openSUSE Security Update: Security update for ansible
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:0081-1
Rating:             important
References:         #1099808 #1112959 #1118896 #1126503 #1137528 
                    #1157968 #1157969 #1164133 #1164134 #1164135 
                    #1164136 #1164137 #1164138 #1164139 #1164140 
                    #1165393 #1166389 #1167440 #1167532 #1167873 
                    #1171162 #1174145 #1174302 #1180816 #1180942 
                    #1181119 #1181935 
Cross-References:   CVE-2018-10875 CVE-2018-16837 CVE-2019-10156
                    CVE-2019-14846 CVE-2019-14904 CVE-2019-14905
                    CVE-2020-10684 CVE-2020-10685 CVE-2020-10691
                    CVE-2020-10729 CVE-2020-14330 CVE-2020-14332
                    CVE-2020-1733 CVE-2020-1734 CVE-2020-1735
                    CVE-2020-1736 CVE-2020-1737 CVE-2020-1738
                    CVE-2020-1739 CVE-2020-1740 CVE-2020-1746
                    CVE-2020-1753 CVE-2021-20178 CVE-2021-20180
                    CVE-2021-20191 CVE-2021-20228
CVSS scores:
                    CVE-2018-10875 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2018-10875 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2018-16837 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2018-16837 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2019-10156 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
                    CVE-2019-10156 (SUSE): 4.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
                    CVE-2019-14846 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-14846 (SUSE): 2.3 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
                    CVE-2019-14904 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
                    CVE-2019-14904 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-14905 (NVD) : 5.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
                    CVE-2019-14905 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-10684 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
                    CVE-2020-10685 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-10685 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2020-10691 (NVD) : 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
                    CVE-2020-10691 (SUSE): 5.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
                    CVE-2020-10729 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-10729 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2020-14330 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-14330 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2020-14332 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-14332 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-1733 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
                    CVE-2020-1733 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
                    CVE-2020-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
                    CVE-2020-1735 (NVD) : 4.6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
                    CVE-2020-1735 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
                    CVE-2020-1736 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2020-1736 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
                    CVE-2020-1737 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-1737 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
                    CVE-2020-1738 (NVD) : 3.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L
                    CVE-2020-1738 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
                    CVE-2020-1739 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-1739 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
                    CVE-2020-1740 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-1740 (SUSE): 3.9 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
                    CVE-2020-1746 (NVD) : 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2020-1746 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2020-1753 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-20178 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-20178 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2021-20180 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2021-20191 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-20191 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2021-20228 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-20228 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Affected Products:
                    openSUSE Backports SLE-15-SP3
______________________________________________________________________________

   An update that solves 26 vulnerabilities and has one errata
   is now available.

Description:


   Ansible was updated to 2.9.21 to fix lots of bugs and security issues.

   Update to version 2.9.20, maintenance release containing numerous bugfixes.

   Update to version 2.9.19 with minor changes and a few bug fixes.

   Update to version 2.9.18:

   * CVE-2021-20228 where default and fallback values for no_log parameters     to modules were not previously masked. (bsc#1181935)
   * CVE-2021-20178 where several parameters to the snmp_facts module were
     logged and displayed despite containing sensitive information.
     (bsc#1180816)
   * CVE-2021-20180 where several parameters to the
     bitbucket_pipeline_variable were logged and displayed despite containing
     sensitive information. (bsc#1180942)
   * CVE-2021-20191 which addresses a number of modules whose parameters were
     logged and displayed despite containing sensitive information. For the
     full list of affected modules, refer to the changelog linked below.
     (bsc#1181119)

   Update to version 2.9.17 with minor changes and a few bug fixes.

   Update to version 2.9.16 with minor changes and many bug fixes.

   update to version 2.9.15 with following breaking change:

   * ansible-galaxy login command has been removed

   update to version 2.9.14 with many small improvements and bug fixes, most
   notably:

   * kubectl - connection plugin now redact kubectl_token and
     kubectl_password in console log (CVE-2020-1753 bsc#1166389).

   update to version 2.9.13 with many bug fixes, most notably:

   * A security issue was addressed in the "dnf" module, which previously did
     not check GPG signatures of packages.
   * A bug in the "cron" module was fixed. In some cases prior to this fix,
     the module would inadvertently remove cron entries.

   update to version 2.9.12 with many bug fixes, most notably the following
   security fixes:

   * security issue - copy - Redact the value of the no_log 'content'
     parameter in the result's invocation.module_args in check mode.
     Previously when used with check mode and with '-vvv', the module would
     not censor the content if a change would be made to the destination
     path. (CVE-2020-14332 bsc#1174302)
   * security issue atomic_move - change default permissions when creating
     temporary files so they are not world readable
     (https://github.com/ansible/ansible/issues/67794) (CVE-2020-1736
     bsc#1164134)
   * Fix warning for default permission change when no mode is specified.
     Follow up to https://github.com/ansible/ansible/issues/67794.
     (CVE-2020-1736)
   * Sanitize no_log values from any response keys that might be returned
     from the uri module (CVE-2020-14330 bsc#1174145).
   * reset logging level to INFO due to CVE-2019-14846.

   update to version 2.9.11 with many bug fixes

   update to version 2.9.10 with many bug fixes.

   - Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140)

   update to version 2.9.9

   * fix for a regression introduced in 2.9.8

   update to version 2.9.8, maintenance release containing numerous bugfixes

   update to version 2.9.7 with many bug fixes, especially for these security
   issues:

   - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running
     become_user from become directive
   - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup
     plugin subprocess
   - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch
     module
   - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive
     permissions
   - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module
     does not check extracted path
   - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible
     facts
   - bsc#1164133 CVE-2020-1739  - svn module leaks password when specified as
     a parameter
   - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit
   - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr
     and ldap_entry modules
   - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive
     information
   - bsc#1167532 CVE-2020-10684 - code injection when using ansible_facts as
     a subkey
   - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with
     vault are not properly cleaned up
   - bsc#1167873 CVE-2020-10691 - archive traversal vulnerability in
     ansible-galaxy collection install [2]

   Fixed before 2.9.6, but not yet listed:
   - bsc#1171162 CVE-2020-10729 two random password lookups in same task
     return same value
   - bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone module via
     crafted solaris zone
   - bsc#1157969 CVE-2019-14905 malicious code could craft filename in
     nxos_file_copy module
   - bsc#1112959 CVE-2018-16837 Information leak in "user" module patch added
   - (bsc#1137528) CVE-2019-10156: ansible: templating causing an
   - bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with
     no_log on (https://github.com/ansible/ansible/pull/49569)
   - Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read
     from current working directory allowing possible code execution


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP3:

      zypper in -t patch openSUSE-2022-81=1



Package List:

   - openSUSE Backports SLE-15-SP3 (noarch):

      ansible-2.9.21-bp153.2.3.1
      ansible-doc-2.9.21-bp153.2.3.1
      ansible-test-2.9.21-bp153.2.3.1


References:

   https://www.suse.com/security/cve/CVE-2018-10875.html
   https://www.suse.com/security/cve/CVE-2018-16837.html
   https://www.suse.com/security/cve/CVE-2019-10156.html
   https://www.suse.com/security/cve/CVE-2019-14846.html
   https://www.suse.com/security/cve/CVE-2019-14904.html
   https://www.suse.com/security/cve/CVE-2019-14905.html
   https://www.suse.com/security/cve/CVE-2020-10684.html
   https://www.suse.com/security/cve/CVE-2020-10685.html
   https://www.suse.com/security/cve/CVE-2020-10691.html
   https://www.suse.com/security/cve/CVE-2020-10729.html
   https://www.suse.com/security/cve/CVE-2020-14330.html
   https://www.suse.com/security/cve/CVE-2020-14332.html
   https://www.suse.com/security/cve/CVE-2020-1733.html
   https://www.suse.com/security/cve/CVE-2020-1734.html
   https://www.suse.com/security/cve/CVE-2020-1735.html
   https://www.suse.com/security/cve/CVE-2020-1736.html
   https://www.suse.com/security/cve/CVE-2020-1737.html
   https://www.suse.com/security/cve/CVE-2020-1738.html
   https://www.suse.com/security/cve/CVE-2020-1739.html
   https://www.suse.com/security/cve/CVE-2020-1740.html
   https://www.suse.com/security/cve/CVE-2020-1746.html
   https://www.suse.com/security/cve/CVE-2020-1753.html
   https://www.suse.com/security/cve/CVE-2021-20178.html
   https://www.suse.com/security/cve/CVE-2021-20180.html
   https://www.suse.com/security/cve/CVE-2021-20191.html
   https://www.suse.com/security/cve/CVE-2021-20228.html
   https://bugzilla.suse.com/1099808
   https://bugzilla.suse.com/1112959
   https://bugzilla.suse.com/1118896
   https://bugzilla.suse.com/1126503
   https://bugzilla.suse.com/1137528
   https://bugzilla.suse.com/1157968
   https://bugzilla.suse.com/1157969
   https://bugzilla.suse.com/1164133
   https://bugzilla.suse.com/1164134
   https://bugzilla.suse.com/1164135
   https://bugzilla.suse.com/1164136
   https://bugzilla.suse.com/1164137
   https://bugzilla.suse.com/1164138
   https://bugzilla.suse.com/1164139
   https://bugzilla.suse.com/1164140
   https://bugzilla.suse.com/1165393
   https://bugzilla.suse.com/1166389
   https://bugzilla.suse.com/1167440
   https://bugzilla.suse.com/1167532
   https://bugzilla.suse.com/1167873
   https://bugzilla.suse.com/1171162
   https://bugzilla.suse.com/1174145
   https://bugzilla.suse.com/1174302
   https://bugzilla.suse.com/1180816
   https://bugzilla.suse.com/1180942
   https://bugzilla.suse.com/1181119
   https://bugzilla.suse.com/1181935

openSUSE: 2022:0081-1 important: ansible

March 16, 2022
An update that solves 26 vulnerabilities and has one errata is now available

Description

Ansible was updated to 2.9.21 to fix lots of bugs and security issues. Update to version 2.9.20, maintenance release containing numerous bugfixes. Update to version 2.9.19 with minor changes and a few bug fixes. Update to version 2.9.18: * CVE-2021-20228 where default and fallback values for no_log parameters to modules were not previously masked. (bsc#1181935) * CVE-2021-20178 where several parameters to the snmp_facts module were logged and displayed despite containing sensitive information. (bsc#1180816) * CVE-2021-20180 where several parameters to the bitbucket_pipeline_variable were logged and displayed despite containing sensitive information. (bsc#1180942) * CVE-2021-20191 which addresses a number of modules whose parameters were logged and displayed despite containing sensitive information. For the full list of affected modules, refer to the changelog linked below. (bsc#1181119) Update to version 2.9.17 with minor changes and a few bug fixes. Update to version 2.9.16 with minor changes and many bug fixes. update to version 2.9.15 with following breaking change: * ansible-galaxy login command has been removed update to version 2.9.14 with many small improvements and bug fixes, most notably: * kubectl - connection plugin now redact kubectl_token and kubectl_password in console log (CVE-2020-1753 bsc#1166389). update to version 2.9.13 with many bug fixes, most notably: * A security issue was addressed in the "dnf" module, which previously did not check GPG signatures of packages. * A bug in the "cron" module was fixed. In some cases prior to this fix, the module would inadvertently remove cron entries. update to version 2.9.12 with many bug fixes, most notably the following security fixes: * security issue - copy - Redact the value of the no_log 'content' parameter in the result's invocation.module_args in check mode. Previously when used with check mode and with '-vvv', the module would not censor the content if a change would be made to the destination path. (CVE-2020-14332 bsc#1174302) * security issue atomic_move - change default permissions when creating temporary files so they are not world readable (https://github.com/ansible/ansible/issues/67794) (CVE-2020-1736 bsc#1164134) * Fix warning for default permission change when no mode is specified. Follow up to https://github.com/ansible/ansible/issues/67794. (CVE-2020-1736) * Sanitize no_log values from any response keys that might be returned from the uri module (CVE-2020-14330 bsc#1174145). * reset logging level to INFO due to CVE-2019-14846. update to version 2.9.11 with many bug fixes update to version 2.9.10 with many bug fixes. - Add CVE-2020-1733_avoid_mkdir_p.patch to fix CVE-2020-1733 (bsc#1164140) update to version 2.9.9 * fix for a regression introduced in 2.9.8 update to version 2.9.8, maintenance release containing numerous bugfixes update to version 2.9.7 with many bug fixes, especially for these security issues: - bsc#1164140 CVE-2020-1733 - insecure temporary directory when running become_user from become directive - bsc#1164139 CVE-2020-1734 shell enabled by default in a pipe lookup plugin subprocess - bsc#1164137 CVE-2020-1735 - path injection on dest parameter in fetch module - bsc#1164134 CVE-2020-1736 atomic_move primitive sets permissive permissions - bsc#1164138 CVE-2020-1737 - Extract-Zip function in win_unzip module does not check extracted path - bsc#1164136 CVE-2020-1738 module package can be selected by the ansible facts - bsc#1164133 CVE-2020-1739 - svn module leaks password when specified as a parameter - bsc#1164135 CVE-2020-1740 - secrets readable after ansible-vault edit - bsc#1165393 CVE-2020-1746 - information disclosure issue in ldap_attr and ldap_entry modules - bsc#1166389 CVE-2020-1753 - kubectl connection plugin leaks sensitive information - bsc#1167532 CVE-2020-10684 - code injection when using ansible_facts as a subkey - bsc#1167440 CVE-2020-10685 - modules which use files encrypted with vault are not properly cleaned up - bsc#1167873 CVE-2020-10691 - archive traversal vulnerability in ansible-galaxy collection install [2] Fixed before 2.9.6, but not yet listed: - bsc#1171162 CVE-2020-10729 two random password lookups in same task return same value - bsc#1157968 CVE-2019-14904 vulnerability in solaris_zone module via crafted solaris zone - bsc#1157969 CVE-2019-14905 malicious code could craft filename in nxos_file_copy module - bsc#1112959 CVE-2018-16837 Information leak in "user" module patch added - (bsc#1137528) CVE-2019-10156: ansible: templating causing an - bsc#1118896 CVE-2018-16876 Information disclosure in vvv+ mode with no_log on (https://github.com/ansible/ansible/pull/49569) - Includes fix for bsc#1099808 (CVE-2018-10875) ansible.cfg is being read from current working directory allowing possible code execution

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-81=1


Package List

- openSUSE Backports SLE-15-SP3 (noarch): ansible-2.9.21-bp153.2.3.1 ansible-doc-2.9.21-bp153.2.3.1 ansible-test-2.9.21-bp153.2.3.1


References

https://www.suse.com/security/cve/CVE-2018-10875.html https://www.suse.com/security/cve/CVE-2018-16837.html https://www.suse.com/security/cve/CVE-2019-10156.html https://www.suse.com/security/cve/CVE-2019-14846.html https://www.suse.com/security/cve/CVE-2019-14904.html https://www.suse.com/security/cve/CVE-2019-14905.html https://www.suse.com/security/cve/CVE-2020-10684.html https://www.suse.com/security/cve/CVE-2020-10685.html https://www.suse.com/security/cve/CVE-2020-10691.html https://www.suse.com/security/cve/CVE-2020-10729.html https://www.suse.com/security/cve/CVE-2020-14330.html https://www.suse.com/security/cve/CVE-2020-14332.html https://www.suse.com/security/cve/CVE-2020-1733.html https://www.suse.com/security/cve/CVE-2020-1734.html https://www.suse.com/security/cve/CVE-2020-1735.html https://www.suse.com/security/cve/CVE-2020-1736.html https://www.suse.com/security/cve/CVE-2020-1737.html https://www.suse.com/security/cve/CVE-2020-1738.html https://www.suse.com/security/cve/CVE-2020-1739.html https://www.suse.com/security/cve/CVE-2020-1740.html https://www.suse.com/security/cve/CVE-2020-1746.html https://www.suse.com/security/cve/CVE-2020-1753.html https://www.suse.com/security/cve/CVE-2021-20178.html https://www.suse.com/security/cve/CVE-2021-20180.html https://www.suse.com/security/cve/CVE-2021-20191.html https://www.suse.com/security/cve/CVE-2021-20228.html https://bugzilla.suse.com/1099808 https://bugzilla.suse.com/1112959 https://bugzilla.suse.com/1118896 https://bugzilla.suse.com/1126503 https://bugzilla.suse.com/1137528 https://bugzilla.suse.com/1157968 https://bugzilla.suse.com/1157969 https://bugzilla.suse.com/1164133 https://bugzilla.suse.com/1164134 https://bugzilla.suse.com/1164135 https://bugzilla.suse.com/1164136 https://bugzilla.suse.com/1164137 https://bugzilla.suse.com/1164138 https://bugzilla.suse.com/1164139 https://bugzilla.suse.com/1164140 https://bugzilla.suse.com/1165393 https://bugzilla.suse.com/1166389 https://bugzilla.suse.com/1167440 https://bugzilla.suse.com/1167532 https://bugzilla.suse.com/1167873 https://bugzilla.suse.com/1171162 https://bugzilla.suse.com/1174145 https://bugzilla.suse.com/1174302 https://bugzilla.suse.com/1180816 https://bugzilla.suse.com/1180942 https://bugzilla.suse.com/1181119 https://bugzilla.suse.com/1181935


Severity
Announcement ID: openSUSE-SU-2022:0081-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP3 ble.

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved