-----------------------------------------
Version 7.51 2022-03-26T17:37:10
-----------------------------------------
Patch: SUSE-2018-1332
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Severity: moderate
References: 1073299,1093392
Description:
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------
Patch: SUSE-2018-1999
Released: Tue Sep 25 08:20:35 2018
Summary: Recommended update for zlib
Severity: moderate
References: 1071321
Description:
This update for zlib provides the following fixes:
- Speedup zlib on power8. (fate#325307)
- Add safeguard against negative values in uInt. (bsc#1071321)
-----------------------------------------
Patch: SUSE-2018-2055
Released: Thu Sep 27 14:30:14 2018
Summary: Recommended update for openldap2
Severity: moderate
References: 1089640
Description:
This update for openldap2 provides the following fix:
- Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640)
-----------------------------------------
Patch: SUSE-2018-2370
Released: Mon Oct 22 14:02:01 2018
Summary: Recommended update for aaa_base
Severity: moderate
References: 1102310,1104531
Description:
This update for aaa_base provides the following fixes:
- Let bash.bashrc work even for (m)ksh. (bsc#1104531)
- Fix an error at login if java system directory is empty. (bsc#1102310)
-----------------------------------------
Patch: SUSE-2018-2463
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Severity: moderate
References: 1104700,1112310
Description:
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------
Patch: SUSE-2018-2550
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Severity: moderate
References: 1113554
Description:
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------
Patch: SUSE-2018-2569
Released: Fri Nov 2 19:00:18 2018
Summary: Recommended update for pam
Severity: moderate
References: 1110700
Description:
This update for pam fixes the following issues:
- Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)
-----------------------------------------
Patch: SUSE-2018-2607
Released: Wed Nov 7 15:42:48 2018
Summary: Optional update for gcc8
Severity: low
References: 1084812,1084842,1087550,1094222,1102564
Description:
The GNU Compiler GCC 8 is being added to the Development Tools Module by this
update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other
gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed,
quite some new warnings added and the error pin-pointing and
fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that
have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html
-----------------------------------------
Patch: SUSE-2018-2825
Released: Mon Dec 3 15:35:02 2018
Summary: Security update for pam
Severity: important
References: 1115640,CVE-2018-17953
Description:
This update for pam fixes the following issue:
Security issue fixed:
- CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).
-----------------------------------------
Patch: SUSE-2018-2861
Released: Thu Dec 6 14:32:01 2018
Summary: Security update for ncurses
Severity: important
References: 1103320,1115929,CVE-2018-19211
Description:
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).
Non-security issue fixed:
- Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).
-----------------------------------------
Patch: SUSE-2019-44
Released: Tue Jan 8 13:07:32 2019
Summary: Recommended update for acl
Severity: low
References: 953659
Description:
This update for acl fixes the following issues:
- test: Add helper library to fake passwd/group files.
- quote: Escape literal backslashes. (bsc#953659)
-----------------------------------------
Patch: SUSE-2019-102
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1120402
Description:
This update for timezone fixes the following issues:
- Update 2018i:
São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------
Patch: SUSE-2019-247
Released: Wed Feb 6 07:18:45 2019
Summary: Security update for lua53
Severity: moderate
References: 1123043,CVE-2019-6706
Description:
This update for lua53 fixes the following issues:
Security issue fixed:
- CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043)
-----------------------------------------
Patch: SUSE-2019-571
Released: Thu Mar 7 18:13:46 2019
Summary: Security update for file
Severity: moderate
References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907
Description:
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in
readelf.c, which allowed remote attackers to cause a denial of service
(application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
-----------------------------------------
Patch: SUSE-2019-732
Released: Mon Mar 25 14:10:04 2019
Summary: Recommended update for aaa_base
Severity: moderate
References: 1088524,1118364,1128246
Description:
This update for aaa_base fixes the following issues:
- Restore old position of ssh/sudo source of profile (bsc#1118364).
- Update logic for JRE_HOME env variable (bsc#1128246)
-----------------------------------------
Patch: SUSE-2019-790
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1130557
Description:
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------
Patch: SUSE-2019-1002
Released: Wed Apr 24 10:13:34 2019
Summary: Recommended update for zlib
Severity: moderate
References: 1110304,1129576
Description:
This update for zlib fixes the following issues:
- Fixes a segmentation fault error (bsc#1110304, bsc#1129576)
-----------------------------------------
Patch: SUSE-2019-1312
Released: Wed May 22 12:19:12 2019
Summary: Recommended update for aaa_base
Severity: moderate
References: 1096191
Description:
This update for aaa_base fixes the following issue:
* Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers
(bsc#1096191)
-----------------------------------------
Patch: SUSE-2019-1368
Released: Tue May 28 13:15:38 2019
Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
Severity: important
References: 1134524,CVE-2019-5021
Description:
This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:
- CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)
-----------------------------------------
Patch: SUSE-2019-1631
Released: Fri Jun 21 11:17:21 2019
Summary: Recommended update for xz
Severity: low
References: 1135709
Description:
This update for xz fixes the following issues:
Add SUSE-Public-Domain licence as some parts of xz utils (liblzma,
xz, xzdec, lzmadec, documentation, translated messages, tests,
debug, extra directory) are in public domain licence [bsc#1135709]
-----------------------------------------
Patch: SUSE-2019-1815
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1140016
Description:
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------
Patch: SUSE-2019-2134
Released: Wed Aug 14 11:54:56 2019
Summary: Recommended update for zlib
Severity: moderate
References: 1136717,1137624,1141059,SLE-5807
Description:
This update for zlib fixes the following issues:
- Update the s390 patchset. (bsc#1137624)
- Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059)
- Use FAT LTO objects in order to provide proper static library.
- Do not enable the previous patchset on s390 but just s390x. (bsc#1137624)
- Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717)
-----------------------------------------
Patch: SUSE-2019-2188
Released: Wed Aug 21 10:10:29 2019
Summary: Recommended update for aaa_base
Severity: moderate
References: 1140647
Description:
This update for aaa_base fixes the following issues:
- Make systemd detection cgroup oblivious. (bsc#1140647)
-----------------------------------------
Patch: SUSE-2019-2395
Released: Wed Sep 18 08:31:38 2019
Summary: Security update for openldap2
Severity: moderate
References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565
Description:
This update for openldap2 fixes the following issues:
Security issue fixed:
- CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194).
- CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273).
- CVE-2017-17740: When both the nops module and the member of overlay
are enabled, attempts to free a buffer that was allocated on the stack,
which allows remote attackers to cause a denial of service (slapd crash)
via a member MODDN operation. (bsc#1073313)
Non-security issues fixed:
- Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845).
- Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388)
- Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388).
-----------------------------------------
Patch: SUSE-2019-2423
Released: Fri Sep 20 16:41:45 2019
Summary: Recommended update for aaa_base
Severity: moderate
References: 1146866,SLE-9132
Description:
This update for aaa_base fixes the following issues:
Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132)
Following settings have been tightened (and set to 0):
- net.ipv4.conf.all.accept_redirects
- net.ipv4.conf.default.accept_redirects
- net.ipv4.conf.default.accept_source_route
- net.ipv6.conf.all.accept_redirects
- net.ipv6.conf.default.accept_redirects
-----------------------------------------
Patch: SUSE-2019-2762
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1150451
Description:
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------
Patch: SUSE-2019-2870
Released: Thu Oct 31 08:09:14 2019
Summary: Recommended update for aaa_base
Severity: moderate
References: 1051143,1138869,1151023
Description:
This update for aaa_base provides the following fixes:
- Check if variables can be set before modifying them to avoid warnings on login with a
restricted shell. (bsc#1138869)
- Add s390x compressed kernel support. (bsc#1151023)
- service: Check if there is a second argument before using it. (bsc#1051143)
-----------------------------------------
Patch: SUSE-2019-2997
Released: Mon Nov 18 15:16:38 2019
Summary: Security update for ncurses
Severity: moderate
References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595
Description:
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).
Non-security issue fixed:
- Removed screen.xterm from terminfo database (bsc#1103320).
-----------------------------------------
Patch: SUSE-2019-3061
Released: Mon Nov 25 17:34:22 2019
Summary: Security update for gcc9
Severity: moderate
References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536
Description:
This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html
The base system compiler libraries libgcc_s1, libstdc++6 and others are
now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 /
CXX=g++-9 during configuration for using it.
Security issues fixed:
- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)
Non-security issues fixed:
- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
-----------------------------------------
Patch: SUSE-2019-3086
Released: Thu Nov 28 10:02:24 2019
Summary: Security update for libidn2
Severity: moderate
References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224
Description:
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
-----------------------------------------
Patch: SUSE-2019-3166
Released: Wed Dec 4 11:24:42 2019
Summary: Recommended update for aaa_base
Severity: moderate
References: 1007715,1084934,1157278
Description:
This update for aaa_base fixes the following issues:
- Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934)
- Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715)
- Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278)
-----------------------------------------
Patch: SUSE-2020-256
Released: Wed Jan 29 09:39:17 2020
Summary: Recommended update for aaa_base
Severity: moderate
References: 1157794,1160970
Description:
This update for aaa_base fixes the following issues:
- Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794)
- Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970)
-----------------------------------------
Patch: SUSE-2020-339
Released: Thu Feb 6 13:03:22 2020
Summary: Recommended update for openldap2
Severity: low
References: 1158921
Description:
This update for openldap2 provides the following fix:
- Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921)
-----------------------------------------
Patch: SUSE-2020-480
Released: Tue Feb 25 17:38:22 2020
Summary: Recommended update for aaa_base
Severity: moderate
References: 1160735
Description:
This update for aaa_base fixes the following issues:
- Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735)
-----------------------------------------
Patch: SUSE-2020-525
Released: Fri Feb 28 11:49:36 2020
Summary: Recommended update for pam
Severity: moderate
References: 1164562
Description:
This update for pam fixes the following issues:
- Add libdb as build-time dependency to enable pam_userdb module.
Enable pam_userdb.so (jsc#sle-7258, bsc#1164562)
-----------------------------------------
Patch: SUSE-2020-633
Released: Tue Mar 10 16:23:08 2020
Summary: Recommended update for aaa_base
Severity: moderate
References: 1139939,1151023
Description:
This update for aaa_base fixes the following issues:
- get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939)
- added '-h'/'--help' to the command old
- change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues
-----------------------------------------
Patch: SUSE-2020-689
Released: Fri Mar 13 17:09:01 2020
Summary: Recommended update for pam
Severity: moderate
References: 1166510
Description:
This update for PAM fixes the following issue:
- The license of libdb linked against pam_userdb is not always wanted,
so we temporary disabled pam_userdb again. It will be published
in a different package at a later time. (bsc#1166510)
-----------------------------------------
Patch: SUSE-2020-917
Released: Fri Apr 3 15:02:25 2020
Summary: Recommended update for pam
Severity: moderate
References: 1166510
Description:
This update for pam fixes the following issues:
- Moved pam_userdb into a separate package pam-extra. (bsc#1166510)
-----------------------------------------
Patch: SUSE-2020-948
Released: Wed Apr 8 07:44:21 2020
Summary: Security update for gmp, gnutls, libnettle
Severity: moderate
References: 1152692,1155327,1166881,1168345,CVE-2020-11501
Description:
This update for gmp, gnutls, libnettle fixes the following issues:
Security issue fixed:
- CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)
FIPS related bugfixes:
- FIPS: Install checksums for binary integrity verification which are
required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
- FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if
input is shorter than block size. (bsc#1166881)
- FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)
-----------------------------------------
Patch: SUSE-2020-1219
Released: Thu May 7 17:10:42 2020
Summary: Security update for openldap2
Severity: important
References: 1170771,CVE-2020-12243
Description:
This update for openldap2 fixes the following issues:
- CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771).
-----------------------------------------
Patch: SUSE-2020-1226
Released: Fri May 8 10:51:05 2020
Summary: Recommended update for gcc9
Severity: moderate
References: 1149995,1152590,1167898
Description:
This update for gcc9 fixes the following issues:
This update ships the GCC 9.3 release.
- Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
- Includes fix for binutils version parsing
- Add libstdc++6-pp provides and conflicts to avoid file conflicts
with same minor version of libstdc++6-pp from gcc10.
- Add gcc9 autodetect -g at lto link (bsc#1149995)
- Install go tool buildid for bootstrapping go
-----------------------------------------
Patch: SUSE-2020-1294
Released: Mon May 18 07:38:36 2020
Summary: Security update for file
Severity: moderate
References: 1154661,1169512,CVE-2019-18218
Description:
This update for file fixes the following issues:
Security issues fixed:
- CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661).
Non-security issue fixed:
- Fixed broken '--help' output (bsc#1169512).
-----------------------------------------
Patch: SUSE-2020-1303
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Severity: moderate
References: 1169582
Description:
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------
Patch: SUSE-2020-1328
Released: Mon May 18 17:16:04 2020
Summary: Recommended update for grep
Severity: moderate
References: 1155271
Description:
This update for grep fixes the following issues:
- Update testsuite expectations, no functional changes (bsc#1155271)
-----------------------------------------
Patch: SUSE-2020-1370
Released: Thu May 21 19:06:00 2020
Summary: Recommended update for systemd-presets-branding-SLE
Severity: moderate
References: 1171656
Description:
This update for systemd-presets-branding-SLE fixes the following issues:
Cleanup of outdated autostart services (bsc#1171656):
- Remove acpid.service. acpid is only available on SLE via openSUSE
backports. In openSUSE acpid.service is *not* autostarted. I see no
reason why it should be on SLE.
- Remove spamassassin.timer. This timer never seems to have existed.
Instead spamassassin ships a 'sa-update.timer'. But it is not
default-enabled and nobody ever complained about this.
- Remove snapd.apparmor.service: This service was proactively added a year
ago, but snapd didn't even make it into openSUSE yet. There's no reason
to keep this entry unless snapd actually enters SLE which is not
foreseeable.
-----------------------------------------
Patch: SUSE-2020-1404
Released: Mon May 25 15:32:34 2020
Summary: Recommended update for zlib
Severity: moderate
References: 1138793,1166260
Description:
This update for zlib fixes the following issues:
- Including the latest fixes from IBM (bsc#1166260)
IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements
deflate algorithm in hardware with estimated compression and decompression performance
orders of magnitude faster than the current zlib and ratio comparable with that of level 1.
- Add SUSE specific fix to solve bsc#1138793.
The fix will avoid to test if the app was linked with exactly same version of zlib
like the one that is present on the runtime.
-----------------------------------------
Patch: SUSE-2020-1506
Released: Fri May 29 17:22:11 2020
Summary: Recommended update for aaa_base
Severity: moderate
References: 1087982,1170527
Description:
This update for aaa_base fixes the following issues:
- Not all XTerm based emulators do have a terminfo entry. (bsc#1087982)
- Better support of Midnight Commander. (bsc#1170527)
-----------------------------------------
Patch: SUSE-2020-1542
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Severity: moderate
References: 1172055
Description:
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------
Patch: SUSE-2020-1856
Released: Mon Jul 6 17:05:51 2020
Summary: Security update for openldap2
Severity: important
References: 1172698,1172704,CVE-2020-8023
Description:
This update for openldap2 fixes the following issues:
- CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698).
- Changed DB_CONFIG to root:ldap permissions (bsc#1172704).
-----------------------------------------
Patch: SUSE-2020-1954
Released: Sat Jul 18 03:07:15 2020
Summary: Recommended update for cracklib
Severity: moderate
References: 1172396
Description:
This update for cracklib fixes the following issues:
- Fixed a buffer overflow when processing long words.
-----------------------------------------
Patch: SUSE-2020-2006
Released: Wed Jul 22 16:00:52 2020
Summary: Recommended update for postgresql, postgresql12
Severity: moderate
References: 1148643,1171924
Description:
This update for postgresql, postgresql12 fixes the following issues:
Postgresql12 was updated to 12.3 (bsc#1171924).
- https://www.postgresql.org/about/news/2038/
- https://www.postgresql.org/docs/12/release-12-3.html
- Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get
a clean and complete cutover to the new packaging schema.
Also changed in the postgresql wrapper package:
- Bump version to 12.0.1, so that the binary packages also have
a cut-point to conflict with.
- Conflict with versions of the binary packages prior to the
May 2020 update, because we changed the package layout at that
point and need a clean cutover.
- Bump package version to 12, but leave default at 10 for
SLE-15 and SLE-15-SP1.
-----------------------------------------
Patch: SUSE-2020-2083
Released: Thu Jul 30 10:27:59 2020
Summary: Recommended update for diffutils
Severity: moderate
References: 1156913
Description:
This update for diffutils fixes the following issue:
- Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913)
-----------------------------------------
Patch: SUSE-2020-2265
Released: Tue Aug 18 12:08:55 2020
Summary: Security update for postgresql12
Severity: important
References: 1175193,1175194,CVE-2020-14349,CVE-2020-14350
Description:
This update for postgresql12 fixes the following issues:
- update to 12.4:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in
logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation
scripts more secure.
* https://www.postgresql.org/docs/12/release-12-4.html
-----------------------------------------
Patch: SUSE-2020-2420
Released: Tue Sep 1 13:48:35 2020
Summary: Recommended update for zlib
Severity: moderate
References: 1174551,1174736
Description:
This update for zlib provides the following fixes:
- Permit a deflateParams() parameter change as soon as possible. (bsc#1174736)
- Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551)
-----------------------------------------
Patch: SUSE-2020-2581
Released: Wed Sep 9 13:07:07 2020
Summary: Security update for openldap2
Severity: moderate
References: 1174154,CVE-2020-15719
Description:
This update for openldap2 fixes the following issues:
- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509
SAN's falling back to CN validation in violation of rfc6125.
-----------------------------------------
Patch: SUSE-2020-2651
Released: Wed Sep 16 14:42:55 2020
Summary: Recommended update for zlib
Severity: moderate
References: 1175811,1175830,1175831
Description:
This update for zlib fixes the following issues:
- Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831)
- Enable hardware compression on s390/s390x (jsc#SLE-13776)
-----------------------------------------
Patch: SUSE-2020-2712
Released: Tue Sep 22 17:08:03 2020
Summary: Security update for openldap2
Severity: moderate
References: 1175568,CVE-2020-8027
Description:
This update for openldap2 fixes the following issues:
- CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568).
-----------------------------------------
Patch: SUSE-2020-2869
Released: Tue Oct 6 16:13:20 2020
Summary: Recommended update for aaa_base
Severity: moderate
References: 1011548,1153943,1153946,1161239,1171762
Description:
This update for aaa_base fixes the following issues:
- DIR_COLORS (bug#1006973):
- add screen.xterm-256color
- add TERM rxvt-unicode-256color
- sort and merge TERM entries in etc/DIR_COLORS
- check for Packages.db and use this instead of Packages. (bsc#1171762)
- Rename path() to _path() to avoid using a general name.
- refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548)
- etc/profile add some missing ;; in case esac statements
- profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946)
- backup-rpmdb: exit if zypper is running (bsc#1161239)
- Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943)
-----------------------------------------
Patch: SUSE-2020-2947
Released: Fri Oct 16 15:23:07 2020
Summary: Security update for gcc10, nvptx-tools
Severity: moderate
References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844
Description:
This update for gcc10, nvptx-tools fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
Changes in nvptx-tools:
- Enable build on aarch64
-----------------------------------------
Patch: SUSE-2020-2983
Released: Wed Oct 21 15:03:03 2020
Summary: Recommended update for file
Severity: moderate
References: 1176123
Description:
This update for file fixes the following issues:
- Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123)
-----------------------------------------
Patch: SUSE-2020-3099
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------
Patch: SUSE-2020-3123
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Severity: important
References: 1177460,1178346,1178350,1178353
Description:
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------
Patch: SUSE-2020-3313
Released: Thu Nov 12 16:07:37 2020
Summary: Security update for openldap2
Severity: important
References: 1178387,CVE-2020-25692
Description:
This update for openldap2 fixes the following issues:
- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
-----------------------------------------
Patch: SUSE-2020-3462
Released: Fri Nov 20 13:14:35 2020
Summary: Recommended update for pam and sudo
Severity: moderate
References: 1174593,1177858,1178727
Description:
This update for pam and sudo fixes the following issue:
pam:
- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)
sudo:
- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)
-----------------------------------------
Patch: SUSE-2020-3463
Released: Fri Nov 20 13:49:58 2020
Summary: Security update for postgresql12
Severity: important
References: 1178666,1178667,1178668,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696
Description:
This update for postgresql12 fixes the following issues:
- Upgrade to version 12.5:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/12/release-12-5.html
- Stop building the mini and lib packages as they are now coming
from postgresql13.
-----------------------------------------
Patch: SUSE-2020-3620
Released: Thu Dec 3 17:03:55 2020
Summary: Recommended update for pam
Severity: moderate
References:
Description:
This update for pam fixes the following issues:
- Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
- Check whether the password contains a substring of of the user's name of at least `<N>` characters length in
some form. This is enabled by the new parameter `usersubstr=<N>`
-----------------------------------------
Patch: SUSE-2020-3703
Released: Mon Dec 7 20:17:32 2020
Summary: Recommended update for aaa_base
Severity: moderate
References: 1179431
Description:
This update for aaa_base fixes the following issue:
- Avoid semicolon within (t)csh login script on S/390. (bsc#1179431)
-----------------------------------------
Patch: SUSE-2020-3942
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Severity: moderate
References: 1180138
Description:
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------
Patch: SUSE-2021-105
Released: Tue Jan 12 19:50:06 2021
Summary: Recommended update for postgresql12
Severity: low
References: 1178961
Description:
This update for postgresql12 fixes the following issues:
- Marked symlinks to pg_config and ecpg as ghost files, so that rpm doesn't complain
when they are not there (bsc#1178961)
-----------------------------------------
Patch: SUSE-2021-129
Released: Thu Jan 14 12:26:15 2021
Summary: Security update for openldap2
Severity: moderate
References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710
Description:
This update for openldap2 fixes the following issues:
Security issues fixed:
- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
Non-security issue fixed:
- Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503)
-----------------------------------------
Patch: SUSE-2021-175
Released: Wed Jan 20 09:23:50 2021
Summary: Security update for postgresql, postgresql13
Severity: moderate
References: 1178666,1178667,1178668,1178961,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696
Description:
This update for postgresql, postgresql13 fixes the following issues:
This update ships postgresql13.
Upgrade to version 13.1:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/13/release-13-1.html
Initial packaging of PostgreSQL 13:
* https://www.postgresql.org/about/news/2077/
* https://www.postgresql.org/docs/13/release-13.html
- bsc#1178961: %ghost the symlinks to pg_config and ecpg.
Changes in postgresql wrapper package:
- Bump major version to 13.
- We also transfer PostgreSQL 9.4.26 to the new package layout in
SLE12-SP2 and newer. Reflect this in the conflict with
postgresql94.
- Also conflict with PostgreSQL versions before 9.
- Conflicting with older versions is not limited to SLE.
-----------------------------------------
Patch: SUSE-2021-179
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------
Patch: SUSE-2021-220
Released: Tue Jan 26 14:00:51 2021
Summary: Recommended update for keyutils
Severity: moderate
References: 1180603
Description:
This update for keyutils fixes the following issues:
- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
-----------------------------------------
Patch: SUSE-2021-293
Released: Wed Feb 3 12:52:34 2021
Summary: Recommended update for gmp
Severity: moderate
References: 1180603
Description:
This update for gmp fixes the following issues:
- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)
-----------------------------------------
Patch: SUSE-2021-301
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------
Patch: SUSE-2021-339
Released: Mon Feb 8 13:16:07 2021
Summary: Optional update for pam
Severity: low
References:
Description:
This update for pam fixes the following issues:
- Added rpm macros for this package, so that other packages can make use of it
This patch is optional to be installed - it doesn't fix any bugs.
-----------------------------------------
Patch: SUSE-2021-543
Released: Mon Feb 22 13:54:49 2021
Summary: Security update for postgresql13
Severity: moderate
References: 1179765,1182039,1182040,CVE-2021-20229,CVE-2021-3393
Description:
This update for postgresql13 fixes the following issues:
Upgrade to version 13.2:
* Updating stored views and reindexing might be needed after applying this update.
* CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages.
* CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries.
-----------------------------------------
Patch: SUSE-2021-544
Released: Mon Feb 22 13:55:04 2021
Summary: Security update for postgresql12
Severity: moderate
References: 1179765,1182040,CVE-2021-3393
Description:
This update for postgresql12 fixes the following issues:
Upgrade to version 12.6:
- Reindexing might be needed after applying this update.
- CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages.
-----------------------------------------
Patch: SUSE-2021-723
Released: Mon Mar 8 16:45:27 2021
Summary: Security update for openldap2
Severity: important
References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212
Description:
This update for openldap2 fixes the following issues:
- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the
X.509 DN parsing in decode.c ber_next_element, resulting in denial
of service.
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
parsing in ad_keystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash
in the Certificate List Exact Assertion processing, resulting in
denial of service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash
in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the
saslAuthzTo validation, resulting in denial of service.
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact
Assertion processing, resulting in denial of service (schema_init.c
serialNumberAndIssuerCheck).
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter
control handling, resulting in denial of service (double free and
out-of-bounds read).
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur
in the issuerAndThisUpdateCheck function via a crafted packet,
resulting in a denial of service (daemon exit) via a short timestamp.
This is related to schema_init.c and checkTime.
-----------------------------------------
Patch: SUSE-2021-786
Released: Mon Mar 15 11:19:23 2021
Summary: Recommended update for zlib
Severity: moderate
References: 1176201
Description:
This update for zlib fixes the following issues:
- Fixed hw compression on z15 (bsc#1176201)
-----------------------------------------
Patch: SUSE-2021-924
Released: Tue Mar 23 10:00:49 2021
Summary: Recommended update for filesystem
Severity: moderate
References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
Description:
This update for filesystem the following issues:
- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)
This update for systemd fixes the following issues:
- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)
-----------------------------------------
Patch: SUSE-2021-926
Released: Tue Mar 23 13:20:24 2021
Summary: Recommended update for systemd-presets-common-SUSE
Severity: moderate
References: 1083473,1112500,1115408,1165780,1183012
Description:
This update for systemd-presets-common-SUSE fixes the following issues:
- Add default user preset containing:
- enable `pulseaudio.socket` (bsc#1083473)
- enable `pipewire.socket` (bsc#1183012)
- enable `pipewire-pulse.socket` (bsc#1183012)
- enable `pipewire-media-session.service` (used with pipewire >= 0.3.23)
- Changes to the default preset:
- enable `btrfsmaintenance-refresh.path`.
- disable `btrfsmaintenance-refresh.service`.
- enable `dnf-makecache.timer`.
- enable `ignition-firstboot-complete.service`.
- enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500)
- enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408)
- remove enable `updatedb.timer`
- Avoid needless refresh on boot. (bsc#1165780)
-----------------------------------------
Patch: SUSE-2021-927
Released: Tue Mar 23 14:07:06 2021
Summary: Recommended update for libreoffice
Severity: moderate
References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790
Description:
This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790)
libreoffice:
- Image shown with different aspect ratio (bsc#1176547)
- Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644)
- Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375)
- Wrong bullet points in Impress (bsc#1174465)
- SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955)
- Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471)
- SUSE Mint
- SUSE Midnight Blue
- SUSE Waterhole Blue
- SUSE Persimmon
- Fix a crash opening a PPTX. (bsc#1179025)
- Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807)
- Shadow effects for table completely missing (bsc#1178944, bsc#1178943)
- Disable firebird integration for the time being (bsc#1179203)
- Fixes hang on Writer on scrolling/saving of a document (bsc#1136234)
- Wrong rendering of bulleted lists in PPTX document (bsc#1155141)
- Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404)
- Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658)
libixion:
Update to 0.16.1:
- fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values.
- worked around floating point rounding errors which prevented two theoretically-equal numeric values from being
evaluated as equal in test code.
- added new function to allow printing of single formula tokens.
- added method for setting cached results on formula cells in model_context.
- changed the model_context design to ensure that all sheets are of the same size.
- added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns
a string value from cell.
- added cell_access class for querying of cell states without knowing its type ahead of time.
- added document class which provides a layer on top of model_context, to abstract away the handling of formula
calculations.
- deprecated model_context::erase_cell() in favor of empty_cell().
- added support for 3D references - references that contain multiple sheets.
- added support for the exponent (^) and concatenation (&) operators.
- fixed incorrect handling of range references containing whole columns such as A:A.
- added support for unordered range references - range references whose start row or column is greater than
their end position counterparts, such as A3:A1.
- fixed a bug that prevented nested formula functions from working properly.
- implemented Calc A1 style reference resolver.
- formula results now directly store the string values when the results are of string type.
They previously stored string ID values after interning the original strings.
- Removed build-time dependency on spdlog.
libmwaw:
Update to 0.3.17:
- add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file
still contains its resource fork
- add a parser for Canvas 3 and 3.5 files
- AppleWorks parser: try to retrieve more Windows presentation
- add a parser for Drawing Table files
- add a parser for Canvas 2 files
- API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29`
and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined
- remove the QuarkXPress parser (must be in libqxp)
- retrieve the annotation in MsWord 5 document
- try to better understand RagTime 5-6 document
libnumbertext:
Update to 1.0.6
liborcus:
Update to 0.16.1
- Add upstream changes to fix build with GCC 11 (bsc#1181872)
libstaroffice:
Update to 0.0.7:
- fix `text:sender-lastname` when creating meta-data
libwps:
Update to 0.4.11:
- XYWrite: add a parser to .fil v2 and v4 files
- wks,wk1: correct some problems when retrieving cell's reference.
glfw:
New package provided on version 3.3.2:
- See also: https://www.glfw.org/changelog.html
- Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090)
* Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h
* glfwFocusWindow could terminate on older WMs or without a WM
* Creating an undecorated window could fail with BadMatch
* Querying a disconnected monitor could segfault
* Video modes with a duplicate screen area were discarded
* The CMake files did not check for the XInput headers
* Key names were not updated when the keyboard layout changed
* Decorations could not be enabled after window creation
* Content scale fallback value could be inconsistent
* Disabled cursor mode was interrupted by indicator windows
* Monitor physical dimensions could be reported as zero mm
* Window position events were not emitted during resizing
* Added on-demand loading of Vulkan and context creation API libraries
* [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was
set to `GLFW_DONT_CARE`
* [X11] Bugfix: Input focus was set before window was visible,
causing BadMatch on some non-reparenting WMs
* [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on
the window frame instead of the client area
* [WGL] Added reporting of errors from `WGL_ARB_create_context` extension
* [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries
* [EGL] Bugfix: Dynamically loaded entry points were not verified
- Made build of geany-tags optional.
Box2D:
New package provided on version 2.4.1:
* Extended distance joint to have a minimum and maximum limit.
* `B2_USER_SETTINGS` and `b2_user_settings.h` can control user
data, length units, and maximum polygon vertices.
* Default user data is now uintptr_t instead of void*
* b2FixtureDef::restitutionThreshold lets you set the
restitution velocity threshold per fixture.
* Collision
* Chain and edge shape must now be one-sided to eliminate ghost
collisions
* Broad-phase optimizations
* Added b2ShapeCast for linear shape casting
* Dynamics
* Joint limits are now predictive and not stateful
* Experimental 2D cloth (rope)
* b2Body::SetActive -> b2Body::SetEnabled
* Better support for running multiple worlds
* Handle zero density better
* The body behaves like a static body
* The body is drawn with a red color
* Added translation limit to wheel joint
* World dump now writes to box2d_dump.inl
* Static bodies are never awake
* All joints with spring-dampers now use stiffness and damping
* Added utility functions to convert frequency and damping
ratio to stiffness and damping
* Polygon creation now computes the convex hull.
* The convex hull code will merge vertices closer than dm_linearSlop.
-----------------------------------------
Patch: SUSE-2021-930
Released: Wed Mar 24 12:09:23 2021
Summary: Security update for nghttp2
Severity: important
References: 1172442,1181358,CVE-2020-11080
Description:
This update for nghttp2 fixes the following issues:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)
-----------------------------------------
Patch: SUSE-2021-1141
Released: Mon Apr 12 13:13:36 2021
Summary: Recommended update for openldap2
Severity: low
References: 1182791
Description:
This update for openldap2 fixes the following issues:
- Improved the proxy connection timeout options to prune connections properly (bsc#1182791)
-----------------------------------------
Patch: SUSE-2021-1295
Released: Wed Apr 21 14:08:19 2021
Summary: Recommended update for systemd-presets-common-SUSE
Severity: moderate
References: 1184136
Description:
This update for systemd-presets-common-SUSE fixes the following issues:
- Enabled hcn-init.service for HNV on POWER (bsc#1184136)
-----------------------------------------
Patch: SUSE-2021-1449
Released: Fri Apr 30 08:08:25 2021
Summary: Recommended update for systemd-presets-branding-SLE
Severity: moderate
References: 1165780
Description:
This update for systemd-presets-branding-SLE fixes the following issues:
- Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780)
-----------------------------------------
Patch: SUSE-2021-1612
Released: Fri May 14 17:09:39 2021
Summary: Recommended update for openldap2
Severity: moderate
References: 1184614
Description:
This update for openldap2 fixes the following issue:
- Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614)
-----------------------------------------
Patch: SUSE-2021-1643
Released: Wed May 19 13:51:48 2021
Summary: Recommended update for pam
Severity: important
References: 1181443,1184358,1185562
Description:
This update for pam fixes the following issues:
- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)
-----------------------------------------
Patch: SUSE-2021-1785
Released: Thu May 27 16:44:19 2021
Summary: Security update for postgresql13
Severity: moderate
References: 1179945,1183118,1183168,1185924,1185925,1185926,CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
Description:
This update for postgresql13 fixes the following issues:
- Upgrade to version 13.3:
- CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).
- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).
- CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926).
- Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
- Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118).
- Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).
-----------------------------------------
Patch: SUSE-2021-1861
Released: Fri Jun 4 09:59:40 2021
Summary: Recommended update for gcc10
Severity: moderate
References: 1029961,1106014,1178577,1178624,1178675,1182016
Description:
This update for gcc10 fixes the following issues:
- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)
-----------------------------------------
Patch: SUSE-2021-1937
Released: Thu Jun 10 10:47:09 2021
Summary: Recommended update for nghttp2
Severity: moderate
References: 1186642
Description:
This update for nghttp2 fixes the following issue:
- The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead
to migration issues. (bsc#1186642)
-----------------------------------------
Patch: SUSE-2021-1994
Released: Thu Jun 17 13:36:04 2021
Summary: Security update for postgresql12
Severity: moderate
References: 1179945,1183118,1183168,1185924,1185925,1185926,CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
Description:
This update for postgresql12 fixes the following issues:
Upgrade to version 12.7:
- CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).
- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).
- CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926).
- Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
- Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118).
- Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).
-----------------------------------------
Patch: SUSE-2021-2173
Released: Mon Jun 28 14:59:45 2021
Summary: Recommended update for automake
Severity: moderate
References: 1040589,1047218,1182604,1185540,1186049
Description:
This update for automake fixes the following issues:
- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)
This update for pcre fixes the following issues:
- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)
This update for brp-check-suse fixes the following issues:
- Add fixes to support reproducible builds. (bsc#1186049)
-----------------------------------------
Patch: SUSE-2021-2178
Released: Mon Jun 28 15:56:15 2021
Summary: Recommended update for systemd-presets-common-SUSE
Severity: moderate
References: 1186561
Description:
This update for systemd-presets-common-SUSE fixes the following issues:
When installing the systemd-presets-common-SUSE package for the
first time in a new system, it might happen that some services
are installed before systemd so the %systemd_pre/post macros
would not work. This is handled by enabling all preset services
in this package's %posttrans section but it wasn't enabling
user services, just system services. Now it enables also the
user services installed before this package (bsc#1186561)
-----------------------------------------
Patch: SUSE-2021-2196
Released: Tue Jun 29 09:41:39 2021
Summary: Security update for lua53
Severity: moderate
References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371
Description:
This update for lua53 fixes the following issues:
Update to version 5.3.6:
- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
-----------------------------------------
Patch: SUSE-2021-2205
Released: Wed Jun 30 09:17:41 2021
Summary: Recommended update for openldap2
Severity: important
References: 1187210
Description:
This update for openldap2 fixes the following issues:
- Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)
-----------------------------------------
Patch: SUSE-2021-2290
Released: Fri Jul 9 19:03:39 2021
Summary: Recommended update for postgresql13
Severity: moderate
References: 1183118,1187751
Description:
This update for postgresql13 fixes the following issue:
- reduce requirement of clang and llvm to recommends in 'postgresql13-server-devel'.
-----------------------------------------
Patch: SUSE-2021-2456
Released: Thu Jul 22 15:28:39 2021
Summary: Recommended update for pam-config
Severity: moderate
References: 1187091
Description:
This update for pam-config fixes the following issues:
- Add 'revoke' to the option list for 'pam_keyinit'.
- Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091)
-----------------------------------------
Patch: SUSE-2021-2573
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1188127
Description:
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------
Patch: SUSE-2021-2627
Released: Thu Aug 5 12:10:46 2021
Summary: Recommended maintenance update for systemd-default-settings
Severity: moderate
References: 1188348
Description:
This update for systemd-default-settings fixes the following issue:
- Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)
-----------------------------------------
Patch: SUSE-2021-2938
Released: Fri Sep 3 09:19:36 2021
Summary: Recommended update for openldap2
Severity: moderate
References: 1184614
Description:
This update for openldap2 fixes the following issue:
- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)
-----------------------------------------
Patch: SUSE-2021-3001
Released: Thu Sep 9 15:08:13 2021
Summary: Recommended update for netcfg
Severity: moderate
References: 1189683
Description:
This update for netcfg fixes the following issues:
- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]
-----------------------------------------
Patch: SUSE-2021-3182
Released: Tue Sep 21 17:04:26 2021
Summary: Recommended update for file
Severity: moderate
References: 1189996
Description:
This update for file fixes the following issues:
- Fixes exception thrown by memory allocation problem (bsc#1189996)
-----------------------------------------
Patch: SUSE-2021-3203
Released: Thu Sep 23 14:41:35 2021
Summary: Recommended update for kmod
Severity: moderate
References: 1189537,1190190
Description:
This update for kmod fixes the following issues:
- Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190).
- Enable support for ZSTD compressed modules
- Display module information even for modules built into the running kernel (bsc#1189537)
- '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well.
- Remove test patches included in release 29
- Update to release 29
* Fix `modinfo -F` not working for built-in modules and certain fields.
* Fix a memory leak, overflow and double free on error path.
-----------------------------------------
Patch: SUSE-2021-3255
Released: Wed Sep 29 16:29:48 2021
Summary: Security update for postgresql13
Severity: moderate
References: 1179945,1185952,1187751,1189748,CVE-2021-3677
Description:
This update for postgresql13 fixes the following issues:
- CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748).
- Fixed build with llvm12 on s390x (bsc#1185952).
- Re-enabled icu for PostgreSQL 10 (bsc#1179945).
- Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751).
- llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952).
-----------------------------------------
Patch: SUSE-2021-3256
Released: Wed Sep 29 16:31:09 2021
Summary: Security update for postgresql12
Severity: moderate
References: 1179945,1185952,1187751,1189748,CVE-2021-3677
Description:
This update for postgresql12 fixes the following issues:
- CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748).
- Fixed build with llvm12 on s390x (bsc#1185952).
- Re-enabled icu for PostgreSQL 10 (bsc#1179945).
- Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751).
- llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952).
-----------------------------------------
Patch: SUSE-2021-3291
Released: Wed Oct 6 16:45:36 2021
Summary: Security update for glibc
Severity: moderate
References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942
Description:
This update for glibc fixes the following issues:
- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).
-----------------------------------------
Patch: SUSE-2021-3490
Released: Wed Oct 20 16:31:55 2021
Summary: Security update for ncurses
Severity: moderate
References: 1190793,CVE-2021-39537
Description:
This update for ncurses fixes the following issues:
- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)
-----------------------------------------
Patch: SUSE-2021-3494
Released: Wed Oct 20 16:48:46 2021
Summary: Recommended update for pam
Severity: moderate
References: 1190052
Description:
This update for pam fixes the following issues:
- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)
-----------------------------------------
Patch: SUSE-2021-3510
Released: Tue Oct 26 11:22:15 2021
Summary: Recommended update for pam
Severity: important
References: 1191987
Description:
This update for pam fixes the following issues:
- Fixed a bad directive file which resulted in
the 'securetty' file to be installed as 'macros.pam'.
(bsc#1191987)
-----------------------------------------
Patch: SUSE-2021-3529
Released: Wed Oct 27 09:23:32 2021
Summary: Security update for pcre
Severity: moderate
References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155
Description:
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)
-----------------------------------------
Patch: SUSE-2021-3599
Released: Wed Nov 3 10:29:54 2021
Summary: Recommended update for postgresql, postgresql13, postgresql14
Severity: moderate
References:
Description:
This update for postgresql, postgresql13, postgresql14 fixes the following issues:
This update ships postgresql14. (jsc#SLE-20675 jsc#SLE-20676)
Feature changes in postgresql14:
- https://www.postgresql.org/about/news/postgresql-14-released-2318/
- https://www.postgresql.org/docs/14/release-14.html
Changes in postgresql13:
- Stop building the mini and lib packages as they are now coming
from postgresql14.
Changes in postgresql:
- Bump version to 14, leave default at 12.
-----------------------------------------
Patch: SUSE-2021-3758
Released: Mon Nov 22 09:38:02 2021
Summary: Security update for postgresql12
Severity: important
References: 1192516,CVE-2021-23214,CVE-2021-23222
Description:
This update for postgresql12 fixes the following issues:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
-----------------------------------------
Patch: SUSE-2021-3759
Released: Mon Nov 22 09:40:19 2021
Summary: Security update for postgresql14
Severity: important
References: 1191782,1192516,CVE-2021-23214,CVE-2021-23222
Description:
This update for postgresql14 fixes the following issues:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- Let rpmlint ignore shlib-policy-name-error (boo#1191782).
-----------------------------------------
Patch: SUSE-2021-3792
Released: Wed Nov 24 06:12:09 2021
Summary: Recommended update for kmod
Severity: moderate
References: 1192104
Description:
This update for kmod fixes the following issues:
- Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256)
-----------------------------------------
Patch: SUSE-2021-3799
Released: Wed Nov 24 18:07:54 2021
Summary: Recommended update for gcc11
Severity: moderate
References: 1187153,1187273,1188623
Description:
This update for gcc11 fixes the following issues:
The additional GNU compiler collection GCC 11 is provided:
To select these compilers install the packages:
- gcc11
- gcc-c++11
- and others with 11 prefix.
to select them for building:
- CC='gcc-11'
- CXX='g++-11'
The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.
-----------------------------------------
Patch: SUSE-2021-3872
Released: Thu Dec 2 07:25:55 2021
Summary: Recommended update for cracklib
Severity: moderate
References: 1191736
Description:
This update for cracklib fixes the following issues:
- Enable build time tests (bsc#1191736)
-----------------------------------------
Patch: SUSE-2021-3883
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------
Patch: SUSE-2021-3891
Released: Fri Dec 3 10:21:49 2021
Summary: Recommended update for keyutils
Severity: moderate
References: 1029961,1113013,1187654
Description:
This update for keyutils fixes the following issues:
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
keyutils was updated to 1.6.3 (jsc#SLE-20016):
* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes.
Updated to 1.6:
* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore
Updated to 1.5.11 (bsc#1113013)
* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records
-----------------------------------------
Patch: SUSE-2021-3899
Released: Fri Dec 3 11:27:41 2021
Summary: Security update for aaa_base
Severity: moderate
References: 1162581,1174504,1191563,1192248
Description:
This update for aaa_base fixes the following issues:
- Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504).
- Add $HOME/.local/bin to PATH, if it exists (bsc#1192248).
- Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563).
- Support xz compressed kernel (bsc#1162581)
-----------------------------------------
Patch: SUSE-2021-3942
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Severity: moderate
References: 1175825,CVE-2020-8927
Description:
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------
Patch: SUSE-2021-3946
Released: Mon Dec 6 14:57:42 2021
Summary: Security update for gmp
Severity: moderate
References: 1192717,CVE-2021-43618
Description:
This update for gmp fixes the following issues:
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).
-----------------------------------------
Patch: SUSE-2021-3980
Released: Thu Dec 9 16:42:19 2021
Summary: Recommended update for glibc
Severity: moderate
References: 1191592
Description:
glibc was updated to fix the following issue:
- Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)
-----------------------------------------
Patch: SUSE-2021-4165
Released: Wed Dec 22 22:52:11 2021
Summary: Recommended update for kmod
Severity: moderate
References: 1193430
Description:
This update for kmod fixes the following issues:
- Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430)
-----------------------------------------
Patch: SUSE-2021-4182
Released: Thu Dec 23 11:51:51 2021
Summary: Recommended update for zlib
Severity: moderate
References: 1192688
Description:
This update for zlib fixes the following issues:
- Fix hardware compression incorrect result on z15 hardware (bsc#1192688)
-----------------------------------------
Patch: SUSE-2022-184
Released: Tue Jan 25 18:20:56 2022
Summary: Security update for json-c
Severity: important
References: 1171479,CVE-2020-12762
Description:
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479)
-----------------------------------------
Patch: SUSE-2022-207
Released: Thu Jan 27 09:24:49 2022
Summary: Recommended update for glibc
Severity: moderate
References:
Description:
This update for glibc fixes the following issues:
- Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049).
-----------------------------------------
Patch: SUSE-2022-330
Released: Fri Feb 4 09:29:08 2022
Summary: Security update for glibc
Severity: important
References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219
Description:
This update for glibc fixes the following issues:
- CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640)
- CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770)
Features added:
- IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195)
-----------------------------------------
Patch: SUSE-2022-383
Released: Tue Feb 15 17:47:36 2022
Summary: Recommended update for cyrus-sasl
Severity: moderate
References: 1194265
Description:
This update for cyrus-sasl fixes the following issues:
- Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265)
- Add config parameter '--with-dblib=gdbm'
- Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB.
-----------------------------------------
Patch: SUSE-2022-692
Released: Thu Mar 3 15:46:47 2022
Summary: Recommended update for filesystem
Severity: moderate
References: 1190447
Description:
This update for filesystem fixes the following issues:
- Release ported filesystem to LTSS channels (bsc#1190447).
-----------------------------------------
Patch: SUSE-2022-743
Released: Mon Mar 7 22:08:12 2022
Summary: Security update for cyrus-sasl
Severity: important
References: 1194265,1196036,CVE-2022-24407
Description:
This update for cyrus-sasl fixes the following issues:
- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).
The following non-security bugs were fixed:
- postfix: sasl authentication with password fails (bsc#1194265).
-----------------------------------------
Patch: SUSE-2022-787
Released: Thu Mar 10 11:20:13 2022
Summary: Recommended update for openldap2
Severity: moderate
References:
Description:
This update for openldap2 fixes the following issue:
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------
Patch: SUSE-2022-789
Released: Thu Mar 10 11:22:05 2022
Summary: Recommended update for update-alternatives
Severity: moderate
References: 1195654
Description:
This update for update-alternatives fixes the following issues:
- Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)
-----------------------------------------
Patch: SUSE-2022-861
Released: Tue Mar 15 23:30:48 2022
Summary: Recommended update for openssl-1_1
Severity: moderate
References: 1182959,1195149,1195792,1195856
Description:
This update for openssl-1_1 fixes the following issues:
openssl-1_1:
- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
glibc:
- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
linux-glibc-devel:
- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1
libxcrypt:
- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1
zlib:
- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1
-----------------------------------------
Patch: SUSE-2022-874
Released: Wed Mar 16 10:40:52 2022
Summary: Recommended update for openldap2
Severity: moderate
References: 1197004
Description:
This update for openldap2 fixes the following issue:
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004)