11:55:45 2024
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Severity: moderate
References: 1222046
Description:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- added go1.19 eol dates (bsc#1222046)
- added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046)
- also added for cargo1.7x
-----------------------------------------
Patch: SUSE-2024-1665
Released: Thu May 16 08:00:09 2024
Summary: Recommended update for coreutils
Severity: moderate
References: 1221632
Description:
This update for coreutils fixes the following issues:
- ls: avoid triggering automounts (bsc#1221632)
-----------------------------------------
Patch: SUSE-2024-1943
Released: Fri Jun 7 17:04:06 2024
Summary: Security update for util-linux
Severity: important
References: 1218609,1220117,1221831,1223605,CVE-2024-28085
Description:
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831)
-----------------------------------------
Patch: SUSE-2024-1954
Released: Fri Jun 7 18:01:06 2024
Summary: Recommended update for glibc
Severity: moderate
References: 1221482
Description:
This update for glibc fixes the following issues:
- Also include stat64 in the 32-bit libc_nonshared.a workaround
(bsc#1221482)
-----------------------------------------
Patch: SUSE-2024-1963
Released: Mon Jun 10 13:09:41 2024
Summary: Security update for apache2
Severity: important
References: 1221401,1222330,1222332,CVE-2023-38709,CVE-2024-24795,CVE-2024-27316
Description:
This update for apache2 fixes the following issues:
- CVE-2023-38709: Fixed HTTP response splitting (bsc#1222330).
- CVE-2024-24795: Fixed HTTP response splitting in multiple modules (bsc#1222332).
- CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames can be utilized for DoS attacks (bsc#1221401).
-----------------------------------------
Patch: SUSE-2024-1997
Released: Tue Jun 11 17:24:32 2024
Summary: Recommended update for e2fsprogs
Severity: moderate
References: 1223596
Description:
This update for e2fsprogs fixes the following issues:
- EA Inode handling fixes:
- e2fsck: add more checks for ea inode consistency (bsc#1223596)
- e2fsck: fix golden output of several tests (bsc#1223596)
-----------------------------------------
Patch: SUSE-2024-2024
Released: Thu Jun 13 16:15:18 2024
Summary: Recommended update for jitterentropy
Severity: moderate
References: 1209627
Description:
This update for jitterentropy fixes the following issues:
- Fixed a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
Updated to 3.4.1
* add FIPS 140 hints to man page
* simplify the test tool to search for optimal configurations
* fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
* enhancement: add ARM64 assembler code to read high-res timer
-----------------------------------------
Patch: SUSE-2024-2046
Released: Mon Jun 17 15:55:55 2024
Summary: Recommended update for php8
Severity: moderate
References: 1211301
Description:
This update for php8 fixes the following issues:
- version update and bug fix release
- Use the system default cipher list instead of hardcoded values
by using crypto-policies (bsc#1211301)
- modified patches
-----------------------------------------
Patch: SUSE-2024-2066
Released: Tue Jun 18 13:16:09 2024
Summary: Security update for openssl-3
Severity: important
References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741
Description:
This update for openssl-3 fixes the following issues:
Security issues fixed:
- CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388)
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
Other issues fixed:
- Enable livepatching support (bsc#1223428)
- Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456)
-----------------------------------------
Patch: SUSE-2024-2086
Released: Wed Jun 19 11:48:24 2024
Summary: Recommended update for gcc13
Severity: moderate
References: 1188441
Description:
This update for gcc13 fixes the following issues:
Update to GCC 13.3 release
- Removed Fiji support from the GCN offload compiler as that is requiring
Code Object version 3 which is no longer supported by llvm18.
- Avoid combine spending too much compile-time and memory doing nothing
on s390x. [bsc#1188441]
- Make requirement to lld version specific to avoid requiring the
meta-package.
-----------------------------------------
Patch: SUSE-2024-2107
Released: Thu Jun 20 17:33:35 2024
Summary: Security update for php-composer2
Severity: important
References: 1226181,1226182,CVE-2024-35241,CVE-2024-35242
Description:
This update for php-composer2 fixes the following issues:
- CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names (bsc#1226181).
- CVE-2024-35242: Fixed command injection via specially crafted branch names during repository cloning (bsc#1226182).
-----------------------------------------
Patch: SUSE-2024-2214
Released: Tue Jun 25 17:11:26 2024
Summary: Recommended update for util-linux
Severity: moderate
References: 1225598
Description:
This update for util-linux fixes the following issue:
- Fix hang of lscpu -e (bsc#1225598)
-----------------------------------------
Patch: SUSE-2024-2229
Released: Wed Jun 26 08:20:55 2024
Summary: Recommended update for apache2
Severity: important
References: 1226217
Description:
This update for apache2 fixes the following issues:
- Apache ignores headers sent by CGI scripts (bsc#1226217)
-----------------------------------------
Patch: SUSE-2024-2239
Released: Wed Jun 26 13:09:10 2024
Summary: Recommended update for systemd
Severity: critical
References: 1226415
Description:
This update for systemd contains the following fixes:
- testsuite: move a misplaced %endif
- Do not remove existing configuration files in /etc. If these files were
modified on the systemd, that may cause unwanted side effects (bsc#1226415).
- Import upstream commit (merge of v254.13)
Use the pty slave fd opened from the namespace when transient service is running in a container.
This revert the backport of the broken commit until a fix is released in the v254-stable tree.
- Import upstream commit (merge of v254.11)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc
-----------------------------------------
Patch: SUSE-2024-2290
Released: Wed Jul 3 11:35:00 2024
Summary: Security update for libxml2
Severity: low
References: 1224282,CVE-2024-34459
Description:
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
-----------------------------------------
Patch: SUSE-2024-2307
Released: Fri Jul 5 12:04:34 2024
Summary: Security update for krb5
Severity: important
References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371
Description:
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
-----------------------------------------
Patch: SUSE-2024-2401
Released: Thu Jul 11 06:36:43 2024
Summary: Security update for oniguruma
Severity: moderate
References: 1141157,CVE-2019-13225
Description:
This update for oniguruma fixes the following issues:
- CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).
-----------------------------------------
Patch: SUSE-2024-2405
Released: Thu Jul 11 10:21:19 2024
Summary: Security update for apache2
Severity: important
References: 1227270,1227271,CVE-2024-38477,CVE-2024-39573
Description:
This update for apache2 fixes the following issues:
- CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270)
- CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271)
-----------------------------------------
Patch: SUSE-2024-2597
Released: Tue Jul 23 09:03:59 2024
Summary: Security update for apache2
Severity: important
References: 1227268,1227269,1227272,CVE-2024-36387,CVE-2024-38475,CVE-2024-38476
Description:
This update for apache2 fixes the following issues:
- CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 (bsc#1227272)
- CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268)
- CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269)
-----------------------------------------
Patch: SUSE-2024-2630
Released: Tue Jul 30 09:12:44 2024
Summary: Security update for shadow
Severity: important
References: 916845,CVE-2013-4235
Description:
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
-----------------------------------------
Patch: SUSE-2024-2635
Released: Tue Jul 30 09:14:09 2024
Summary: Security update for openssl-3
Severity: important
References: 1222899,1223336,1226463,1227138,CVE-2024-5535
Description:
This update for openssl-3 fixes the following issues:
Security fixes:
- CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
- Build with enabled sm2 and sm4 support (bsc#1222899)
- Fix non-reproducibility issue (bsc#1223336)
-----------------------------------------
Patch: SUSE-2024-2641
Released: Tue Jul 30 09:29:36 2024
Summary: Recommended update for systemd
Severity: moderate
References:
Description:
This update for systemd fixes the following issues:
systemd was updated from version 254.13 to version 254.15:
- Changes in version 254.15:
* boot: cover for hardware keys on phones/tablets
* Conditional PSI check to reflect changes done in 5.13
* core/dbus-manager: refuse SoftReboot() for user managers
* core/exec-invoke: reopen OpenFile= fds with O_NOCTTY
* core/exec-invoke: use sched_setattr instead of sched_setscheduler
* core/unit: follow merged units before updating SourcePath= timestamp too
* coredump: correctly take tmpfs size into account for compression
* cryptsetup: improve TPM2 blob display
* docs: Add section to HACKING.md on distribution packages
* docs: fixed dead link to GNOME documentation
* docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type
* Fixed typo in CAP_BPF description
* LICENSES/README: expand text to summarize state for binaries and libs
* man: fully adopt ~/.local/state/
* man/systemd.exec: list inaccessible files for ProtectKernelTunables
* man/tmpfiles: remove outdated behavior regarding symlink ownership
* meson: bpf: propagate 'sysroot' for cross compilation
* meson: Define __TARGET_ARCH macros required by bpf
* mkfs-util: Set sector size for btrfs as well
* mkosi: drop CentOS 8 from CI
* mkosi: Enable hyperscale-packages-experimental for CentOS
* mountpoint-util: do not assume symlinks are not mountpoints
* os-util: avoid matching on the wrong extension-release file
* README: add missing CONFIG_MEMCG kernel config option for oomd
* README: update requirements for signed dm-verity
* resolved: allow the full TTL to be used by OPT records
* resolved: correct parsing of OPT extended RCODEs
* sysusers: handle NSS errors gracefully
* TEST-58-REPART: reverse order of diff args
* TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic
* test: fixed TEST-24-CRYPTSETUP on SUSE
* test: install /etc/hosts
* Use consistent spelling of systemd.condition_first_boot argument
* util: make file_read() 64bit offset safe
* vmm: make sure we can handle smbios objects without variable part
- Changes in version 254.14:
* analyze: show pcrs also in sha384 bank
* chase: Tighten '.' and './' check
* core/service: fixed accept-socket deserialization
* efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too
* executor: check for all permission related errnos when setting up IPC namespace
* install: allow removing symlinks even for units that are gone
* json: use secure un{base64,hex}mem for sensitive variants
* man,units: drop 'temporary' from description of systemd-tmpfiles
* missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS
* repart: fixed memory leak
* repart: Use CRYPT_ACTIVATE_PRIVATE
* resolved: permit dnssec rrtype questions when we aren't validating
* rules: Limit the number of device units generated for serial ttys
* run: do not pass the pty slave fd to transient service in a machine
* sd-dhcp-server: clear buffer before receive
* strbuf: use GREEDY_REALLOC to grow the buffer
-----------------------------------------
Patch: SUSE-2024-2779
Released: Tue Aug 6 14:35:49 2024
Summary: Recommended update for permissions
Severity: moderate
References: 1228548
Description:
This update for permissions fixes the following issue:
* cockpit: moved setuid executable (bsc#1228548)
-----------------------------------------
Patch: SUSE-2024-2784
Released: Tue Aug 6 14:58:38 2024
Summary: Security update for curl
Severity: important
References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264
Description:
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)
-----------------------------------------
Patch: SUSE-2024-2808
Released: Wed Aug 7 09:49:32 2024
Summary: Security update for shadow
Severity: moderate
References: 1228770,CVE-2013-4235
Description:
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
-----------------------------------------
Patch: SUSE-2024-2888
Released: Tue Aug 13 11:07:41 2024
Summary: Recommended update for util-linux
Severity: moderate
References: 1159034,1194818,1218609,1222285
Description:
This update for util-linux fixes the following issues:
- agetty: Prevent login cursor escape (bsc#1194818).
- Document unexpected side effects of lazy destruction (bsc#1159034).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them (bsc#1222285).
- Improved man page for chcpu (bsc#1218609).
-----------------------------------------
Patch: SUSE-2024-2967
Released: Mon Aug 19 15:41:29 2024
Summary: Recommended update for pam
Severity: moderate
References: 1194818
Description:
This update for pam fixes the following issue:
- Prevent cursor escape from the login prompt (bsc#1194818).
-----------------------------------------
Patch: SUSE-2024-3106
Released: Tue Sep 3 17:00:40 2024
Summary: Security update for openssl-3
Severity: moderate
References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119
Description:
This update for openssl-3 fixes the following issues:
- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)
Other fixes:
- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
- FIPS: RSA keygen PCT requirements.
- FIPS: Check that the fips provider is available before setting
it as the default provider in FIPS mode (bsc#1220523).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
- FIPS: Service Level Indicator (bsc#1221365).
- FIPS: Output the FIPS-validation name and module version which uniquely
identify the FIPS validated module (bsc#1221751).
- FIPS: Add required selftests: (bsc#1221760).
- FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
- FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
- FIPS: Zero initialization required (bsc#1221752).
- FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
- FIPS: NIST SP 800-56Brev2 (bsc#1221824).
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: NIST SP 800-56Arev3 (bsc#1221822).
- FIPS: Error state has to be enforced (bsc#1221753).
-----------------------------------------
Patch: SUSE-2024-3132
Released: Tue Sep 3 17:43:10 2024
Summary: Recommended update for permissions
Severity: moderate
References: 1228968,1229329
Description:
This update for permissions fixes the following issues:
- Update to version 20240826:
* permissions: remove outdated entries (bsc#1228968)
- Update to version 20240826:
* cockpit: revert path change (bsc#1229329)
-----------------------------------------
Patch: SUSE-2024-3166
Released: Mon Sep 9 12:25:30 2024
Summary: Recommended update for glibc
Severity: moderate
References: 1228042
Description:
This update for glibc fixes the following issue:
- s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042).
-----------------------------------------
Patch: SUSE-2024-3172
Released: Mon Sep 9 12:55:40 2024
Summary: Security update for apache2
Severity: important
References: 1227276,1227278,1227353,CVE-2024-38473,CVE-2024-38474,CVE-2024-39884
Description:
This update for apache2 fixes the following issues:
- CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278)
- CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276)
- CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353)
-----------------------------------------
Patch: SUSE-2024-3204
Released: Wed Sep 11 10:55:22 2024
Summary: Security update for curl
Severity: moderate
References: 1230093,CVE-2024-8096
Description:
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
-----------------------------------------
Patch: SUSE-2024-3216
Released: Thu Sep 12 13:05:20 2024
Summary: Security update for expat
Severity: moderate
References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492
Description:
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
-----------------------------------------
Patch: SUSE-2024-3239
Released: Fri Sep 13 12:00:58 2024
Summary: Recommended update for util-linux
Severity: moderate
References: 1229476
Description:
This update for util-linux fixes the following issue:
- Skip aarch64 decode path for rest of the architectures (bsc#1229476).
-----------------------------------------
Patch: SUSE-2024-3300
Released: Wed Sep 18 14:27:53 2024
Summary: Recommended update for ncurses
Severity: moderate
References: 1229028
Description:
This update for ncurses fixes the following issues:
- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)
-----------------------------------------
Patch: SUSE-2024-3428
Released: Tue Sep 24 18:46:11 2024
Summary: Security update for apr
Severity: moderate
References: 1229783,CVE-2023-49582
Description:
This update for apr fixes the following issues:
- CVE-2023-49582: Fixed an unexpected lax shared memory permissions. (bsc#1229783)
-----------------------------------------
Patch: SUSE-2024-3476
Released: Fri Sep 27 15:16:38 2024
Summary: Recommended update for curl
Severity: moderate
References: 1230516
Description:
This update for curl fixes the following issue:
- Make special characters in URL work with aws-sigv4 (bsc#1230516).
-----------------------------------------
Patch: SUSE-2024-3487
Released: Fri Sep 27 19:56:02 2024
Summary: Recommended update for logrotate
Severity: moderate
References:
Description:
This update for logrotate fixes the following issues:
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
-----------------------------------------
Patch: SUSE-2024-3501
Released: Tue Oct 1 16:03:34 2024
Summary: Security update for openssl-3
Severity: important
References: 1230698,CVE-2024-41996
Description:
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
-----------------------------------------
Patch: SUSE-2024-3504
Released: Tue Oct 1 16:22:27 2024
Summary: Recommended update for glibc
Severity: moderate
References: 1230638
Description:
This update for glibc fixes the following issue:
- Use nss-systemd by default also in SLE (bsc#1230638).
-----------------------------------------
Patch: SUSE-2024-3512
Released: Wed Oct 2 18:14:56 2024
Summary: Recommended update for systemd
Severity: important
References: 1226414,1228091,1228223,1228809,1229518
Description:
This update for systemd fixes the following issues:
- Determine the effective user limits in a systemd setup (jsc#PED-5659)
- Don't try to restart the udev socket units anymore. (bsc#1228809).
- Add systemd.rules rework (bsc#1229518).
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091).
- upstream commit (bsc#1226414).
- Make the 32bit version of libudev.so available again (bsc#1228223).
- policykit-1 renamed to polkitd