-----------------------------------------
Version 11.11 2023-10-18T09:00:14
-----------------------------------------
Patch: SUSE-2018-1332
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Severity: moderate
References: 1073299,1093392
Description:
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------
Patch: SUSE-2018-2463
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Severity: moderate
References: 1104700,1112310
Description:
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------
Patch: SUSE-2018-2550
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Severity: moderate
References: 1113554
Description:
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------
Patch: SUSE-2018-2569
Released: Fri Nov 2 19:00:18 2018
Summary: Recommended update for pam
Severity: moderate
References: 1110700
Description:
This update for pam fixes the following issues:
- Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)
-----------------------------------------
Patch: SUSE-2018-2607
Released: Wed Nov 7 15:42:48 2018
Summary: Optional update for gcc8
Severity: low
References: 1084812,1084842,1087550,1094222,1102564
Description:
The GNU Compiler GCC 8 is being added to the Development Tools Module by this
update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other
gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed,
quite some new warnings added and the error pin-pointing and
fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that
have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html
-----------------------------------------
Patch: SUSE-2018-2825
Released: Mon Dec 3 15:35:02 2018
Summary: Security update for pam
Severity: important
References: 1115640,CVE-2018-17953
Description:
This update for pam fixes the following issue:
Security issue fixed:
- CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).
-----------------------------------------
Patch: SUSE-2018-2861
Released: Thu Dec 6 14:32:01 2018
Summary: Security update for ncurses
Severity: important
References: 1103320,1115929,CVE-2018-19211
Description:
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).
Non-security issue fixed:
- Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).
-----------------------------------------
Patch: SUSE-2019-44
Released: Tue Jan 8 13:07:32 2019
Summary: Recommended update for acl
Severity: low
References: 953659
Description:
This update for acl fixes the following issues:
- test: Add helper library to fake passwd/group files.
- quote: Escape literal backslashes. (bsc#953659)
-----------------------------------------
Patch: SUSE-2019-102
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1120402
Description:
This update for timezone fixes the following issues:
- Update 2018i:
São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------
Patch: SUSE-2019-247
Released: Wed Feb 6 07:18:45 2019
Summary: Security update for lua53
Severity: moderate
References: 1123043,CVE-2019-6706
Description:
This update for lua53 fixes the following issues:
Security issue fixed:
- CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043)
-----------------------------------------
Patch: SUSE-2019-571
Released: Thu Mar 7 18:13:46 2019
Summary: Security update for file
Severity: moderate
References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907
Description:
This update for file fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in
readelf.c, which allowed remote attackers to cause a denial of service
(application crash) via a crafted ELF file (bsc#1096974)
- CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c
(bsc#1126118)
- CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c
(bsc#1126119)
- CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c
(bsc#1126117)
-----------------------------------------
Patch: SUSE-2019-790
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1130557
Description:
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------
Patch: SUSE-2019-926
Released: Wed Apr 10 16:33:12 2019
Summary: Security update for tar
Severity: moderate
References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923
Description:
This update for tar fixes the following issues:
Security issues fixed:
- CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
- CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).
-----------------------------------------
Patch: SUSE-2019-1368
Released: Tue May 28 13:15:38 2019
Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
Severity: important
References: 1134524,CVE-2019-5021
Description:
This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:
- CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)
-----------------------------------------
Patch: SUSE-2019-1631
Released: Fri Jun 21 11:17:21 2019
Summary: Recommended update for xz
Severity: low
References: 1135709
Description:
This update for xz fixes the following issues:
Add SUSE-Public-Domain licence as some parts of xz utils (liblzma,
xz, xzdec, lzmadec, documentation, translated messages, tests,
debug, extra directory) are in public domain licence [bsc#1135709]
-----------------------------------------
Patch: SUSE-2019-1815
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1140016
Description:
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------
Patch: SUSE-2019-2762
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Severity: moderate
References: 1150451
Description:
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------
Patch: SUSE-2019-2997
Released: Mon Nov 18 15:16:38 2019
Summary: Security update for ncurses
Severity: moderate
References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595
Description:
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).
Non-security issue fixed:
- Removed screen.xterm from terminfo database (bsc#1103320).
-----------------------------------------
Patch: SUSE-2019-3061
Released: Mon Nov 25 17:34:22 2019
Summary: Security update for gcc9
Severity: moderate
References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536
Description:
This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html
The base system compiler libraries libgcc_s1, libstdc++6 and others are
now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 /
CXX=g++-9 during configuration for using it.
Security issues fixed:
- CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
- CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)
Non-security issues fixed:
- Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
- Fixed miscompilation for vector shift on s390. (bsc#1141897)
-----------------------------------------
Patch: SUSE-2019-3086
Released: Thu Nov 28 10:02:24 2019
Summary: Security update for libidn2
Severity: moderate
References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224
Description:
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
-----------------------------------------
Patch: SUSE-2020-525
Released: Fri Feb 28 11:49:36 2020
Summary: Recommended update for pam
Severity: moderate
References: 1164562
Description:
This update for pam fixes the following issues:
- Add libdb as build-time dependency to enable pam_userdb module.
Enable pam_userdb.so (jsc#sle-7258, bsc#1164562)
-----------------------------------------
Patch: SUSE-2020-689
Released: Fri Mar 13 17:09:01 2020
Summary: Recommended update for pam
Severity: moderate
References: 1166510
Description:
This update for PAM fixes the following issue:
- The license of libdb linked against pam_userdb is not always wanted,
so we temporary disabled pam_userdb again. It will be published
in a different package at a later time. (bsc#1166510)
-----------------------------------------
Patch: SUSE-2020-917
Released: Fri Apr 3 15:02:25 2020
Summary: Recommended update for pam
Severity: moderate
References: 1166510
Description:
This update for pam fixes the following issues:
- Moved pam_userdb into a separate package pam-extra. (bsc#1166510)
-----------------------------------------
Patch: SUSE-2020-948
Released: Wed Apr 8 07:44:21 2020
Summary: Security update for gmp, gnutls, libnettle
Severity: moderate
References: 1152692,1155327,1166881,1168345,CVE-2020-11501
Description:
This update for gmp, gnutls, libnettle fixes the following issues:
Security issue fixed:
- CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)
FIPS related bugfixes:
- FIPS: Install checksums for binary integrity verification which are
required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
- FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if
input is shorter than block size. (bsc#1166881)
- FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)
-----------------------------------------
Patch: SUSE-2020-1226
Released: Fri May 8 10:51:05 2020
Summary: Recommended update for gcc9
Severity: moderate
References: 1149995,1152590,1167898
Description:
This update for gcc9 fixes the following issues:
This update ships the GCC 9.3 release.
- Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
- Includes fix for binutils version parsing
- Add libstdc++6-pp provides and conflicts to avoid file conflicts
with same minor version of libstdc++6-pp from gcc10.
- Add gcc9 autodetect -g at lto link (bsc#1149995)
- Install go tool buildid for bootstrapping go
-----------------------------------------
Patch: SUSE-2020-1294
Released: Mon May 18 07:38:36 2020
Summary: Security update for file
Severity: moderate
References: 1154661,1169512,CVE-2019-18218
Description:
This update for file fixes the following issues:
Security issues fixed:
- CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661).
Non-security issue fixed:
- Fixed broken '--help' output (bsc#1169512).
-----------------------------------------
Patch: SUSE-2020-1303
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Severity: moderate
References: 1169582
Description:
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------
Patch: SUSE-2020-1328
Released: Mon May 18 17:16:04 2020
Summary: Recommended update for grep
Severity: moderate
References: 1155271
Description:
This update for grep fixes the following issues:
- Update testsuite expectations, no functional changes (bsc#1155271)
-----------------------------------------
Patch: SUSE-2020-1370
Released: Thu May 21 19:06:00 2020
Summary: Recommended update for systemd-presets-branding-SLE
Severity: moderate
References: 1171656
Description:
This update for systemd-presets-branding-SLE fixes the following issues:
Cleanup of outdated autostart services (bsc#1171656):
- Remove acpid.service. acpid is only available on SLE via openSUSE
backports. In openSUSE acpid.service is *not* autostarted. I see no
reason why it should be on SLE.
- Remove spamassassin.timer. This timer never seems to have existed.
Instead spamassassin ships a 'sa-update.timer'. But it is not
default-enabled and nobody ever complained about this.
- Remove snapd.apparmor.service: This service was proactively added a year
ago, but snapd didn't even make it into openSUSE yet. There's no reason
to keep this entry unless snapd actually enters SLE which is not
foreseeable.
-----------------------------------------
Patch: SUSE-2020-1542
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Severity: moderate
References: 1172055
Description:
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------
Patch: SUSE-2020-1954
Released: Sat Jul 18 03:07:15 2020
Summary: Recommended update for cracklib
Severity: moderate
References: 1172396
Description:
This update for cracklib fixes the following issues:
- Fixed a buffer overflow when processing long words.
-----------------------------------------
Patch: SUSE-2020-2006
Released: Wed Jul 22 16:00:52 2020
Summary: Recommended update for postgresql, postgresql12
Severity: moderate
References: 1148643,1171924
Description:
This update for postgresql, postgresql12 fixes the following issues:
Postgresql12 was updated to 12.3 (bsc#1171924).
- https://www.postgresql.org/about/news/2038/
- https://www.postgresql.org/docs/12/release-12-3.html
- Let postgresqlXX conflict with postgresql-noarch < 12.0.1 to get
a clean and complete cutover to the new packaging schema.
Also changed in the postgresql wrapper package:
- Bump version to 12.0.1, so that the binary packages also have
a cut-point to conflict with.
- Conflict with versions of the binary packages prior to the
May 2020 update, because we changed the package layout at that
point and need a clean cutover.
- Bump package version to 12, but leave default at 10 for
SLE-15 and SLE-15-SP1.
-----------------------------------------
Patch: SUSE-2020-2083
Released: Thu Jul 30 10:27:59 2020
Summary: Recommended update for diffutils
Severity: moderate
References: 1156913
Description:
This update for diffutils fixes the following issue:
- Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913)
-----------------------------------------
Patch: SUSE-2020-2265
Released: Tue Aug 18 12:08:55 2020
Summary: Security update for postgresql12
Severity: important
References: 1175193,1175194,CVE-2020-14349,CVE-2020-14350
Description:
This update for postgresql12 fixes the following issues:
- update to 12.4:
* CVE-2020-14349, bsc#1175193: Set a secure search_path in
logical replication walsenders and apply workers
* CVE-2020-14350, bsc#1175194: Make contrib modules' installation
scripts more secure.
* https://www.postgresql.org/docs/12/release-12-4.html
-----------------------------------------
Patch: SUSE-2020-2947
Released: Fri Oct 16 15:23:07 2020
Summary: Security update for gcc10, nvptx-tools
Severity: moderate
References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844
Description:
This update for gcc10, nvptx-tools fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by
the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them
via:
CC=gcc-10
CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
Changes in nvptx-tools:
- Enable build on aarch64
-----------------------------------------
Patch: SUSE-2020-2983
Released: Wed Oct 21 15:03:03 2020
Summary: Recommended update for file
Severity: moderate
References: 1176123
Description:
This update for file fixes the following issues:
- Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123)
-----------------------------------------
Patch: SUSE-2020-3099
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------
Patch: SUSE-2020-3123
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Severity: important
References: 1177460,1178346,1178350,1178353
Description:
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------
Patch: SUSE-2020-3462
Released: Fri Nov 20 13:14:35 2020
Summary: Recommended update for pam and sudo
Severity: moderate
References: 1174593,1177858,1178727
Description:
This update for pam and sudo fixes the following issue:
pam:
- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)
sudo:
- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)
-----------------------------------------
Patch: SUSE-2020-3463
Released: Fri Nov 20 13:49:58 2020
Summary: Security update for postgresql12
Severity: important
References: 1178666,1178667,1178668,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696
Description:
This update for postgresql12 fixes the following issues:
- Upgrade to version 12.5:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/12/release-12-5.html
- Stop building the mini and lib packages as they are now coming
from postgresql13.
-----------------------------------------
Patch: SUSE-2020-3620
Released: Thu Dec 3 17:03:55 2020
Summary: Recommended update for pam
Severity: moderate
References:
Description:
This update for pam fixes the following issues:
- Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
- Check whether the password contains a substring of of the user's name of at least `<N>` characters length in
some form. This is enabled by the new parameter `usersubstr=<N>`
-----------------------------------------
Patch: SUSE-2020-3791
Released: Mon Dec 14 17:39:19 2020
Summary: Recommended update for gzip
Severity: moderate
References:
Description:
This update for gzip fixes the following issue:
- Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775)
Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`.
-----------------------------------------
Patch: SUSE-2020-3942
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Severity: moderate
References: 1180138
Description:
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------
Patch: SUSE-2021-105
Released: Tue Jan 12 19:50:06 2021
Summary: Recommended update for postgresql12
Severity: low
References: 1178961
Description:
This update for postgresql12 fixes the following issues:
- Marked symlinks to pg_config and ecpg as ghost files, so that rpm doesn't complain
when they are not there (bsc#1178961)
-----------------------------------------
Patch: SUSE-2021-175
Released: Wed Jan 20 09:23:50 2021
Summary: Security update for postgresql, postgresql13
Severity: moderate
References: 1178666,1178667,1178668,1178961,CVE-2020-25694,CVE-2020-25695,CVE-2020-25696
Description:
This update for postgresql, postgresql13 fixes the following issues:
This update ships postgresql13.
Upgrade to version 13.1:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/13/release-13-1.html
Initial packaging of PostgreSQL 13:
* https://www.postgresql.org/about/news/2077/
* https://www.postgresql.org/docs/13/release-13.html
- bsc#1178961: %ghost the symlinks to pg_config and ecpg.
Changes in postgresql wrapper package:
- Bump major version to 13.
- We also transfer PostgreSQL 9.4.26 to the new package layout in
SLE12-SP2 and newer. Reflect this in the conflict with
postgresql94.
- Also conflict with PostgreSQL versions before 9.
- Conflicting with older versions is not limited to SLE.
-----------------------------------------
Patch: SUSE-2021-179
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------
Patch: SUSE-2021-220
Released: Tue Jan 26 14:00:51 2021
Summary: Recommended update for keyutils
Severity: moderate
References: 1180603
Description:
This update for keyutils fixes the following issues:
- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)
-----------------------------------------
Patch: SUSE-2021-293
Released: Wed Feb 3 12:52:34 2021
Summary: Recommended update for gmp
Severity: moderate
References: 1180603
Description:
This update for gmp fixes the following issues:
- correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)
-----------------------------------------
Patch: SUSE-2021-301
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------
Patch: SUSE-2021-339
Released: Mon Feb 8 13:16:07 2021
Summary: Optional update for pam
Severity: low
References:
Description:
This update for pam fixes the following issues:
- Added rpm macros for this package, so that other packages can make use of it
This patch is optional to be installed - it doesn't fix any bugs.
-----------------------------------------
Patch: SUSE-2021-543
Released: Mon Feb 22 13:54:49 2021
Summary: Security update for postgresql13
Severity: moderate
References: 1179765,1182039,1182040,CVE-2021-20229,CVE-2021-3393
Description:
This update for postgresql13 fixes the following issues:
Upgrade to version 13.2:
* Updating stored views and reindexing might be needed after applying this update.
* CVE-2021-3393, bsc#1182040: Fix information leakage in constraint-violation error messages.
* CVE-2021-20229, bsc#1182039: Fix failure to check per-column SELECT privileges in some join queries.
-----------------------------------------
Patch: SUSE-2021-924
Released: Tue Mar 23 10:00:49 2021
Summary: Recommended update for filesystem
Severity: moderate
References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094
Description:
This update for filesystem the following issues:
- Remove duplicate line due to merge error
- Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
- Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
- Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
- Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)
This update for systemd fixes the following issues:
- Fix for a possible memory leak. (bsc#1180020)
- Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
- Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
- Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
- Don't use shell redirections when calling a rpm macro. (bsc#1183094)
- 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)
-----------------------------------------
Patch: SUSE-2021-927
Released: Tue Mar 23 14:07:06 2021
Summary: Recommended update for libreoffice
Severity: moderate
References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790
Description:
This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790)
libreoffice:
- Image shown with different aspect ratio (bsc#1176547)
- Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644)
- Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375)
- Wrong bullet points in Impress (bsc#1174465)
- SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955)
- Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471)
- SUSE Mint
- SUSE Midnight Blue
- SUSE Waterhole Blue
- SUSE Persimmon
- Fix a crash opening a PPTX. (bsc#1179025)
- Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807)
- Shadow effects for table completely missing (bsc#1178944, bsc#1178943)
- Disable firebird integration for the time being (bsc#1179203)
- Fixes hang on Writer on scrolling/saving of a document (bsc#1136234)
- Wrong rendering of bulleted lists in PPTX document (bsc#1155141)
- Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404)
- Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658)
libixion:
Update to 0.16.1:
- fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values.
- worked around floating point rounding errors which prevented two theoretically-equal numeric values from being
evaluated as equal in test code.
- added new function to allow printing of single formula tokens.
- added method for setting cached results on formula cells in model_context.
- changed the model_context design to ensure that all sheets are of the same size.
- added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns
a string value from cell.
- added cell_access class for querying of cell states without knowing its type ahead of time.
- added document class which provides a layer on top of model_context, to abstract away the handling of formula
calculations.
- deprecated model_context::erase_cell() in favor of empty_cell().
- added support for 3D references - references that contain multiple sheets.
- added support for the exponent (^) and concatenation (&) operators.
- fixed incorrect handling of range references containing whole columns such as A:A.
- added support for unordered range references - range references whose start row or column is greater than
their end position counterparts, such as A3:A1.
- fixed a bug that prevented nested formula functions from working properly.
- implemented Calc A1 style reference resolver.
- formula results now directly store the string values when the results are of string type.
They previously stored string ID values after interning the original strings.
- Removed build-time dependency on spdlog.
libmwaw:
Update to 0.3.17:
- add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file
still contains its resource fork
- add a parser for Canvas 3 and 3.5 files
- AppleWorks parser: try to retrieve more Windows presentation
- add a parser for Drawing Table files
- add a parser for Canvas 2 files
- API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29`
and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined
- remove the QuarkXPress parser (must be in libqxp)
- retrieve the annotation in MsWord 5 document
- try to better understand RagTime 5-6 document
libnumbertext:
Update to 1.0.6
liborcus:
Update to 0.16.1
- Add upstream changes to fix build with GCC 11 (bsc#1181872)
libstaroffice:
Update to 0.0.7:
- fix `text:sender-lastname` when creating meta-data
libwps:
Update to 0.4.11:
- XYWrite: add a parser to .fil v2 and v4 files
- wks,wk1: correct some problems when retrieving cell's reference.
glfw:
New package provided on version 3.3.2:
- See also: https://www.glfw.org/changelog.html
- Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090)
* Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h
* glfwFocusWindow could terminate on older WMs or without a WM
* Creating an undecorated window could fail with BadMatch
* Querying a disconnected monitor could segfault
* Video modes with a duplicate screen area were discarded
* The CMake files did not check for the XInput headers
* Key names were not updated when the keyboard layout changed
* Decorations could not be enabled after window creation
* Content scale fallback value could be inconsistent
* Disabled cursor mode was interrupted by indicator windows
* Monitor physical dimensions could be reported as zero mm
* Window position events were not emitted during resizing
* Added on-demand loading of Vulkan and context creation API libraries
* [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was
set to `GLFW_DONT_CARE`
* [X11] Bugfix: Input focus was set before window was visible,
causing BadMatch on some non-reparenting WMs
* [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on
the window frame instead of the client area
* [WGL] Added reporting of errors from `WGL_ARB_create_context` extension
* [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries
* [EGL] Bugfix: Dynamically loaded entry points were not verified
- Made build of geany-tags optional.
Box2D:
New package provided on version 2.4.1:
* Extended distance joint to have a minimum and maximum limit.
* `B2_USER_SETTINGS` and `b2_user_settings.h` can control user
data, length units, and maximum polygon vertices.
* Default user data is now uintptr_t instead of void*
* b2FixtureDef::restitutionThreshold lets you set the
restitution velocity threshold per fixture.
* Collision
* Chain and edge shape must now be one-sided to eliminate ghost
collisions
* Broad-phase optimizations
* Added b2ShapeCast for linear shape casting
* Dynamics
* Joint limits are now predictive and not stateful
* Experimental 2D cloth (rope)
* b2Body::SetActive -> b2Body::SetEnabled
* Better support for running multiple worlds
* Handle zero density better
* The body behaves like a static body
* The body is drawn with a red color
* Added translation limit to wheel joint
* World dump now writes to box2d_dump.inl
* Static bodies are never awake
* All joints with spring-dampers now use stiffness and damping
* Added utility functions to convert frequency and damping
ratio to stiffness and damping
* Polygon creation now computes the convex hull.
* The convex hull code will merge vertices closer than dm_linearSlop.
-----------------------------------------
Patch: SUSE-2021-930
Released: Wed Mar 24 12:09:23 2021
Summary: Security update for nghttp2
Severity: important
References: 1172442,1181358,CVE-2020-11080
Description:
This update for nghttp2 fixes the following issues:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)
-----------------------------------------
Patch: SUSE-2021-974
Released: Mon Mar 29 19:31:27 2021
Summary: Security update for tar
Severity: low
References: 1181131,CVE-2021-20193
Description:
This update for tar fixes the following issues:
CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131)
-----------------------------------------
Patch: SUSE-2021-1018
Released: Tue Apr 6 14:29:13 2021
Summary: Recommended update for gzip
Severity: moderate
References: 1180713
Description:
This update for gzip fixes the following issues:
- Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)
-----------------------------------------
Patch: SUSE-2021-1289
Released: Wed Apr 21 14:02:46 2021
Summary: Recommended update for gzip
Severity: moderate
References: 1177047
Description:
This update for gzip fixes the following issues:
- Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)
-----------------------------------------
Patch: SUSE-2021-1449
Released: Fri Apr 30 08:08:25 2021
Summary: Recommended update for systemd-presets-branding-SLE
Severity: moderate
References: 1165780
Description:
This update for systemd-presets-branding-SLE fixes the following issues:
- Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780)
-----------------------------------------
Patch: SUSE-2021-1643
Released: Wed May 19 13:51:48 2021
Summary: Recommended update for pam
Severity: important
References: 1181443,1184358,1185562
Description:
This update for pam fixes the following issues:
- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)
-----------------------------------------
Patch: SUSE-2021-1785
Released: Thu May 27 16:44:19 2021
Summary: Security update for postgresql13
Severity: moderate
References: 1179945,1183118,1183168,1185924,1185925,1185926,CVE-2021-32027,CVE-2021-32028,CVE-2021-32029
Description:
This update for postgresql13 fixes the following issues:
- Upgrade to version 13.3:
- CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924).
- CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925).
- CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING outputs for joined cross-partition updates (bsc#1185926).
- Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168).
- Re-enable build of the llvmjit subpackage on SLE, but it will only be delivered on PackageHub for now (bsc#1183118).
- Disable icu for PostgreSQL 10 (and older) on TW (bsc#1179945).
-----------------------------------------
Patch: SUSE-2021-1861
Released: Fri Jun 4 09:59:40 2021
Summary: Recommended update for gcc10
Severity: moderate
References: 1029961,1106014,1178577,1178624,1178675,1182016
Description:
This update for gcc10 fixes the following issues:
- Disable nvptx offloading for aarch64 again since it doesn't work
- Fixed a build failure issue. (bsc#1182016)
- Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
- Fix 32bit 'libgnat.so' link. (bsc#1178675)
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
- Build complete set of multilibs for arm-none target. (bsc#1106014)
-----------------------------------------
Patch: SUSE-2021-1935
Released: Thu Jun 10 10:45:09 2021
Summary: Recommended update for gzip
Severity: moderate
References: 1186642
Description:
This update for gzip fixes the following issue:
- gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead
to migration issues. (bsc#1186642)
-----------------------------------------
Patch: SUSE-2021-1937
Released: Thu Jun 10 10:47:09 2021
Summary: Recommended update for nghttp2
Severity: moderate
References: 1186642
Description:
This update for nghttp2 fixes the following issue:
- The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead
to migration issues. (bsc#1186642)
-----------------------------------------
Patch: SUSE-2021-2173
Released: Mon Jun 28 14:59:45 2021
Summary: Recommended update for automake
Severity: moderate
References: 1040589,1047218,1182604,1185540,1186049
Description:
This update for automake fixes the following issues:
- Implement generated autoconf makefiles reproducible (bsc#1182604)
- Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
- Avoid bashisms in test-driver script. (bsc#1185540)
This update for pcre fixes the following issues:
- Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)
This update for brp-check-suse fixes the following issues:
- Add fixes to support reproducible builds. (bsc#1186049)
-----------------------------------------
Patch: SUSE-2021-2193
Released: Mon Jun 28 18:38:43 2021
Summary: Recommended update for tar
Severity: moderate
References: 1184124
Description:
This update for tar fixes the following issues:
- Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124)
-----------------------------------------
Patch: SUSE-2021-2196
Released: Tue Jun 29 09:41:39 2021
Summary: Security update for lua53
Severity: moderate
References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371
Description:
This update for lua53 fixes the following issues:
Update to version 5.3.6:
- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
-----------------------------------------
Patch: SUSE-2021-2290
Released: Fri Jul 9 19:03:39 2021
Summary: Recommended update for postgresql13
Severity: moderate
References: 1183118,1187751
Description:
This update for postgresql13 fixes the following issue:
- reduce requirement of clang and llvm to recommends in 'postgresql13-server-devel'.
-----------------------------------------
Patch: SUSE-2021-2456
Released: Thu Jul 22 15:28:39 2021
Summary: Recommended update for pam-config
Severity: moderate
References: 1187091
Description:
This update for pam-config fixes the following issues:
- Add 'revoke' to the option list for 'pam_keyinit'.
- Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091)
-----------------------------------------
Patch: SUSE-2021-2573
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1188127
Description:
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------
Patch: SUSE-2021-2627
Released: Thu Aug 5 12:10:46 2021
Summary: Recommended maintenance update for systemd-default-settings
Severity: moderate
References: 1188348
Description:
This update for systemd-default-settings fixes the following issue:
- Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)
-----------------------------------------
Patch: SUSE-2021-3001
Released: Thu Sep 9 15:08:13 2021
Summary: Recommended update for netcfg
Severity: moderate
References: 1189683
Description:
This update for netcfg fixes the following issues:
- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]
-----------------------------------------
Patch: SUSE-2021-3182
Released: Tue Sep 21 17:04:26 2021
Summary: Recommended update for file
Severity: moderate
References: 1189996
Description:
This update for file fixes the following issues:
- Fixes exception thrown by memory allocation problem (bsc#1189996)
-----------------------------------------
Patch: SUSE-2021-3203
Released: Thu Sep 23 14:41:35 2021
Summary: Recommended update for kmod
Severity: moderate
References: 1189537,1190190
Description:
This update for kmod fixes the following issues:
- Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190).
- Enable support for ZSTD compressed modules
- Display module information even for modules built into the running kernel (bsc#1189537)
- '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well.
- Remove test patches included in release 29
- Update to release 29
* Fix `modinfo -F` not working for built-in modules and certain fields.
* Fix a memory leak, overflow and double free on error path.
-----------------------------------------
Patch: SUSE-2021-3255
Released: Wed Sep 29 16:29:48 2021
Summary: Security update for postgresql13
Severity: moderate
References: 1179945,1185952,1187751,1189748,CVE-2021-3677
Description:
This update for postgresql13 fixes the following issues:
- CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748).
- Fixed build with llvm12 on s390x (bsc#1185952).
- Re-enabled icu for PostgreSQL 10 (bsc#1179945).
- Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751).
- llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952).
-----------------------------------------
Patch: SUSE-2021-3291
Released: Wed Oct 6 16:45:36 2021
Summary: Security update for glibc
Severity: moderate
References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942
Description:
This update for glibc fixes the following issues:
- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).
-----------------------------------------
Patch: SUSE-2021-3490
Released: Wed Oct 20 16:31:55 2021
Summary: Security update for ncurses
Severity: moderate
References: 1190793,CVE-2021-39537
Description:
This update for ncurses fixes the following issues:
- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)
-----------------------------------------
Patch: SUSE-2021-3494
Released: Wed Oct 20 16:48:46 2021
Summary: Recommended update for pam
Severity: moderate
References: 1190052
Description:
This update for pam fixes the following issues:
- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)
-----------------------------------------
Patch: SUSE-2021-3510
Released: Tue Oct 26 11:22:15 2021
Summary: Recommended update for pam
Severity: important
References: 1191987
Description:
This update for pam fixes the following issues:
- Fixed a bad directive file which resulted in
the 'securetty' file to be installed as 'macros.pam'.
(bsc#1191987)
-----------------------------------------
Patch: SUSE-2021-3529
Released: Wed Oct 27 09:23:32 2021
Summary: Security update for pcre
Severity: moderate
References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155
Description:
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)
-----------------------------------------
Patch: SUSE-2021-3599
Released: Wed Nov 3 10:29:54 2021
Summary: Recommended update for postgresql, postgresql13, postgresql14
Severity: moderate
References:
Description:
This update for postgresql, postgresql13, postgresql14 fixes the following issues:
This update ships postgresql14. (jsc#SLE-20675 jsc#SLE-20676)
Feature changes in postgresql14:
- https://www.postgresql.org/about/news/postgresql-14-released-2318/
- https://www.postgresql.org/docs/14/release-14.html
Changes in postgresql13:
- Stop building the mini and lib packages as they are now coming
from postgresql14.
Changes in postgresql:
- Bump version to 14, leave default at 12.
-----------------------------------------
Patch: SUSE-2021-3759
Released: Mon Nov 22 09:40:19 2021
Summary: Security update for postgresql14
Severity: important
References: 1191782,1192516,CVE-2021-23214,CVE-2021-23222
Description:
This update for postgresql14 fixes the following issues:
- CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake (bsc#1192516).
- Let rpmlint ignore shlib-policy-name-error (boo#1191782).
-----------------------------------------
Patch: SUSE-2021-3792
Released: Wed Nov 24 06:12:09 2021
Summary: Recommended update for kmod
Severity: moderate
References: 1192104
Description:
This update for kmod fixes the following issues:
- Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256)
-----------------------------------------
Patch: SUSE-2021-3799
Released: Wed Nov 24 18:07:54 2021
Summary: Recommended update for gcc11
Severity: moderate
References: 1187153,1187273,1188623
Description:
This update for gcc11 fixes the following issues:
The additional GNU compiler collection GCC 11 is provided:
To select these compilers install the packages:
- gcc11
- gcc-c++11
- and others with 11 prefix.
to select them for building:
- CC='gcc-11'
- CXX='g++-11'
The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants.
-----------------------------------------
Patch: SUSE-2021-3872
Released: Thu Dec 2 07:25:55 2021
Summary: Recommended update for cracklib
Severity: moderate
References: 1191736
Description:
This update for cracklib fixes the following issues:
- Enable build time tests (bsc#1191736)
-----------------------------------------
Patch: SUSE-2021-3883
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------
Patch: SUSE-2021-3891
Released: Fri Dec 3 10:21:49 2021
Summary: Recommended update for keyutils
Severity: moderate
References: 1029961,1113013,1187654
Description:
This update for keyutils fixes the following issues:
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
keyutils was updated to 1.6.3 (jsc#SLE-20016):
* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes.
Updated to 1.6:
* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore
Updated to 1.5.11 (bsc#1113013)
* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records
-----------------------------------------
Patch: SUSE-2021-3942
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Severity: moderate
References: 1175825,CVE-2020-8927
Description:
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------
Patch: SUSE-2021-3946
Released: Mon Dec 6 14:57:42 2021
Summary: Security update for gmp
Severity: moderate
References: 1192717,CVE-2021-43618
Description:
This update for gmp fixes the following issues:
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).
-----------------------------------------
Patch: SUSE-2021-3980
Released: Thu Dec 9 16:42:19 2021
Summary: Recommended update for glibc
Severity: moderate
References: 1191592
Description:
glibc was updated to fix the following issue:
- Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)
-----------------------------------------
Patch: SUSE-2021-4165
Released: Wed Dec 22 22:52:11 2021
Summary: Recommended update for kmod
Severity: moderate
References: 1193430
Description:
This update for kmod fixes the following issues:
- Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430)
-----------------------------------------
Patch: SUSE-2022-184
Released: Tue Jan 25 18:20:56 2022
Summary: Security update for json-c
Severity: important
References: 1171479,CVE-2020-12762
Description:
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479)
-----------------------------------------
Patch: SUSE-2022-207
Released: Thu Jan 27 09:24:49 2022
Summary: Recommended update for glibc
Severity: moderate
References:
Description:
This update for glibc fixes the following issues:
- Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049).
-----------------------------------------
Patch: SUSE-2022-330
Released: Fri Feb 4 09:29:08 2022
Summary: Security update for glibc
Severity: important
References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219
Description:
This update for glibc fixes the following issues:
- CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640)
- CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770)
Features added:
- IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195)
-----------------------------------------
Patch: SUSE-2022-692
Released: Thu Mar 3 15:46:47 2022
Summary: Recommended update for filesystem
Severity: moderate
References: 1190447
Description:
This update for filesystem fixes the following issues:
- Release ported filesystem to LTSS channels (bsc#1190447).
-----------------------------------------
Patch: SUSE-2022-789
Released: Thu Mar 10 11:22:05 2022
Summary: Recommended update for update-alternatives
Severity: moderate
References: 1195654
Description:
This update for update-alternatives fixes the following issues:
- Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)
-----------------------------------------
Patch: SUSE-2022-861
Released: Tue Mar 15 23:30:48 2022
Summary: Recommended update for openssl-1_1
Severity: moderate
References: 1182959,1195149,1195792,1195856
Description:
This update for openssl-1_1 fixes the following issues:
openssl-1_1:
- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
glibc:
- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
linux-glibc-devel:
- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1
libxcrypt:
- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1
zlib:
- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1
-----------------------------------------
Patch: SUSE-2022-936
Released: Tue Mar 22 18:10:17 2022
Summary: Recommended update for filesystem and systemd-rpm-macros
Severity: moderate
References: 1196275,1196406
Description:
This update for filesystem and systemd-rpm-macros fixes the following issues:
filesystem:
- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
systemd-rpm-macros:
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)
-----------------------------------------
Patch: SUSE-2022-1047
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Severity: moderate
References: 1196093,1197024
Description:
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------
Patch: SUSE-2022-1118
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------
Patch: SUSE-2022-1158
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Severity: important
References: 1198062,CVE-2022-1271
Description:
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------
Patch: SUSE-2022-1281
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Severity: moderate
References: 1196647
Description:
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------
Patch: SUSE-2022-1374
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Severity: moderate
References: 1191157,1197004
Description:
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------
Patch: SUSE-2022-1409
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Severity: moderate
References: 1195628,1196107
Description:
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------
Patch: SUSE-2022-1451
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Severity: moderate
References: 1193489
Description:
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------
Patch: SUSE-2022-1463
Released: Fri Apr 29 09:39:45 2022
Summary: Recommended update for postgresql13
Severity: moderate
References: 1190740,1195680
Description:
This update for postgresql13 fixes the following issues:
- Upgrade to 14.2: (bsc#1195680)
* https://www.postgresql.org/docs/14/release-14-2.html
* Reindexing might be needed after applying this upgrade, so
please read the release notes carefully.
- Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740)
- Add a llvmjit-devel subpackage to pull in the right versions
of clang and llvm for building extensions.
- Fix some mistakes in the interdependencies between the
implementation packages and their noarch counterpart.
- Update the BuildIgnore section.
-----------------------------------------
Patch: SUSE-2022-1548
Released: Thu May 5 16:45:28 2022
Summary: Security update for tar
Severity: moderate
References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193
Description:
This update for tar fixes the following issues:
- CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131).
- CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496).
- CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610).
- Update to GNU tar 1.34:
* Fix extraction over pipe
* Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131)
* Fix extraction when . and .. are unreadable
* Gracefully handle duplicate symlinks when extracting
* Re-initialize supplementary groups when switching to user
privileges
- Update to GNU tar 1.33:
* POSIX extended format headers do not include PID by default
* --delay-directory-restore works for archives with reversed
member ordering
* Fix extraction of a symbolic link hardlinked to another
symbolic link
* Wildcards in exclude-vcs-ignore mode don't match slash
* Fix the --no-overwrite-dir option
* Fix handling of chained renames in incremental backups
* Link counting works for file names supplied with -T
* Accept only position-sensitive (file-selection) options in file
list files
- prepare usrmerge (bsc#1029961)
- Update to GNU 1.32
* Fix the use of --checkpoint without explicit --checkpoint-action
* Fix extraction with the -U option
* Fix iconv usage on BSD-based systems
* Fix possible NULL dereference (savannah bug #55369)
[bsc#1130496] [CVE-2019-9923]
* Improve the testsuite
- Update to GNU 1.31
* Fix heap-buffer-overrun with --one-top-level, bug introduced
with the addition of that option in 1.28
* Support for zstd compression
* New option '--zstd' instructs tar to use zstd as compression
program. When listing, extractng and comparing, zstd compressed
archives are recognized automatically. When '-a' option is in
effect, zstd compression is selected if the destination archive
name ends in '.zst' or '.tzst'.
* The -K option interacts properly with member names given in the
command line. Names of members to extract can be specified along
with the '-K NAME' option. In this case, tar will extract NAME
and those of named members that appear in the archive after it,
which is consistent with the semantics of the option. Previous
versions of tar extracted NAME, those of named members that
appeared before it, and everything after it.
* Fix CVE-2018-20482 - When creating archives with the --sparse
option, previous versions of tar would loop endlessly if a
sparse file had been truncated while being archived.
-----------------------------------------
Patch: SUSE-2022-1617
Released: Tue May 10 14:40:12 2022
Summary: Security update for gzip
Severity: important
References: 1198062,1198922,CVE-2022-1271
Description:
This update for gzip fixes the following issues:
- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)
-----------------------------------------
Patch: SUSE-2022-1655
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Severity: moderate
References: 1197794
Description:
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------
Patch: SUSE-2022-1658
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Severity: important
References: 1197771
Description:
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------
Patch: SUSE-2022-1670
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Severity: important
References: 1199240,CVE-2022-29155
Description:
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------
Patch: SUSE-2022-1718
Released: Tue May 17 17:44:43 2022
Summary: Security update for e2fsprogs
Severity: important
References: 1198446,CVE-2022-1304
Description:
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------
Patch: SUSE-2022-1887
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Severity: moderate
References: 1040589
Description:
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------
Patch: SUSE-2022-1899
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Severity: important
References: 1198176
Description:
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------
Patch: SUSE-2022-1908
Released: Wed Jun 1 15:31:33 2022
Summary: Security update for postgresql14
Severity: important
References: 1199475,CVE-2022-1552
Description:
This update for postgresql14 fixes the following issues:
- CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes (bsc#1199475).
-----------------------------------------
Patch: SUSE-2022-1909
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Severity: moderate
References: 1198751
Description:
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------
Patch: SUSE-2022-2019
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
Description:
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------
Patch: SUSE-2022-2294
Released: Wed Jul 6 13:34:15 2022
Summary: Security update for expat
Severity: important
References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
Description:
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
-----------------------------------------
Patch: SUSE-2022-2305
Released: Wed Jul 6 13:38:42 2022
Summary: Security update for curl
Severity: important
References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208
Description:
This update for curl fixes the following issues:
- CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------
Patch: SUSE-2022-2323
Released: Thu Jul 7 12:16:58 2022
Summary: Recommended update for systemd-presets-branding-SLE
Severity: low
References:
Description:
This update for systemd-presets-branding-SLE fixes the following issues:
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
-----------------------------------------
Patch: SUSE-2022-2361
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Severity: important
References: 1199232,CVE-2022-1586
Description:
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------
Patch: SUSE-2022-2406
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Severity: moderate
References: 1197718,1199140,1200334,1200855
Description:
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------
Patch: SUSE-2022-2469
Released: Thu Jul 21 04:38:31 2022
Summary: Recommended update for systemd
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276
Description:
This update for systemd fixes the following issues:
- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these
directories are read by both udevd and systemd-networkd (bsc#1201276)
- Allow control characters in environment variable values (bsc#1200170)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
-----------------------------------------
Patch: SUSE-2022-2493
Released: Thu Jul 21 14:35:08 2022
Summary: Recommended update for rpm-config-SUSE
Severity: moderate
References: 1193282
Description:
This update for rpm-config-SUSE fixes the following issues:
- Add SBAT values macros for other packages (bsc#1193282)
-----------------------------------------
Patch: SUSE-2022-2494
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Severity: important
References: 1200855,1201560,1201640
Description:
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------
Patch: SUSE-2022-2632
Released: Wed Aug 3 09:51:00 2022
Summary: Security update for permissions
Severity: important
References: 1198720,1200747,1201385
Description:
This update for permissions fixes the following issues:
* apptainer: fix starter-suid location (bsc#1198720)
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
-----------------------------------------
Patch: SUSE-2022-2717
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Severity: moderate
References: 1198627,CVE-2022-29458
Description:
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------
Patch: SUSE-2022-2735
Released: Wed Aug 10 04:31:41 2022
Summary: Recommended update for tar
Severity: moderate
References: 1200657
Description:
This update for tar fixes the following issues:
- Fix race condition while creating intermediate subdirectories (bsc#1200657)
-----------------------------------------
Patch: SUSE-2022-2796
Released: Fri Aug 12 14:34:31 2022
Summary: Recommended update for jitterentropy
Severity: moderate
References:
Description:
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
-----------------------------------------
Patch: SUSE-2022-2844
Released: Thu Aug 18 14:41:25 2022
Summary: Recommended update for tar
Severity: important
References: 1202436
Description:
This update for tar fixes the following issues:
- A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436)
-----------------------------------------
Patch: SUSE-2022-2901
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Severity: moderate
References:
Description:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------
Patch: SUSE-2022-2904
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Severity: moderate
References: 1198341
Description:
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------
Patch: SUSE-2022-2920
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Severity: important
References: 1195059,1201795
Description:
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
-----------------------------------------
Patch: SUSE-2022-2929
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Severity: important
References: 1202310
Description:
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------
Patch: SUSE-2022-2989
Released: Thu Sep 1 14:24:28 2022
Summary: Security update for postgresql14
Severity: important
References: 1198166,1200437,1202368,CVE-2022-2625
Description:
This update for postgresql14 fixes the following issues:
- Upgrade to version 14.5:
- CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368).
- Upgrade to version 14.4 (bsc#1200437)
- Release notes: https://www.postgresql.org/docs/release/14.4/
- Release announcement: https://www.postgresql.org/about/news/p-2470/
- Prevent possible corruption of indexes created or rebuilt with the CONCURRENTLY option (bsc#1200437)
- Pin to llvm13 until the next patchlevel update (bsc#1198166)
-----------------------------------------
Patch: SUSE-2022-3003
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Severity: low
References: 1202593,CVE-2022-35252
Description:
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------
Patch: SUSE-2022-3127
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Severity: moderate
References: 1198752,1200800
Description:
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------
Patch: SUSE-2022-3142
Released: Wed Sep 7 09:54:18 2022
Summary: Security update for icu
Severity: moderate
References: 1193951,CVE-2020-21913
Description:
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
-----------------------------------------
Patch: SUSE-2022-3262
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Severity: moderate
References: 1199140
Description:
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------
Patch: SUSE-2022-3271
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Severity: moderate
References: 1047178,CVE-2017-6512
Description:
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------
Patch: SUSE-2022-3305
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Severity: important
References: 1201680,CVE-2021-46828
Description:
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------
Patch: SUSE-2022-3328
Released: Wed Sep 21 12:48:56 2022
Summary: Recommended update for jitterentropy
Severity: moderate
References: 1202870
Description:
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
-----------------------------------------
Patch: SUSE-2022-3353
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Severity: moderate
References: 1203018,CVE-2022-31252
Description:
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
-----------------------------------------
Patch: SUSE-2022-3452
Released: Wed Sep 28 12:13:43 2022
Summary: Recommended update for glibc
Severity: moderate
References: 1201942
Description:
This update for glibc fixes the following issues:
- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)
-----------------------------------------
Patch: SUSE-2022-3489
Released: Sat Oct 1 13:35:24 2022
Summary: Security update for expat
Severity: important
References: 1203438,CVE-2022-40674
Description:
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
-----------------------------------------
Patch: SUSE-2022-3555
Released: Mon Oct 10 14:05:12 2022
Summary: Recommended update for aaa_base
Severity: important
References: 1199492
Description:
This update for aaa_base fixes the following issues:
- The wrapper rootsh is not a restricted shell. (bsc#1199492)
-----------------------------------------
Patch: SUSE-2022-3785
Released: Wed Oct 26 20:20:19 2022
Summary: Security update for curl
Severity: important
References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916
Description:
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
- CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).
-----------------------------------------
Patch: SUSE-2022-3787
Released: Thu Oct 27 04:41:09 2022
Summary: Recommended update for permissions
Severity: important
References: 1194047,1203911
Description:
This update for permissions fixes the following issues:
- Fix regression introduced by backport of security fix (bsc#1203911)
- Add permissions for enlightenment helper on 32bit arches (bsc#1194047)
-----------------------------------------
Patch: SUSE-2022-3806
Released: Thu Oct 27 17:21:11 2022
Summary: Security update for dbus-1
Severity: important
References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012
Description:
This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).
-----------------------------------------
Patch: SUSE-2022-3884
Released: Mon Nov 7 10:59:26 2022
Summary: Security update for expat
Severity: important
References: 1204708,CVE-2022-43680
Description:
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
-----------------------------------------
Patch: SUSE-2022-3910
Released: Tue Nov 8 13:05:04 2022
Summary: Recommended update for pam
Severity: moderate
References:
Description:
This update for pam fixes the following issue:
- Update pam_motd to the most current version. (PED-1712)
-----------------------------------------
Patch: SUSE-2022-3999
Released: Tue Nov 15 17:08:04 2022
Summary: Security update for systemd
Severity: moderate
References: 1204179,1204968,CVE-2022-3821
Description:
This update for systemd fixes the following issues:
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
- Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428
* 0469b9f2bc pstore: do not try to load all known pstore modules
* ad05f54439 pstore: Run after modules are loaded
* ccad817445 core: Add trigger limit for path units
* 281d818fe3 core/mount: also add default before dependency for automount mount units
* ffe5b4afa8 logind: fix crash in logind on user-specified message string
- Document udev naming scheme (bsc#1204179)
- Make 'sle15-sp3' net naming scheme still available for backward compatibility
reason
-----------------------------------------
Patch: SUSE-2022-4066
Released: Fri Nov 18 10:43:00 2022
Summary: Recommended update for timezone
Severity: important
References: 1177460,1202324,1204649,1205156
Description:
This update for timezone fixes the following issues:
Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):
- Mexico will no longer observe DST except near the US border
- Chihuahua moves to year-round -06 on 2022-10-30
- Fiji no longer observes DST
- In vanguard form, GMT is now a Zone and Etc/GMT a link
- zic now supports links to links, and vanguard form uses this
- Simplify four Ontario zones
- Fix a Y2438 bug when reading TZif data
- Enable 64-bit time_t on 32-bit glibc platforms
- Omit large-file support when no longer needed
- Jordan and Syria switch from +02/+03 with DST to year-round +03
- Palestine transitions are now Saturdays at 02:00
- Simplify three Ukraine zones into one
- Improve tzselect on intercontinental Zones
- Chile's DST is delayed by a week in September 2022 (bsc#1202324)
- Iran no longer observes DST after 2022
- Rename Europe/Kiev to Europe/Kyiv
- New `zic -R` command option
- Vanguard form now uses %z
-----------------------------------------
Patch: SUSE-2022-4081
Released: Fri Nov 18 15:40:46 2022
Summary: Security update for dpkg
Severity: low
References: 1199944,CVE-2022-1664
Description:
This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
-----------------------------------------
Patch: SUSE-2022-4135
Released: Mon Nov 21 00:13:40 2022
Summary: Recommended update for libeconf
Severity: moderate
References: 1198165
Description:
This update for libeconf fixes the following issues:
- Update to version 0.4.6+git
- econftool:
Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter.
- libeconf:
Parse files correctly on space characters (1198165)
- Update to version 0.4.5+git
- econftool:
New call 'syntax' for checking the configuration files only. Returns an error string with line number if error.
New options '--comment' and '--delimeters'
-----------------------------------------
Patch: SUSE-2022-4256
Released: Mon Nov 28 12:36:32 2022
Summary: Recommended update for gcc12
Severity: moderate
References:
Description:
This update for gcc12 fixes the following issues:
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.
The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
-----------------------------------------
Patch: SUSE-2022-4312
Released: Fri Dec 2 11:16:47 2022
Summary: Recommended update for tar
Severity: moderate
References: 1200657,1203600
Description:
This update for tar fixes the following issues:
- Fix unexpected inconsistency when making directory (bsc#1203600)
- Update race condition fix (bsc#1200657)
-----------------------------------------
Patch: SUSE-2022-4597
Released: Wed Dec 21 10:13:11 2022
Summary: Security update for curl
Severity: important
References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552
Description:
This update for curl fixes the following issues:
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).
-----------------------------------------
Patch: SUSE-2022-4629
Released: Wed Dec 28 09:24:07 2022
Summary: Security update for systemd
Severity: important
References: 1200723,1205000,CVE-2022-4415
Description:
This update for systemd fixes the following issues:
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
Bug fixes:
- Support by-path devlink for multipath nvme block devices (bsc#1200723).
-----------------------------------------
Patch: SUSE-2022-4645
Released: Sat Dec 31 16:04:44 2022
Summary: Security update for postgresql14, postgresql15
Severity: moderate
References: 1205300
Description:
This update for postgresql14, postgresql15 fixes the following issues:
postgresql15 is shipped in version 15.1.
* https://www.postgresql.org/about/news/2543/
* https://www.postgresql.org/docs/15/release-15-1.html
Update to 15.0:
* https://www.postgresql.org/about/news/p-2526/
* https://www.postgresql.org/docs/15/release-15.html
postgresql14 was updated to 14.6. (bsc#1205300)
* https://www.postgresql.org/about/news/2543/
* https://www.postgresql.org/docs/14/release-14-6.html
The libpq5 and libecpg6 libraries are now provided by postgresql15.
-----------------------------------------
Patch: SUSE-2023-25
Released: Thu Jan 5 09:51:41 2023
Summary: Recommended update for timezone
Severity: moderate
References: 1177460
Description:
This update for timezone fixes the following issues:
Version update from 2022f to 2022g (bsc#1177460):
- In the Mexican state of Chihuahua:
* The border strip near the US will change to agree with nearby US locations on 2022-11-30.
* The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules,
like El Paso, TX.
* The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX.
* A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
- Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving
time becomes standard time.
- Changes for pre-1996 northern Canada
- Update to past DST transition in Colombia (1993), Singapore (1981)
- 'timegm' is now supported by default
-----------------------------------------
Patch: SUSE-2023-48
Released: Mon Jan 9 10:37:54 2023
Summary: Recommended update for libtirpc
Severity: moderate
References: 1199467
Description:
This update for libtirpc fixes the following issues:
- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)
-----------------------------------------
Patch: SUSE-2023-50
Released: Mon Jan 9 10:42:21 2023
Summary: Recommended update for shadow
Severity: moderate
References: 1205502
Description:
This update for shadow fixes the following issues:
- Fix issue with user id field that cannot be interpreted (bsc#1205502)
-----------------------------------------
Patch: SUSE-2023-179
Released: Thu Jan 26 21:54:30 2023
Summary: Recommended update for tar
Severity: low
References: 1202436
Description:
This update for tar fixes the following issue:
- Fix hang when unpacking test tarball (bsc#1202436)
-----------------------------------------
Patch: SUSE-2023-201
Released: Fri Jan 27 15:24:15 2023
Summary: Security update for systemd
Severity: moderate
References: 1204944,1205000,1207264,CVE-2022-4415
Description:
This update for systemd fixes the following issues:
- CVE-2022-4415: Fixed an issue where users could access coredumps
with changed uid, gid or capabilities (bsc#1205000).
Non-security fixes:
- Enabled the pstore service (jsc#PED-2663).
- Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944).
- Fixed an issue where a pamd file could get accidentally overwritten
after an update (bsc#1207264).
-----------------------------------------
Patch: SUSE-2023-429
Released: Wed Feb 15 17:41:22 2023
Summary: Security update for curl
Severity: important
References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916
Description:
This update for curl fixes the following issues:
- CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990).
- CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).
-----------------------------------------
Patch: SUSE-2023-463
Released: Mon Feb 20 16:33:39 2023
Summary: Security update for tar
Severity: moderate
References: 1202436,1207753,CVE-2022-48303
Description:
This update for tar fixes the following issues:
- CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753).
Bug fixes:
- Fix hang when unpacking test tarball (bsc#1202436).
-----------------------------------------
Patch: SUSE-2023-464
Released: Mon Feb 20 18:11:37 2023
Summary: Recommended update for systemd
Severity: moderate
References:
Description:
This update for systemd fixes the following issues:
- Merge of v249.15
- Drop workaround related to systemd-timesyncd that addressed a Factory issue.
- Conditionalize the use of /lib/modprobe.d only on systems with split usr
support enabled (i.e. SLE).
- Make use of the %systemd_* rpm macros consistently. Using the upstream
variants will ease the backports of Factory changes to SLE since Factory
systemd uses the upstream variants exclusively.
- machines.target belongs to systemd-container, do its init/cleanup steps from
the scriptlets of this sub-package.
- Make sure we apply the presets on units shipped by systemd package.
- systemd-testsuite: move the integration tests in a dedicated sub directory.
- Move systemd-cryptenroll into udev package.
-----------------------------------------
Patch: SUSE-2023-569
Released: Tue Feb 28 11:08:10 2023
Summary: Security update for postgresql15
Severity: important
References: 1208102,CVE-2022-41862
Description:
This update for postgresql15 fixes the following issues:
Update to 15.2:
- CVE-2022-41862: Fixed memory leak in libpq (bsc#1208102).
-----------------------------------------
Patch: SUSE-2023-617
Released: Fri Mar 3 16:49:06 2023
Summary: Recommended update for jitterentropy
Severity: moderate
References: 1207789
Description:
This update for jitterentropy fixes the following issues:
- build jitterentropy library with debuginfo (bsc#1207789)
-----------------------------------------
Patch: SUSE-2023-709
Released: Fri Mar 10 16:04:41 2023
Summary: Recommended update for console-setup
Severity: moderate
References: 1202853
Description:
This update for console-setup and kbd fixes the following issue:
- Fix Caps_Lock mapping for us.map and others (bsc#1202853)
-----------------------------------------
Patch: SUSE-2023-776
Released: Thu Mar 16 17:29:23 2023
Summary: Recommended update for gcc12
Severity: moderate
References:
Description:
This update for gcc12 fixes the following issues:
This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.
SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
-----------------------------------------
Patch: SUSE-2023-1582
Released: Mon Mar 27 10:31:52 2023
Summary: Security update for curl
Severity: moderate
References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538
Description:
This update for curl fixes the following issues:
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
-----------------------------------------
Patch: SUSE-2023-1662
Released: Wed Mar 29 10:36:23 2023
Summary: Recommended update for patterns-base
Severity: moderate
References: 1203537
Description:
This update for patterns-base fixes the following issues:
- change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537)
-----------------------------------------
Patch: SUSE-2023-1688
Released: Wed Mar 29 18:19:10 2023
Summary: Security update for zstd
Severity: moderate
References: 1209533,CVE-2022-4899
Description:
This update for zstd fixes the following issues:
- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).
-----------------------------------------
Patch: SUSE-2023-1718
Released: Fri Mar 31 15:47:34 2023
Summary: Security update for glibc
Severity: moderate
References: 1207571,1207957,1207975,1208358,CVE-2023-0687
Description:
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)
Other issues fixed:
- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)
-----------------------------------------
Patch: SUSE-2023-1779
Released: Thu Apr 6 08:16:58 2023
Summary: Recommended update for systemd
Severity: moderate
References: 1208432
Description:
This update for systemd fixes the following issues:
- Fix return non-zero value when disabling SysVinit service (bsc#1208432)
- Drop build requirement on libpci, it's not no longer needed
- Move systemd-boot and all components managing (secure) UEFI boot into udev
sub-package, so they aren't installed in systemd based containers
-----------------------------------------
Patch: SUSE-2023-1805
Released: Tue Apr 11 10:12:41 2023
Summary: Recommended update for timezone
Severity: important
References:
Description:
This update for timezone fixes the following issues:
- Version update from 2022g to 2023c:
* Egypt now uses DST again, from April through October.
* This year Morocco springs forward April 23, not April 30.
* Palestine delays the start of DST this year.
* Much of Greenland still uses DST from 2024 on.
* America/Yellowknife now links to America/Edmonton.
* tzselect can now use current time to help infer timezone.
* The code now defaults to C99 or later.
-----------------------------------------
Patch: SUSE-2023-2066
Released: Fri Apr 28 13:54:17 2023
Summary: Security update for shadow
Severity: moderate
References: 1210507,CVE-2023-29383
Description:
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
-----------------------------------------
Patch: SUSE-2023-2111
Released: Fri May 5 14:34:00 2023
Summary: Security update for ncurses
Severity: moderate
References: 1210434,CVE-2023-29491
Description:
This update for ncurses fixes the following issues:
- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).
-----------------------------------------
Patch: SUSE-2023-2207
Released: Mon May 15 13:20:56 2023
Summary: Security update for postgresql15
Severity: important
References: 1210303,1211228,1211229,CVE-2023-2454,CVE-2023-2455
Description:
This update for postgresql15 fixes the following issues:
Updated to version 15.3:
- CVE-2023-2454: Fixed an issue where a user having permission to
create a schema could hijack the privileges of a security definer
function or extension script (bsc#1211228).
- CVE-2023-2455: Fixed an issue that could allow a user to see or
modify rows that should have been invisible (bsc#1211229).
- Internal fixes (bsc#1210303).
-----------------------------------------
Patch: SUSE-2023-2224
Released: Wed May 17 09:53:54 2023
Summary: Security update for curl
Severity: important
References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322
Description:
This update for curl adds the following feature:
Update to version 8.0.1 (jsc#PED-2580)
- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).
-----------------------------------------
Patch: SUSE-2023-2240
Released: Wed May 17 19:56:54 2023
Summary: Recommended update for systemd
Severity: moderate
References: 1203141,1207410
Description:
This update for systemd fixes the following issues:
- udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
- Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141)
- Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626)
-----------------------------------------
Patch: SUSE-2023-2307
Released: Mon May 29 10:29:49 2023
Summary: Recommended update for kbd
Severity: low
References: 1210702
Description:
This update for kbd fixes the following issue:
- Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702)
-----------------------------------------
Patch: SUSE-2023-2484
Released: Mon Jun 12 08:49:58 2023
Summary: Security update for openldap2
Severity: moderate
References: 1211795,CVE-2023-2953
Description:
This update for openldap2 fixes the following issues:
- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).
-----------------------------------------
Patch: 29171
Released: Tue Jun 20 12:29:00 2023
Summary: Security update for openssl-1_1
Severity: important
References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect tests (bsc#1201627)
-----------------------------------------
Patch: SUSE-2023-2625
Released: Fri Jun 23 17:16:11 2023
Summary: Recommended update for gcc12
Severity: moderate
References:
Description:
This update for gcc12 fixes the following issues:
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression and other bug fixes
- Speed up builds with --enable-link-serialization.
- Update embedded newlib to version 4.2.0
-----------------------------------------
Patch: SUSE-2023-2765
Released: Mon Jul 3 20:28:14 2023
Summary: Security update for libcap
Severity: moderate
References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603
Description:
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
-----------------------------------------
Patch: SUSE-2023-2827
Released: Fri Jul 14 11:27:47 2023
Summary: Recommended update for libxml2
Severity: moderate
References:
Description:
This update for libxml2 fixes the following issues:
- Build also for modern python version (jsc#PED-68)
-----------------------------------------
Patch: SUSE-2023-2847
Released: Mon Jul 17 08:40:42 2023
Summary: Recommended update for audit
Severity: moderate
References: 1210004
Description:
This update for audit fixes the following issues:
- Check for AF_UNIX unnamed sockets (bsc#1210004)
- Enable livepatching on main library on x86_64
-----------------------------------------
Patch: SUSE-2023-2855
Released: Mon Jul 17 16:35:21 2023
Summary: Recommended update for openldap2
Severity: moderate
References: 1212260
Description:
This update for openldap2 fixes the following issues:
- libldap2 crashes on ldap_sasl_bind_s (bsc#1212260)
-----------------------------------------
Patch: SUSE-2023-2877
Released: Wed Jul 19 09:43:42 2023
Summary: Security update for dbus-1
Severity: moderate
References: 1212126,CVE-2023-34969
Description:
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
-----------------------------------------
Patch: SUSE-2023-2882
Released: Wed Jul 19 11:49:39 2023
Summary: Security update for perl
Severity: important
References: 1210999,CVE-2023-31484
Description:
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
-----------------------------------------
Patch: SUSE-2023-2885
Released: Wed Jul 19 16:58:43 2023
Summary: Recommended update for glibc
Severity: moderate
References: 1208721,1209229,1211828
Description:
This update for glibc fixes the following issues:
- getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235)
- Exclude static archives from preparation for live patching (bsc#1208721)
- resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527)
-----------------------------------------
Patch: SUSE-2023-2891
Released: Wed Jul 19 21:14:33 2023
Summary: Security update for curl
Severity: moderate
References: 1213237,CVE-2023-32001
Description:
This update for curl fixes the following issues:
- CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).
-----------------------------------------
Patch: SUSE-2023-2901
Released: Thu Jul 20 09:49:16 2023
Summary: Recommended update for lvm2
Severity: important
References: 1212613
Description:
This update for lvm2 fixes the following issues:
- multipath_component_detection = 0 in lvm.conf does not have any effect (bsc#1212613)
-----------------------------------------
Patch: SUSE-2023-2965
Released: Tue Jul 25 12:30:22 2023
Summary: Security update for openssl-1_1
Severity: moderate
References: 1213487,CVE-2023-3446
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
-----------------------------------------
Patch: SUSE-2023-2966
Released: Tue Jul 25 14:26:14 2023
Summary: Recommended update for libxml2
Severity: moderate
References:
Description:
This update for libxml2 fixes the following issues:
- Build also for modern python version (jsc#PED-68)
-----------------------------------------
Patch: SUSE-2023-3088
Released: Tue Aug 1 09:52:03 2023
Summary: Recommended update for systemd-presets-common-SUSE
Severity: moderate
References: 1212496
Description:
This update for systemd-presets-common-SUSE fixes the following issues:
- Fix systemctl being called with an empty argument (bsc#1212496)
- Don't call systemctl list-unit-files with an empty argument (bsc#1212496)
- Add wtmpdb-update-boot.service and wtmpdb-rotate.timer
-----------------------------------------
Patch: SUSE-2023-3102
Released: Tue Aug 1 14:11:53 2023
Summary: Recommended update for openssl-1_1
Severity: moderate
References: 1213517
Description:
This update for openssl-1_1 fixes the following issues:
- Dont pass zero length input to EVP_Cipher (bsc#1213517)
-----------------------------------------
Patch: SUSE-2023-3217
Released: Mon Aug 7 16:51:10 2023
Summary: Recommended update for cryptsetup
Severity: moderate
References: 1211079
Description:
This update for cryptsetup fixes the following issues:
- Handle system with low memory and no swap space (bsc#1211079)
-----------------------------------------
Patch: SUSE-2023-3242
Released: Tue Aug 8 18:19:40 2023
Summary: Security update for openssl-1_1
Severity: moderate
References: 1213853,CVE-2023-3817
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
-----------------------------------------
Patch: SUSE-2023-3276
Released: Fri Aug 11 10:20:40 2023
Summary: Recommended update for apparmor
Severity: moderate
References: 1213472
Description:
This update for apparmor fixes the following issues:
- Add pam_apparmor README (bsc#1213472)
-----------------------------------------
Patch: SUSE-2023-3285
Released: Fri Aug 11 10:30:38 2023
Summary: Recommended update for shadow
Severity: moderate
References: 1206627,1213189
Description:
This update for shadow fixes the following issues:
- Prevent lock files from remaining after power interruptions (bsc#1213189)
- Add --prefix support to passwd, chpasswd and chage (bsc#1206627)
-----------------------------------------
Patch: SUSE-2023-3325
Released: Wed Aug 16 08:26:08 2023
Summary: Security update for krb5
Severity: important
References: 1214054,CVE-2023-36054
Description:
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
-----------------------------------------
Patch: SUSE-2023-3347
Released: Thu Aug 17 14:39:10 2023
Summary: Security update for postgresql15
Severity: moderate
References: 1214059,1214061,CVE-2023-39417,CVE-2023-39418
Description:
This update for postgresql15 fixes the following issues:
- Update to 15.4
- CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059)
- CVE-2023-39418: Fix MERGE to enforce row security. (bsc#1214061)
-----------------------------------------
Patch: SUSE-2023-3410
Released: Thu Aug 24 06:56:32 2023
Summary: Recommended update for audit
Severity: moderate
References: 1201519,1204844
Description:
This update for audit fixes the following issues:
- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)
-----------------------------------------
Patch: SUSE-2023-3451
Released: Mon Aug 28 12:15:22 2023
Summary: Recommended update for systemd
Severity: moderate
References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873
Description:
This update for systemd fixes the following issues:
- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)
- Decrease devlink priority for iso disks (bsc#1213185)
- Do not ignore mount point paths longer than 255 characters (bsc#1208194)
- Refuse hibernation if there's no possible way to resume (bsc#1186606)
- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)
- Drop some entries no longer needed by YaST (bsc#1194609)
- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)
- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)
-----------------------------------------
Patch: SUSE-2023-3466
Released: Tue Aug 29 07:33:16 2023
Summary: Recommended update for icu
Severity: moderate
References: 1103893,1112183
Description:
This update for icu fixes the following issues:
- Japanese era Reiwa (bsc#1112183, bsc#1103893, fate570, fate#325570, fate#325419)
-----------------------------------------
Patch: SUSE-2023-3485
Released: Tue Aug 29 14:20:56 2023
Summary: Recommended update for lvm2
Severity: moderate
References: 1214071
Description:
This update for lvm2 fixes the following issues:
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
-----------------------------------------
Patch: SUSE-2023-3611
Released: Fri Sep 15 09:28:36 2023
Summary: Recommended update for sysuser-tools
Severity: moderate
References: 1195391,1205161,1207778,1213240,1214140
Description:
This update for sysuser-tools fixes the following issues:
- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391)
- Remove all systemd requires not supported on SLE15 (bsc#1214140)
-----------------------------------------
Patch: SUSE-2023-3661
Released: Mon Sep 18 21:44:09 2023
Summary: Security update for gcc12
Severity: important
References: 1214052,CVE-2023-4039
Description:
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
-----------------------------------------
Patch: SUSE-2023-3666
Released: Mon Sep 18 21:52:18 2023
Summary: Security update for libxml2
Severity: important
References: 1214768,CVE-2023-39615
Description:
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
-----------------------------------------
Patch: SUSE-2023-3717
Released: Thu Sep 21 06:51:51 2023
Summary: Recommended update for apparmor
Severity: moderate
References: 1214458
Description:
This update for apparmor fixes the following issues:
- Update zgrep profile to allow egrep helper use (bsc#1214458)
-----------------------------------------
Patch: SUSE-2023-3814
Released: Wed Sep 27 18:08:17 2023
Summary: Recommended update for glibc
Severity: moderate
References: 1211829,1212819,1212910
Description:
This update for glibc fixes the following issues:
- nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)
- Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)
- elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)
- elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)
- ld.so: Always use MAP_COPY to map the first segment (BZ #30452)
- add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)
-----------------------------------------
Patch: SUSE-2023-3823
Released: Wed Sep 27 18:42:38 2023
Summary: Security update for curl
Severity: important
References: 1215026,CVE-2023-38039
Description:
This update for curl fixes the following issues:
- CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)
-----------------------------------------
Patch: SUSE-2023-3954
Released: Tue Oct 3 20:09:47 2023
Summary: Security update for libeconf
Severity: important
References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181
Description:
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
-----------------------------------------
Patch: SUSE-2023-3997
Released: Fri Oct 6 14:13:56 2023
Summary: Security update for nghttp2
Severity: important
References: 1215713,CVE-2023-35945
Description:
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
-----------------------------------------
Patch: SUSE-2023-4003
Released: Mon Oct 9 08:29:33 2023
Summary: Recommended update for apparmor
Severity: moderate
References: 1215596
Description:
This update for apparmor fixes the following issues:
- Handle pam-config errors in pam_apparmor %post and %postun scripts (bsc#1215596)
-----------------------------------------
Patch: SUSE-2023-4024
Released: Tue Oct 10 13:24:40 2023
Summary: Security update for shadow
Severity: low
References: 1214806,CVE-2023-4641
Description:
This update for shadow fixes the following issues:
- CVE-2023-4641: Fixed potential password leak (bsc#1214806).
-----------------------------------------
Patch: SUSE-2023-4044
Released: Wed Oct 11 09:01:14 2023
Summary: Security update for curl
Severity: important
References: 1215888,1215889,CVE-2023-38545,CVE-2023-38546
Description:
This update for curl fixes the following issues:
- CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
- CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)
-----------------------------------------
Patch: SUSE-2023-4073
Released: Fri Oct 13 11:40:26 2023
Summary: Recommended update for rpm
Severity: low
References:
Description:
This update for rpm fixes the following issue:
- Enables build for all python modules (jsc#PED-68, jsc#PED-1988)