SUSE: 2022:1852-1 ses/7.1/ceph/ceph Security Update | LinuxSecurity...

Advisories

SUSE Container Update Advisory: ses/7.1/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:1852-1
Container Tags        : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.184 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific
Container Release     : 3.2.184
Severity              : critical
Type                  : security
References            : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
                        1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726
                        1121227 1121230 1122004 1122021 1123685 1125007 1137373 1164384
                        1177460 1180065 1181658 1183533 1184501 1185637 1191157 1191502
                        1191908 1192449 1192951 1193086 1193489 1193659 1194131 1194172
                        1194550 1194642 1194708 1194848 1194875 1194883 1195157 1195231
                        1195247 1195251 1195258 1195283 1195359 1195463 1195529 1195628
                        1195836 1195899 1195999 1196044 1196061 1196093 1196107 1196125
                        1196317 1196368 1196490 1196514 1196567 1196647 1196733 1196785
                        1196787 1196850 1196861 1196925 1196939 1197004 1197024 1197065
                        1197134 1197297 1197443 1197459 1197570 1197684 1197718 1197742
                        1197743 1197771 1197788 1197790 1197794 1197846 1198062 1198062
                        1198090 1198114 1198176 1198237 1198422 1198435 1198446 1198458
                        1198507 1198511 1198614 1198627 1198723 1198732 1198751 1198766
                        1198922 1199042 1199090 1199132 1199140 1199166 1199223 1199224
                        1199232 1199232 1199235 1199240 1199756 1200064 1200170 1200278
                        1200334 1200550 1200553 1200735 1200737 1200802 1200855 1200855
                        1201099 1201225 1201560 1201640 CVE-2015-20107 CVE-2017-7607
                        CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612
                        CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310
                        CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032
                        CVE-2019-20454 CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148
                        CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2020-29362
                        CVE-2021-22570 CVE-2021-28153 CVE-2021-3979 CVE-2022-1271 CVE-2022-1271
                        CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1586 CVE-2022-1587
                        CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775
                        CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29217
                        CVE-2022-29458 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903
-----------------------------------------------------------------

The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released:    Wed Mar 30 09:40:58 2022
Summary:     Security update for protobuf
Type:        security
Severity:    moderate
References:  1195258,CVE-2021-22570
This update for protobuf fixes the following issues:

- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released:    Wed Mar 30 16:20:56 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1196093,1197024
This update for pam fixes the following issues:

- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. 
  This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released:    Wed Mar 30 18:27:06 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1197459,CVE-2018-25032
This update for zlib fixes the following issues:

- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released:    Fri Apr  1 11:45:01 2022
Summary:     Security update for yaml-cpp
Type:        security
Severity:    moderate
References:  1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:

- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released:    Mon Apr  4 12:53:05 2022
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1194883
This update for aaa_base fixes the following issues:

- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
  multi byte characters as well as support the vi mode of readline library

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released:    Mon Apr  4 17:49:17 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1194642
This update for util-linux fixes the following issue:

- Improve throughput and reduce clock sequence increments for high load situation with time based 
  version 1 uuids. (bsc#1194642)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released:    Tue Apr  5 18:34:06 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not on 03-26
  * `zdump -v` now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1126-1
Released:    Thu Apr  7 14:05:02 2022
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1197297,1197788
This update for nfs-utils fixes the following issues:

- Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297)
  * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels.
- Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1145-1
Released:    Mon Apr 11 14:59:54 2022
Summary:     Recommended update for tcmu-runner
Type:        recommended
Severity:    moderate
References:  1196787
This update for tcmu-runner fixes the following issues:

- fix g_object_unref: assertion 'G_IS_OBJECT (object)' failed. (bsc#1196787)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released:    Tue Apr 12 13:26:19 2022
Summary:     Security update for libsolv, libzypp, zypper
Type:        security
Severity:    important
References:  1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:

Security relevant fix:

- Harden package signature checks (bsc#1184501).

libsolv update to 0.7.22:

- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
  new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
  new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
  new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime

libzypp update to 17.30.0:

- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
  Pay attention that header and payload are secured by a valid
  signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
  A previously released ISO image may need a bit more time to
  release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)

zypper update to 1.14.52:

- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released:    Tue Apr 12 14:44:43 2022
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1198062,CVE-2022-1271
This update for xz fixes the following issues:

- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released:    Tue Apr 12 18:20:07 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:

- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
  let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1203-1
Released:    Thu Apr 14 11:43:28 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1195231
This update for lvm2 fixes the following issues:

- udev: create symlinks and watch even in suspended state (bsc#1195231)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released:    Wed Apr 20 12:26:38 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1196647
This update for libtirpc fixes the following issues:

- Add option to enforce connection via protocol version 2 first (bsc#1196647)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released:    Fri Apr 22 10:04:46 2022
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1196939
This update for e2fsprogs fixes the following issues:

- Add support for 'libreadline7' for Leap. (bsc#1196939)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released:    Mon Apr 25 15:02:13 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1191157,1197004
This update for openldap2 fixes the following issues:

- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
  resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released:    Tue Apr 26 12:54:57 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1195628,1196107
This update for gcc11 fixes the following issues:

- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
  packages provided by older GCC work.  Add a requires from that
  package to the corresponding libstc++6 package to keep those
  at the same version.  [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
  to Recommends.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1422-1
Released:    Wed Apr 27 09:24:27 2022
Summary:     Recommended update for glib2-branding
Type:        recommended
Severity:    moderate
References:  1195836
This update for glib2-branding fixes the following issues:

- Change the default `LibreOffice Startcenter` entry to `libreoffice-startcenter.desktop` and provide the missing 
  favorite link. (bsc#1195836)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1438-1
Released:    Wed Apr 27 15:27:19 2022
Summary:     Recommended update for systemd-presets-common-SUSE
Type:        recommended
Severity:    low
References:  1195251
This update for systemd-presets-common-SUSE fixes the following issue:

- enable vgauthd service for VMWare by default (bsc#1195251)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1439-1
Released:    Wed Apr 27 16:08:04 2022
Summary:     Recommended update for binutils
Type:        recommended
Severity:    moderate
References:  1198237
This update for binutils fixes the following issues:

- The official name IBM z16 for IBM zSeries arch14 is recognized.  (bsc#1198237)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released:    Thu Apr 28 10:47:22 2022
Summary:     Recommended update for perl
Type:        recommended
Severity:    moderate
References:  1193489
This update for perl fixes the following issues:

- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released:    Thu Apr 28 11:31:51 2022
Summary:     Security update for glib2
Type:        security
Severity:    low
References:  1183533,CVE-2021-28153
This update for glib2 fixes the following issues:

- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1491-1
Released:    Tue May  3 07:09:44 2022
Summary:     Recommended update for psmisc
Type:        recommended
Severity:    moderate
References:  1194172
This update for psmisc fixes the following issues:

- Add a fallback if the system call name_to_handle_at() is not supported by the used file system.
- Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from 
  pthreads(7) (bsc#1194172)
- Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1617-1
Released:    Tue May 10 14:40:12 2022
Summary:     Security update for gzip
Type:        security
Severity:    important
References:  1198062,1198922,CVE-2022-1271
This update for gzip fixes the following issues:

- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1625-1
Released:    Tue May 10 15:54:43 2022
Summary:     Recommended update for python-python3-saml
Type:        recommended
Severity:    moderate
References:  1197846
This update for python-python3-saml fixes the following issues:

- Update expiry dates for responses. (bsc#1197846)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released:    Tue May 10 15:55:13 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1198090,1198114
This update for systemd fixes the following issues:

- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released:    Fri May 13 15:36:10 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1197794
This update for pam fixes the following issue:

- Do not include obsolete header files (bsc#1197794)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released:    Fri May 13 15:39:07 2022
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:

- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released:    Fri May 13 15:40:20 2022
Summary:     Recommended update for libpsl
Type:        recommended
Severity:    important
References:  1197771
This update for libpsl fixes the following issues:

- Fix libpsl compilation issues (bsc#1197771)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released:    Mon May 16 10:06:30 2022
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:

- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released:    Mon May 16 14:02:49 2022
Summary:     Security update for e2fsprogs
Type:        security
Severity:    important
References:  1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:

- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
  and possibly arbitrary code execution. (bsc#1198446)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released:    Mon May 16 15:13:39 2022
Summary:     Recommended update for augeas
Type:        recommended
Severity:    moderate
References:  1197443
This update for augeas fixes the following issue:

- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1709-1
Released:    Tue May 17 17:35:47 2022
Summary:     Recommended update for libcbor
Type:        recommended
Severity:    important
References:  1197743
This update for libcbor fixes the following issues:

- Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1720-1
Released:    Tue May 17 17:46:03 2022
Summary:     Recommended update for python-rtslib-fb
Type:        recommended
Severity:    important
References:  1199090
This update for python-rtslib-fb fixes the following issues:

- Update parameters description.
- Enable the 'disable_emulate_legacy_capacity' parameter. (bsc#1199090)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released:    Thu May 19 15:28:20 2022
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:

- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1828-1
Released:    Tue May 24 10:47:38 2022
Summary:     Recommended update for oath-toolkit
Type:        recommended
Severity:    important
References:  1197790
This update for oath-toolkit fixes the following issues:

- Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197790)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1864-1
Released:    Fri May 27 09:07:30 2022
Summary:     Recommended update for leveldb
Type:        recommended
Severity:    low
References:  1197742
This update for leveldb fixes the following issue:

- fix tests (bsc#1197742)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released:    Fri May 27 10:03:40 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:

- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1883-1
Released:    Mon May 30 12:41:35 2022
Summary:     Security update for pcre2
Type:        security
Severity:    important
References:  1199232,CVE-2022-1586
This update for pcre2 fixes the following issues:

- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released:    Tue May 31 09:24:18 2022
Summary:     Recommended update for grep
Type:        recommended
Severity:    moderate
References:  1040589
This update for grep fixes the following issues:

- Make profiling deterministic. (bsc#1040589, SLE-24115)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released:    Wed Jun  1 10:43:22 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    important
References:  1198176
This update for libtirpc fixes the following issues:

- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released:    Wed Jun  1 16:25:35 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1198751
This update for glibc fixes the following issues:

- Add the correct name for the IBM Z16 (bsc#1198751).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released:    Wed Jun  8 16:50:07 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:

Update to the GCC 11.3.0 release.

* includes SLS hardening backport on x86_64.  [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild.  [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586.  [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune 
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines.  [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build  [bsc#1192951]
* Package mwaitintrin.h

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2049-1
Released:    Mon Jun 13 09:23:52 2022
Summary:     Recommended update for binutils
Type:        recommended
Severity:    moderate
References:  1191908,1198422
This update for binutils fixes the following issues:

- Revert back to old behaviour of not ignoring the in-section content
  of to be relocated fields on x86-64, even though that's a RELA architecture.
  Compatibility with buggy object files generated by old tools.
  [bsc#1198422]
- Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2149-1
Released:    Wed Jun 22 08:17:38 2022
Summary:     Recommended update for ceph-iscsi
Type:        recommended
Severity:    moderate
References:  1198435
This update for ceph-iscsi fixes the following issues:

- Update to 3.5+1655410541.gf482c7a.
  + Improve werkzeug version checking (bsc#1198435)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2157-1
Released:    Wed Jun 22 17:11:25 2022
Summary:     Recommended update for binutils
Type:        recommended
Severity:    moderate
References:  1198458
This update for binutils fixes the following issues:

- For building the shim 15.6~rc1 and later versions aarch64 image, objcopy
  needs to support efi-app-aarch64 target. (bsc#1198458)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released:    Mon Jul  4 09:52:25 2022
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
	  
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2323-1
Released:    Thu Jul  7 12:16:58 2022
Summary:     Recommended update for systemd-presets-branding-SLE
Type:        recommended
Severity:    low
References:  
This update for systemd-presets-branding-SLE fixes the following issues:

- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released:    Thu Jul  7 15:06:13 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:

- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released:    Thu Jul  7 15:07:35 2022
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:

- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2357-1
Released:    Mon Jul 11 20:34:20 2022
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1198511,CVE-2015-20107
This update for python3 fixes the following issues:

- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released:    Tue Jul 12 12:05:01 2022
Summary:     Security update for pcre
Type:        security
Severity:    important
References:  1199232,CVE-2022-1586
This update for pcre fixes the following issues:

- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2402-1
Released:    Thu Jul 14 16:58:22 2022
Summary:     Security update for python-PyJWT
Type:        security
Severity:    important
References:  1199756,CVE-2022-29217
This update for python-PyJWT fixes the following issues:

- CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2405-1
Released:    Fri Jul 15 11:47:57 2022
Summary:     Security update for p11-kit
Type:        security
Severity:    moderate
References:  1180065,CVE-2020-29362
This update for p11-kit fixes the following issues:

- CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released:    Fri Jul 15 11:49:01 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:

- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)

This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released:    Thu Jul 21 04:40:14 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:

- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating [email protected] (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released:    Thu Jul 21 15:16:42 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    important
References:  1200855,1201560,1201640
This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released:    Mon Jul 25 14:43:22 2022
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2547-1
Released:    Mon Jul 25 19:57:38 2022
Summary:     Security update for logrotate
Type:        security
Severity:    important
References:  1192449,1200278,1200802
This update for logrotate fixes the following issues:

Security issues fixed:

- Improved coredump handing for SUID binaries (bsc#1192449).

Non-security issues fixed:

- Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2548-1
Released:    Tue Jul 26 13:48:28 2022
Summary:     Critical update for python-cssselect
Type:        recommended
Severity:    critical
References:  
This update for python-cssselect implements packages to the unrestrictied repository.
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released:    Thu Jul 28 04:22:33 2022
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:

libzypp:

- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were 
  removed at the  beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER

zypper:

- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released:    Mon Aug  1 10:41:04 2022
Summary:     Security update for dwarves and elfutils
Type:        security
Severity:    moderate
References:  1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:

elfutils was updated to version 0.177 (jsc#SLE-24501):
  
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
             Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
            dwelf_elf_begin now only returns NULL when there is an error
            reading or decompressing a file. If the file is not an ELF file
            an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
  
Update to version 0.176:

- build: Add new --enable-install-elfh option.
         Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
  - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
  - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
  
Update to version 0.175:
  
- readelf: Handle mutliple .debug_macro sections.
           Recognize and parse GNU Property, NT_VERSION and
           GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
         Add strip --reloc-debug-sections-only option.
         Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
            and BPF_JSLE.
    backends: RISCV handles ADD/SUB relocations.
              Handle SHT_X86_64_UNWIND.
  - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
  - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
  - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
  
Update to version 0.174:
  
- libelf, libdw and all tools now handle extended shnum and
  shstrndx correctly.
  
- elfcompress: Don't rewrite input file if no section data needs
               updating. Try harder to keep same file mode bits
               (suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
            generate CFI based backtraces.
- Fixes:
  - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
  - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
  - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
    
Update to version 0.173:
  
- More fixes for crashes and hangs found by afl-fuzz. In particular various
  functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
           to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
         dwarf_begin_elf now accepts ELF files containing just .debug_line
         or .debug_frame sections (which can be read without needing a DIE
         tree from the .debug_info section).
         Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
            The RISCV backends now handles ABI specific CFI and knows about
            RISCV register types and names.
  
Update to version 0.172:
  
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
  Thanks to running the afl fuzzer on eu-readelf and various testcases.
  
Update to version 0.171:
  
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
  Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
  .debug_loclists, .debug_str_offsets and .debug_rnglists.  Plus the new
  DWARF5 and GNU DebugFission encodings of the existing .debug sections.
  Also in split DWARF .dwo (DWARF object) files.  This support is mostly
  handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
  dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
  sections and data formats.  But some new functions have been added
  to more easily get information about skeleton and split compile units
  (dwarf_get_units and dwarf_cu_info), handle new attribute data
  (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
  that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
  files, the .debug_names index, the .debug_cu_index and .debug_tu_index
  sections. Only a single .debug_info (and .debug_types) section are
  currently handled.
- readelf: Handle all new DWARF5 sections.
           --debug-dump=info+ will show split unit DIEs when found.
           --dwarf-skeleton can be used when inspecting a .dwo file.
     Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
         dwarf_getabbrevattr_data and dwarf_cu_info.
         libdw will now try to resolve the alt file on first use of
         an alt attribute FORM when not set yet with dwarf_set_alt.
         dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
  backends: Add a RISC-V backend.
  
  There were various improvements to build on Windows.
  The sha1 and md5 implementations have been removed, they weren't used.

Update to version 0.170:

- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
         calling convention, defaulted member function and macro constants
         to dwarf.h.
	 New functions dwarf_default_lower_bound and dwarf_line_file.
  	 dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
  	 dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.

Update to version 0.169:

- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
            Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
  - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
  - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
  - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
  - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
  - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
  - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
  - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
  already supplements elfutils.

dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2628-1
Released:    Tue Aug  2 12:21:23 2022
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    important
References:  1195463,1196850
This update for apparmor fixes the following issues:

- Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)
- Add new rule to allow reading of openssl.cnf (bsc#1195463)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2649-1
Released:    Wed Aug  3 15:06:21 2022
Summary:     Security update for pcre2
Type:        security
Severity:    important
References:  1164384,1199235,CVE-2019-20454,CVE-2022-1587
This update for pcre2 fixes the following issues:

- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released:    Tue Aug  9 12:54:16 2022
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1198627,CVE-2022-29458
This update for ncurses fixes the following issues:

- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2817-1
Released:    Tue Aug 16 12:03:46 2022
Summary:     Security update for ceph
Type:        security
Severity:    important
References:  1194131,1194875,1195359,1196044,1196733,1196785,1200064,1200553,CVE-2021-3979
This update for ceph fixes the following issues:

- Update to 16.2.9-536-g41a9f9a5573:
  + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR 
  + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)

- Update to 16.2.9-158-gd93952c7eea:
  + cmake: check for python(\d)\.(\d+) when building boost
  + make-dist: patch boost source to support python 3.10

- Update to ceph-16.2.9-58-ge2e5cb80063:
  + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths

- Update to 16.2.9.50-g7d9f12156fb:
  + (jsc#SES-2515) High-availability NFS export 
  + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname
  + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit

- Update to 16.2.7-969-g6195a460d89
  + (jsc#SES-2515) High-availability NFS export 

- Update to v16.2.7-654-gd5a90ff46f0
  + (bsc#1196733) remove build directory during %clean 

- Update to v16.2.7-652-gf5dc462fdb5 
  + (bsc#1194875) [SES7P] include/buffer: include memory


The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- binutils-2.37-150100.7.37.1 updated
- ceph-base-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-iscsi-3.5+1655410541.gf482c7a-150300.3.3.1 updated
- ceph-mds-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-dashboard-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-modules-core-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-rook-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mon-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-osd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-prometheus-alerts-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-radosgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- device-mapper-1.02.163-8.42.1 updated
- e2fsprogs-1.43.8-150000.4.33.1 updated
- gio-branding-SLE-15-150300.19.3.1 updated
- glib2-tools-2.62.6-150200.3.9.1 updated
- glibc-locale-base-2.31-150300.37.1 updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- gzip-1.10-150200.10.1 updated
- libapparmor1-2.13.6-150300.3.15.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.20.1 updated
- libcbor0-0.5.0-150100.4.6.1 updated
- libcephfs2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libcephsqlite-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libctf-nobfd0-2.37-150100.7.37.1 updated
- libctf0-2.37-150100.7.37.1 updated
- libcurl4-7.66.0-150200.4.36.1 updated
- libdevmapper-event1_03-1.02.163-8.42.1 updated
- libdevmapper1_03-1.02.163-8.42.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libext2fs2-1.43.8-150000.4.33.1 updated
- libfdisk1-2.36.2-150300.4.20.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libgio-2_0-0-2.62.6-150200.3.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libgmodule-2_0-0-2.62.6-150200.3.9.1 updated
- libgobject-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.8.1 updated
- libldap-data-2.4.46-150200.14.8.1 updated
- libleveldb1-1.18-150000.3.3.1 updated
- liblvm2cmd2_03-2.03.05-8.42.1 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.20.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- liboath0-2.6.2-150000.3.3.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libp11-kit0-0.23.2-150000.4.16.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libpcre2-8-0-10.31-150000.3.12.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libpython3_6m1_0-3.6.15-150300.10.27.1 updated
- librados2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- librbd1-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- librgw2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.20.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.48.1 updated
- libtcmu2-1.5.2-150200.2.7.1 updated
- libtirpc-netconfig-1.2.6-150300.3.6.1 updated
- libtirpc3-1.2.6-150300.3.6.1 updated
- libudev1-246.16-150300.7.48.1 updated
- libuuid1-2.36.2-150300.4.20.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.30.1 updated
- libzypp-17.30.2-150200.39.1 updated
- logrotate-3.13.0-150000.4.7.1 updated
- lvm2-2.03.05-8.42.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- nfs-client-2.1.1-150100.10.24.1 updated
- nfs-kernel-server-2.1.1-150100.10.24.1 updated
- oath-toolkit-xml-2.6.2-150000.3.3.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- p11-kit-tools-0.23.2-150000.4.16.1 updated
- p11-kit-0.23.2-150000.4.16.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- psmisc-23.0-150000.6.22.1 updated
- python-rtslib-fb-common-2.1.74-150300.3.3.1 updated
- python3-PyJWT-1.7.1-150200.3.3.1 updated
- python3-base-3.6.15-150300.10.27.1 updated
- python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-cephfs-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-cssselect-1.0.3-150000.3.3.1 updated
- python3-curses-3.6.15-150300.10.27.1 updated
- python3-python3-saml-1.7.0-150200.3.3.2 updated
- python3-rados-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rbd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rtslib-fb-2.1.74-150300.3.3.1 updated
- python3-3.6.15-150300.10.27.1 updated
- rbd-mirror-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- systemd-presets-branding-SLE-15.1-150100.20.11.1 updated
- systemd-presets-common-SUSE-15-150100.8.12.1 updated
- systemd-246.16-150300.7.48.1 updated
- tcmu-runner-handler-rbd-1.5.2-150200.2.7.1 updated
- tcmu-runner-1.5.2-150200.2.7.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.7.1 updated
- udev-246.16-150300.7.48.1 updated
- util-linux-systemd-2.36.2-150300.4.20.1 updated
- util-linux-2.36.2-150300.4.20.1 updated
- xz-5.2.3-150000.4.7.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.14 updated

SUSE: 2022:1852-1 ses/7.1/ceph/ceph Security Update

August 18, 2022
The container ses/7.1/ceph/ceph was updated

Summary

Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1145-1 Released: Mon Apr 11 14:59:54 2022 Summary: Recommended update for tcmu-runner Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1422-1 Released: Wed Apr 27 09:24:27 2022 Summary: Recommended update for glib2-branding Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low Advisory ID: SUSE-RU-2022:1491-1 Released: Tue May 3 07:09:44 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important Advisory ID: SUSE-RU-2022:1625-1 Released: Tue May 10 15:54:43 2022 Summary: Recommended update for python-python3-saml Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1709-1 Released: Tue May 17 17:35:47 2022 Summary: Recommended update for libcbor Type: recommended Severity: important Advisory ID: SUSE-RU-2022:1720-1 Released: Tue May 17 17:46:03 2022 Summary: Recommended update for python-rtslib-fb Type: recommended Severity: important Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-RU-2022:1828-1 Released: Tue May 24 10:47:38 2022 Summary: Recommended update for oath-toolkit Type: recommended Severity: important Advisory ID: SUSE-RU-2022:1864-1 Released: Fri May 27 09:07:30 2022 Summary: Recommended update for leveldb Type: recommended Severity: low Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:52 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2149-1 Released: Wed Jun 22 08:17:38 2022 Summary: Recommended update for ceph-iscsi Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2157-1 Released: Wed Jun 22 17:11:25 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important Advisory ID: SUSE-SU-2022:2402-1 Released: Thu Jul 14 16:58:22 2022 Summary: Security update for python-PyJWT Type: security Severity: important Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important Advisory ID: SUSE-SU-2022:2547-1 Released: Mon Jul 25 19:57:38 2022 Summary: Security update for logrotate Type: security Severity: important Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-SU-2022:2817-1 Released: Tue Aug 16 12:03:46 2022 Summary: Security update for ceph Type: security Severity: important

References

References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589

1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726

1121227 1121230 1122004 1122021 1123685 1125007 1137373 1164384

1177460 1180065 1181658 1183533 1184501 1185637 1191157 1191502

1191908 1192449 1192951 1193086 1193489 1193659 1194131 1194172

1194550 1194642 1194708 1194848 1194875 1194883 1195157 1195231

1195247 1195251 1195258 1195283 1195359 1195463 1195529 1195628

1195836 1195899 1195999 1196044 1196061 1196093 1196107 1196125

1196317 1196368 1196490 1196514 1196567 1196647 1196733 1196785

1196787 1196850 1196861 1196925 1196939 1197004 1197024 1197065

1197134 1197297 1197443 1197459 1197570 1197684 1197718 1197742

1197743 1197771 1197788 1197790 1197794 1197846 1198062 1198062

1198090 1198114 1198176 1198237 1198422 1198435 1198446 1198458

1198507 1198511 1198614 1198627 1198723 1198732 1198751 1198766

1198922 1199042 1199090 1199132 1199140 1199166 1199223 1199224

1199232 1199232 1199235 1199240 1199756 1200064 1200170 1200278

1200334 1200550 1200553 1200735 1200737 1200802 1200855 1200855

1201099 1201225 1201560 1201640 CVE-2015-20107 CVE-2017-7607

CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612

CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310

CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032

CVE-2019-20454 CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148

CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2020-29362

CVE-2021-22570 CVE-2021-28153 CVE-2021-3979 CVE-2022-1271 CVE-2022-1271

CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1586 CVE-2022-1587

CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775

CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29217

CVE-2022-29458 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903

1195258,CVE-2021-22570

This update for protobuf fixes the following issues:

- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).

1196093,1197024

This update for pam fixes the following issues:

- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)

- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.

This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)

1197459,CVE-2018-25032

This update for zlib fixes the following issues:

- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).

1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292

This update for yaml-cpp fixes the following issues:

- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).

- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).

- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).

- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).

1194883

This update for aaa_base fixes the following issues:

- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)

- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8

multi byte characters as well as support the vi mode of readline library

1194642

This update for util-linux fixes the following issue:

- Improve throughput and reduce clock sequence increments for high load situation with time based

version 1 uuids. (bsc#1194642)

1177460

This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):

* Palestine will spring forward on 2022-03-27, not on 03-26

* `zdump -v` now outputs better failure indications

* Bug fixes for code that reads corrupted TZif data

1197297,1197788

This update for nfs-utils fixes the following issues:

- Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297)

* This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels.

- Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788)

1196787

This update for tcmu-runner fixes the following issues:

- fix g_object_unref: assertion 'G_IS_OBJECT (object)' failed. (bsc#1196787)

1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134

This update for libsolv, libzypp, zypper fixes the following issues:

Security relevant fix:

- Harden package signature checks (bsc#1184501).

libsolv update to 0.7.22:

- reworked choice rule generation to cover more usecases

- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)

- support parsing of Debian's Multi-Arch indicator

- fix segfault on conflict resolution when using bindings

- fix split provides not working if the update includes a forbidden vendor change

- support strict repository priorities

new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY

- support zstd compressed control files in debian packages

- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)

- support setting/reading userdata in solv files

new functions: repowriter_set_userdata, solv_read_userdata

- support queying of the custom vendor check function

new function: pool_get_custom_vendorcheck

- support solv files with an idarray block

- allow accessing the toolversion at runtime

libzypp update to 17.30.0:

- ZConfig: Update solver settings if target changes (bsc#1196368)

- Fix possible hang in singletrans mode (bsc#1197134)

- Do 2 retries if mount is still busy.

- Fix package signature check (bsc#1184501)

Pay attention that header and payload are secured by a valid

signature and report more detailed which signature is missing.

- Retry umount if device is busy (bsc#1196061, closes #381)

A previously released ISO image may need a bit more time to

release it's loop device. So we wait a bit and retry.

- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)

- Fix handling of ISO media in releaseAll (bsc#1196061)

- Hint on common ptf resolver conflicts (bsc#1194848)

- Hint on ptf<>patch resolver conflicts (bsc#1194848)

zypper update to 1.14.52:

- info: print the packages upstream URL if available (fixes #426)

- info: Fix SEGV with not installed PTFs (bsc#1196317)

- Don't prevent less restrictive umasks (bsc#1195999)

1198062,CVE-2022-1271

This update for xz fixes the following issues:

- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)

1191502,1193086,1195247,1195529,1195899,1196567

This update for systemd fixes the following issues:

- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)

- When migrating from sysvinit to systemd (it probably won't happen anymore),

let's use the default systemd target, which is the graphical.target one.

- Don't open /var journals in volatile mode when runtime_journal==NULL

- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)

- man: tweak description of auto/noauto (bsc#1191502)

- shared/install: ignore failures for auxiliary files

- install: make UnitFileChangeType enum anonymous

- shared/install: reduce scope of iterator variables

- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)

- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)

- Drop or soften some of the deprecation warnings (bsc#1193086)

1195231

This update for lvm2 fixes the following issues:

- udev: create symlinks and watch even in suspended state (bsc#1195231)

1196647

This update for libtirpc fixes the following issues:

- Add option to enforce connection via protocol version 2 first (bsc#1196647)

1196939

This update for e2fsprogs fixes the following issues:

- Add support for 'libreadline7' for Leap. (bsc#1196939)

1191157,1197004

This update for openldap2 fixes the following issues:

- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)

- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol

resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)

- restore CLDAP functionality in CLI tools (jsc#PM-3288)

1195628,1196107

This update for gcc11 fixes the following issues:

- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from

packages provided by older GCC work. Add a requires from that

package to the corresponding libstc++6 package to keep those

at the same version. [bsc#1196107]

- Fixed memory corruption when creating dependences with the D language frontend.

- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]

- Put libstdc++6-pp Requires on the shared library and drop

to Recommends.

1195836

This update for glib2-branding fixes the following issues:

- Change the default `LibreOffice Startcenter` entry to `libreoffice-startcenter.desktop` and provide the missing

favorite link. (bsc#1195836)

1195251

This update for systemd-presets-common-SUSE fixes the following issue:

- enable vgauthd service for VMWare by default (bsc#1195251)

1198237

This update for binutils fixes the following issues:

- The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237)

1193489

This update for perl fixes the following issues:

- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)

1183533,CVE-2021-28153

This update for glib2 fixes the following issues:

- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).

1194172

This update for psmisc fixes the following issues:

- Add a fallback if the system call name_to_handle_at() is not supported by the used file system.

- Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from

pthreads(7) (bsc#1194172)

- Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172)

1198062,1198922,CVE-2022-1271

This update for gzip fixes the following issues:

- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)

1197846

This update for python-python3-saml fixes the following issues:

- Update expiry dates for responses. (bsc#1197846)

1198090,1198114

This update for systemd fixes the following issues:

- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)

- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)

- tmpfiles: constify item_compatible() parameters

- test tmpfiles: add a test for 'w+'

- test: add test checking tmpfiles conf file precedence

- journald: make use of CLAMP() in cache_space_refresh()

- journal-file: port journal_file_open() to openat_report_new()

- fs-util: make sure openat_report_new() initializes return param also on shortcut

- fs-util: fix typos in comments

- fs-util: add openat_report_new() wrapper around openat()

1197794

This update for pam fixes the following issue:

- Do not include obsolete header files (bsc#1197794)

1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776

This update for curl fixes the following issues:

- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)

- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)

- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)

1197771

This update for libpsl fixes the following issues:

- Fix libpsl compilation issues (bsc#1197771)

1199240,CVE-2022-29155

This update for openldap2 fixes the following issues:

- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

1198446,CVE-2022-1304

This update for e2fsprogs fixes the following issues:

- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault

and possibly arbitrary code execution. (bsc#1198446)

1197443

This update for augeas fixes the following issue:

- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)

1197743

This update for libcbor fixes the following issues:

- Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4

1199090

This update for python-rtslib-fb fixes the following issues:

- Update parameters description.

- Enable the 'disable_emulate_legacy_capacity' parameter. (bsc#1199090)

1196490,1199132,CVE-2022-23308,CVE-2022-29824

This update for libxml2 fixes the following issues:

- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).

- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).

1197790

This update for oath-toolkit fixes the following issues:

- Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197790)

1197742

This update for leveldb fixes the following issue:

- fix tests (bsc#1197742)

1199223,1199224,CVE-2022-27781,CVE-2022-27782

This update for curl fixes the following issues:

- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)

- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)

1199232,CVE-2022-1586

This update for pcre2 fixes the following issues:

- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).

1040589

This update for grep fixes the following issues:

- Make profiling deterministic. (bsc#1040589, SLE-24115)

1198176

This update for libtirpc fixes the following issues:

- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)

1198751

This update for glibc fixes the following issues:

- Add the correct name for the IBM Z16 (bsc#1198751).

1192951,1193659,1195283,1196861,1197065

This update for gcc11 fixes the following issues:

Update to the GCC 11.3.0 release.

* includes SLS hardening backport on x86_64. [bsc#1195283]

* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]

* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]

* use --with-cpu rather than specifying --with-arch/--with-tune

* Fix D memory corruption in -M output.

* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]

* fixes issue with debug dumping together with -o /dev/null

* fixes libgccjit issue showing up in emacs build [bsc#1192951]

* Package mwaitintrin.h

1191908,1198422

This update for binutils fixes the following issues:

- Revert back to old behaviour of not ignoring the in-section content

of to be relocated fields on x86-64, even though that's a RELA architecture.

Compatibility with buggy object files generated by old tools.

[bsc#1198422]

- Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908)

1198435

This update for ceph-iscsi fixes the following issues:

- Update to 3.5+1655410541.gf482c7a.

+ Improve werkzeug version checking (bsc#1198435)

1198458

This update for binutils fixes the following issues:

- For building the shim 15.6~rc1 and later versions aarch64 image, objcopy

needs to support efi-app-aarch64 target. (bsc#1198458)

1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068

This update for openssl-1_1 fixes the following issues:

- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).

- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)

This update for systemd-presets-branding-SLE fixes the following issues:

- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)

1200735,1200737,CVE-2022-32206,CVE-2022-32208

This update for curl fixes the following issues:

- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)

- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

1201099,CVE-2022-2097

This update for openssl-1_1 fixes the following issues:

- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).

1198511,CVE-2015-20107

This update for python3 fixes the following issues:

- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).

1199232,CVE-2022-1586

This update for pcre fixes the following issues:

- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

1199756,CVE-2022-29217

This update for python-PyJWT fixes the following issues:

- CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756).

1180065,CVE-2020-29362

This update for p11-kit fixes the following issues:

- CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065)

1197718,1199140,1200334,1200855

This update for glibc fixes the following issues:

- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)

- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)

- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)

- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)

This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).

1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170

This update for systemd fixes the following issues:

- Allow control characters in environment variable values (bsc#1200170)

- Call pam_loginuid when creating [email protected] (bsc#1198507)

- Fix parsing error in s390 udev rules conversion script (bsc#1198732)

- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)

- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit

- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'

- basic/env-util: (mostly) follow POSIX for what variable names are allowed

- basic/env-util: make function shorter

- basic/escape: add mode where empty arguments are still shown as ''

- basic/escape: always escape newlines in shell_escape()

- basic/escape: escape control characters, but not utf-8, in shell quoting

- basic/escape: use consistent location for '*' in function declarations

- basic/string-util: inline iterator variable declarations

- basic/string-util: simplify how str_realloc() is used

- basic/string-util: split out helper function

- core/device: device_coldplug(): don't set DEVICE_DEAD

- core/device: do not downgrade device state if it is already enumerated

- core/device: drop unnecessary condition

- string-util: explicitly cast character to unsigned

- string-util: fix build error on aarch64

- test-env-util: Verify that \r is disallowed in env var values

- test-env-util: print function headers

1200855,1201560,1201640

This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)

- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

1196125,1201225,CVE-2022-34903

This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).

- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

1192449,1200278,1200802

This update for logrotate fixes the following issues:

Security issues fixed:

- Improved coredump handing for SUID binaries (bsc#1192449).

Non-security issues fixed:

- Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).

This update for python-cssselect implements packages to the unrestrictied repository.

1194550,1197684,1199042

This update for libzypp, zypper fixes the following issues:

libzypp:

- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)

- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag

- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh

- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)

- singletrans: no dry-run commit if doing just download-only

- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were

removed at the beginning of the repo.

- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER

zypper:

- Basic JobReport for 'cmdout/monitor'

- versioncmp: if verbose, also print the edition 'parts' which are compared

- Make sure MediaAccess is closed on exception (bsc#1194550)

- Display plus-content hint conditionally

- Honor the NO_COLOR environment variable when auto-detecting whether to use color

- Define table columns which should be sorted natural [case insensitive]

- lr/ls: Use highlight color on name and alias as well

1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665

This update for dwarves and elfutils fixes the following issues:

elfutils was updated to version 0.177 (jsc#SLE-24501):

- elfclassify: New tool to analyze ELF objects.

- readelf: Print DW_AT_data_member_location as decimal offset.

Decode DW_AT_discr_list block attributes.

- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.

- libdwelf: Add dwelf_elf_e_machine_string.

dwelf_elf_begin now only returns NULL when there is an error

reading or decompressing a file. If the file is not an ELF file

an ELF handle of type ELF_K_NONE is returned.

- backends: Add support for C-SKY.

Update to version 0.176:

- build: Add new --enable-install-elfh option.

Do NOT use this for system installs (it overrides glibc elf.h).

- backends: riscv improved core file and return value location support.

- Fixes:

- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)

- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)

Update to version 0.175:

- readelf: Handle mutliple .debug_macro sections.

Recognize and parse GNU Property, NT_VERSION and

GNU Build Attribute ELF Notes.

- strip: Handle SHT_GROUP correctly.

Add strip --reloc-debug-sections-only option.

Handle relocations against GNU compressed sections.

- libdwelf: New function dwelf_elf_begin.

- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT

and BPF_JSLE.

backends: RISCV handles ADD/SUB relocations.

Handle SHT_X86_64_UNWIND.

- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)

- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)

- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)

Update to version 0.174:

- libelf, libdw and all tools now handle extended shnum and

shstrndx correctly.

- elfcompress: Don't rewrite input file if no section data needs

updating. Try harder to keep same file mode bits

(suid) on rewrite.

- strip: Handle mixed (out of order) allocated/non-allocated sections.

- unstrip: Handle SHT_GROUP sections.

- backends: RISCV and M68K now have backend implementations to

generate CFI based backtraces.

- Fixes:

- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf

- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)

- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)

Update to version 0.173:

- More fixes for crashes and hangs found by afl-fuzz. In particular various

functions now detect and break infinite loops caused by bad DIE tree cycles.

- readelf: Will now lookup the size and signedness of constant value types

to display them correctly (and not just how they were encoded).

- libdw: New function dwarf_next_lines to read CU-less .debug_line data.

dwarf_begin_elf now accepts ELF files containing just .debug_line

or .debug_frame sections (which can be read without needing a DIE

tree from the .debug_info section).

Removed dwarf_getscn_info, which was never implemented.

- backends: Handle BPF simple relocations.

The RISCV backends now handles ABI specific CFI and knows about

RISCV register types and names.

Update to version 0.172:

- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.

Thanks to running the afl fuzzer on eu-readelf and various testcases.

Update to version 0.171:

- DWARF5 and split dwarf, including GNU DebugFission, are supported now.

Data can be read from the new DWARF sections .debug_addr, .debug_line_str,

.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new

DWARF5 and GNU DebugFission encodings of the existing .debug sections.

Also in split DWARF .dwo (DWARF object) files. This support is mostly

handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,

dwarf_ranges, dwarf_form*, etc.) now returning the data from the new

sections and data formats. But some new functions have been added

to more easily get information about skeleton and split compile units

(dwarf_get_units and dwarf_cu_info), handle new attribute data

(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies

that might come from different sections or files (dwarf_die_addr_die).

- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)

files, the .debug_names index, the .debug_cu_index and .debug_tu_index

sections. Only a single .debug_info (and .debug_types) section are

currently handled.

- readelf: Handle all new DWARF5 sections.

--debug-dump=info+ will show split unit DIEs when found.

--dwarf-skeleton can be used when inspecting a .dwo file.

Recognizes GNU locviews with --debug-dump=loc.

- libdw: New functions dwarf_die_addr_die, dwarf_get_units,

dwarf_getabbrevattr_data and dwarf_cu_info.

libdw will now try to resolve the alt file on first use of

an alt attribute FORM when not set yet with dwarf_set_alt.

dwarf_aggregate_size() now works with multi-dimensional arrays.

- libdwfl: Use process_vm_readv when available instead of ptrace.

backends: Add a RISC-V backend.

There were various improvements to build on Windows.

The sha1 and md5 implementations have been removed, they weren't used.

Update to version 0.170:

- libdw: Added new DWARF5 attribute, tag, character encoding, language code,

calling convention, defaulted member function and macro constants

to dwarf.h.

New functions dwarf_default_lower_bound and dwarf_line_file.

dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.

dwarf_getmacros now handles DWARF5 .debug_macro sections.

- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.

- backends: The bpf disassembler is now always build on all platforms.

Update to version 0.169:

- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.

Frame pointer unwinding fallback support for i386, x86_64, aarch64.

- translations: Update Polish translation.

- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)

- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)

- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)

- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)

- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)

- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)

- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)

- Don't make elfutils recommend elfutils-lang as elfutils-lang

already supplements elfutils.

dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.

1195463,1196850

This update for apparmor fixes the following issues:

- Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)

- Add new rule to allow reading of openssl.cnf (bsc#1195463)

1164384,1199235,CVE-2019-20454,CVE-2022-1587

This update for pcre2 fixes the following issues:

- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).

- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).

1198627,CVE-2022-29458

This update for ncurses fixes the following issues:

- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

1194131,1194875,1195359,1196044,1196733,1196785,1200064,1200553,CVE-2021-3979

This update for ceph fixes the following issues:

- Update to 16.2.9-536-g41a9f9a5573:

+ (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR

+ (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)

- Update to 16.2.9-158-gd93952c7eea:

+ cmake: check for python(\d)\.(\d+) when building boost

+ make-dist: patch boost source to support python 3.10

- Update to ceph-16.2.9-58-ge2e5cb80063:

+ (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths

- Update to 16.2.9.50-g7d9f12156fb:

+ (jsc#SES-2515) High-availability NFS export

+ (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname

+ (bsc#1196785) cephadm: avoid crashing on expected non-zero exit

- Update to 16.2.7-969-g6195a460d89

+ (jsc#SES-2515) High-availability NFS export

- Update to v16.2.7-654-gd5a90ff46f0

+ (bsc#1196733) remove build directory during %clean

- Update to v16.2.7-652-gf5dc462fdb5

+ (bsc#1194875) [SES7P] include/buffer: include memory

The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated

- binutils-2.37-150100.7.37.1 updated

- ceph-base-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-iscsi-3.5+1655410541.gf482c7a-150300.3.3.1 updated

- ceph-mds-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-mgr-cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-mgr-dashboard-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-mgr-modules-core-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-mgr-rook-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-mgr-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-mon-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-osd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-prometheus-alerts-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-radosgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- ceph-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- device-mapper-1.02.163-8.42.1 updated

- e2fsprogs-1.43.8-150000.4.33.1 updated

- gio-branding-SLE-15-150300.19.3.1 updated

- glib2-tools-2.62.6-150200.3.9.1 updated

- glibc-locale-base-2.31-150300.37.1 updated

- glibc-2.31-150300.37.1 updated

- gpg2-2.2.27-150300.3.5.1 updated

- grep-3.1-150000.4.6.1 updated

- gzip-1.10-150200.10.1 updated

- libapparmor1-2.13.6-150300.3.15.1 updated

- libaugeas0-1.10.1-150000.3.12.1 updated

- libblkid1-2.36.2-150300.4.20.1 updated

- libcbor0-0.5.0-150100.4.6.1 updated

- libcephfs2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- libcephsqlite-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- libcom_err2-1.43.8-150000.4.33.1 updated

- libcrypt1-4.4.15-150300.4.4.3 updated

- libctf-nobfd0-2.37-150100.7.37.1 updated

- libctf0-2.37-150100.7.37.1 updated

- libcurl4-7.66.0-150200.4.36.1 updated

- libdevmapper-event1_03-1.02.163-8.42.1 updated

- libdevmapper1_03-1.02.163-8.42.1 updated

- libdw1-0.177-150300.11.3.1 updated

- libebl-plugins-0.177-150300.11.3.1 updated

- libelf1-0.177-150300.11.3.1 updated

- libext2fs2-1.43.8-150000.4.33.1 updated

- libfdisk1-2.36.2-150300.4.20.1 updated

- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated

- libgio-2_0-0-2.62.6-150200.3.9.1 updated

- libglib-2_0-0-2.62.6-150200.3.9.1 updated

- libgmodule-2_0-0-2.62.6-150200.3.9.1 updated

- libgobject-2_0-0-2.62.6-150200.3.9.1 updated

- libldap-2_4-2-2.4.46-150200.14.8.1 updated

- libldap-data-2.4.46-150200.14.8.1 updated

- libleveldb1-1.18-150000.3.3.1 updated

- liblvm2cmd2_03-2.03.05-8.42.1 updated

- liblzma5-5.2.3-150000.4.7.1 updated

- libmount1-2.36.2-150300.4.20.1 updated

- libncurses6-6.1-150000.5.12.1 updated

- liboath0-2.6.2-150000.3.3.1 updated

- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated

- libopenssl1_1-1.1.1d-150200.11.51.1 updated

- libp11-kit0-0.23.2-150000.4.16.1 updated

- libpcre1-8.45-150000.20.13.1 updated

- libpcre2-8-0-10.31-150000.3.12.1 updated

- libprotobuf-lite20-3.9.2-4.12.1 updated

- libpsl5-0.20.1-150000.3.3.1 updated

- libpython3_6m1_0-3.6.15-150300.10.27.1 updated

- librados2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- librbd1-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- librgw2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- libsmartcols1-2.36.2-150300.4.20.1 updated

- libsolv-tools-0.7.22-150200.12.1 updated

- libstdc++6-11.3.0+git1637-150000.1.9.1 updated

- libsystemd0-246.16-150300.7.48.1 updated

- libtcmu2-1.5.2-150200.2.7.1 updated

- libtirpc-netconfig-1.2.6-150300.3.6.1 updated

- libtirpc3-1.2.6-150300.3.6.1 updated

- libudev1-246.16-150300.7.48.1 updated

- libuuid1-2.36.2-150300.4.20.1 updated

- libxml2-2-2.9.7-150000.3.46.1 updated

- libyaml-cpp0_6-0.6.1-4.5.1 updated

- libz1-1.2.11-150000.3.30.1 updated

- libzypp-17.30.2-150200.39.1 updated

- logrotate-3.13.0-150000.4.7.1 updated

- lvm2-2.03.05-8.42.1 updated

- ncurses-utils-6.1-150000.5.12.1 updated

- nfs-client-2.1.1-150100.10.24.1 updated

- nfs-kernel-server-2.1.1-150100.10.24.1 updated

- oath-toolkit-xml-2.6.2-150000.3.3.1 updated

- openssl-1_1-1.1.1d-150200.11.51.1 updated

- p11-kit-tools-0.23.2-150000.4.16.1 updated

- p11-kit-0.23.2-150000.4.16.1 updated

- pam-1.3.0-150000.6.58.3 updated

- perl-base-5.26.1-150300.17.3.1 updated

- psmisc-23.0-150000.6.22.1 updated

- python-rtslib-fb-common-2.1.74-150300.3.3.1 updated

- python3-PyJWT-1.7.1-150200.3.3.1 updated

- python3-base-3.6.15-150300.10.27.1 updated

- python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- python3-cephfs-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- python3-cssselect-1.0.3-150000.3.3.1 updated

- python3-curses-3.6.15-150300.10.27.1 updated

- python3-python3-saml-1.7.0-150200.3.3.2 updated

- python3-rados-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- python3-rbd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- python3-rgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- python3-rtslib-fb-2.1.74-150300.3.3.1 updated

- python3-3.6.15-150300.10.27.1 updated

- rbd-mirror-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated

- systemd-presets-branding-SLE-15.1-150100.20.11.1 updated

- systemd-presets-common-SUSE-15-150100.8.12.1 updated

- systemd-246.16-150300.7.48.1 updated

- tcmu-runner-handler-rbd-1.5.2-150200.2.7.1 updated

- tcmu-runner-1.5.2-150200.2.7.1 updated

- terminfo-base-6.1-150000.5.12.1 updated

- timezone-2022a-150000.75.7.1 updated

- udev-246.16-150300.7.48.1 updated

- util-linux-systemd-2.36.2-150300.4.20.1 updated

- util-linux-2.36.2-150300.4.20.1 updated

- xz-5.2.3-150000.4.7.1 updated

- zypper-1.14.53-150200.33.1 updated

- container:sles15-image-15.0.0-17.20.14 updated

Severity
Container Advisory ID : SUSE-CU-2022:1852-1
Container Tags : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.184 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific
Container Release : 3.2.184
Severity : critical
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.