SUSE: 2022:2084-1 ses/7.1/ceph/haproxy Security Update | LinuxSecur...
SUSE Container Update Advisory: ses/7.1/ceph/haproxy
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2084-1
Container Tags        : ses/7.1/ceph/haproxy:2.0.14 , ses/7.1/ceph/haproxy:2.0.14.3.5.153 , ses/7.1/ceph/haproxy:latest , ses/7.1/ceph/haproxy:sle15.3.pacific
Container Release     : 3.5.153
Severity              : important
Type                  : security
References            : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
                        1070955 1073299 1082318 1093392 1104264 1104700 1106390 1107066
                        1107067 1111973 1112310 1112723 1112726 1113554 1120402 1123685
                        1125007 1130557 1137373 1140016 1150451 1164384 1169582 1172055
                        1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350
                        1178353 1181475 1181658 1185637 1188127 1191770 1192167 1192902
                        1192903 1192904 1192951 1193466 1193659 1193905 1194093 1194216
                        1194217 1194388 1194550 1194708 1194872 1194885 1195004 1195059
                        1195157 1195203 1195283 1195332 1195354 1195463 1196125 1196361
                        1196490 1196850 1196861 1197065 1197178 1197443 1197570 1197684
                        1197718 1197771 1197794 1198062 1198090 1198114 1198176 1198341
                        1198446 1198507 1198596 1198614 1198627 1198723 1198731 1198732
                        1198748 1198751 1198752 1198766 1198922 1198925 1199042 1199132
                        1199140 1199166 1199223 1199224 1199232 1199232 1199235 1199240
                        1199331 1199333 1199334 1199524 1199651 1199655 1199693 1199745
                        1199747 1199936 1200010 1200011 1200012 1200170 1200334 1200485
                        1200550 1200735 1200737 1200800 1200842 1200855 1200855 1201099
                        1201225 1201560 1201640 1202175 1202310 1202593 CVE-2017-17087
                        CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611
                        CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403
                        CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-20454 CVE-2019-7146
                        CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665
                        CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903
                        CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974
                        CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166
                        CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213
                        CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359
                        CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696
                        CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1381 CVE-2022-1420
                        CVE-2022-1586 CVE-2022-1586 CVE-2022-1587 CVE-2022-1616 CVE-2022-1619
                        CVE-2022-1620 CVE-2022-1706 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771
                        CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898
                        CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-23308
                        CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155
                        CVE-2022-29458 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903
                        CVE-2022-35252 CVE-2022-37434 
-----------------------------------------------------------------

The container ses/7.1/ceph/haproxy was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released:    Tue Jul 17 09:01:19 2018
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1073299,1093392
This update for timezone provides the following fixes:

- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
  in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
  timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
  setting an incorrect timezone. (bsc#1093392)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released:    Thu Oct 25 14:48:34 2018
Summary:     Recommended update for timezone, timezone-java
Type:        recommended
Severity:    moderate
References:  1104700,1112310

  
This update for timezone, timezone-java fixes the following issues:

The timezone database was updated to 2018f:

- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates

Other bugfixes:

- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released:    Wed Oct 31 16:16:56 2018
Summary:     Recommended update for timezone, timezone-java
Type:        recommended
Severity:    moderate
References:  1113554
This update provides the latest time zone definitions (2018g), including the following change:

- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released:    Tue Jan 15 18:02:58 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1120402
This update for timezone fixes the following issues:

- Update 2018i:
  S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
  Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
  New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
  Metlakatla, Alaska observes PST this winter only
  Guess Morocco will continue to adjust clocks around Ramadan
  Add predictions for Iran from 2038 through 2090
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released:    Thu Mar 28 12:06:17 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1130557
This update for timezone fixes the following issues:

timezone was updated 2019a:

* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released:    Thu Jul 11 07:47:55 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1140016
This update for timezone fixes the following issues:

- Timezone update 2019b. (bsc#1140016):
  - Brazil no longer observes DST.
  - 'zic -b slim' outputs smaller TZif files.
  - Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
  - Add info about the Crimea situation.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released:    Thu Oct 24 07:08:44 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1150451
This update for timezone fixes the following issues:

- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released:    Mon May 18 09:40:36 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1169582
This update for timezone fixes the following issues:

- timezone update 2020a. (bsc#1169582)
  * Morocco springs forward on 2020-05-31, not 2020-05-24.
  * Canada's Yukon advanced to -07 year-round on 2020-03-08.
  * America/Nuuk renamed from America/Godthab.
  * zic now supports expiration dates for leap second lists.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released:    Thu Jun  4 13:24:37 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1172055
This update for timezone fixes the following issue:

- zdump --version reported 'unknown' (bsc#1172055)
 
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released:    Thu Oct 29 19:33:41 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2020b (bsc#1177460)
  * Revised predictions for Morocco's changes starting in 2023.
  * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
  * Macquarie Island has stayed in sync with Tasmania since 2011.
  * Casey, Antarctica is at +08 in winter and +11 in summer.
  * zic no longer supports -y, nor the TYPE field of Rules.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released:    Tue Nov  3 09:48:13 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:

- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released:    Wed Jan 20 13:38:51 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released:    Thu Feb  4 08:46:27 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2021a (bsc#1177460)
  * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

- timezone update 2021a (bsc#1177460)
  * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released:    Thu Jul 29 14:21:52 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released:    Thu Dec  2 11:47:07 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

Update timezone to 2021e (bsc#1177460)

- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released:    Tue Apr  5 18:34:06 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not on 03-26
  * `zdump -v` now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1617-1
Released:    Tue May 10 14:40:12 2022
Summary:     Security update for gzip
Type:        security
Severity:    important
References:  1198062,1198922,CVE-2022-1271
This update for gzip fixes the following issues:

- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released:    Tue May 10 15:55:13 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1198090,1198114
This update for systemd fixes the following issues:

- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released:    Fri May 13 15:36:10 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1197794
This update for pam fixes the following issue:

- Do not include obsolete header files (bsc#1197794)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released:    Fri May 13 15:39:07 2022
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:

- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released:    Fri May 13 15:40:20 2022
Summary:     Recommended update for libpsl
Type:        recommended
Severity:    important
References:  1197771
This update for libpsl fixes the following issues:

- Fix libpsl compilation issues (bsc#1197771)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released:    Mon May 16 10:06:30 2022
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:

- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released:    Mon May 16 14:02:49 2022
Summary:     Security update for e2fsprogs
Type:        security
Severity:    important
References:  1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:

- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
  and possibly arbitrary code execution. (bsc#1198446)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released:    Mon May 16 15:13:39 2022
Summary:     Recommended update for augeas
Type:        recommended
Severity:    moderate
References:  1197443
This update for augeas fixes the following issue:

- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released:    Thu May 19 15:28:20 2022
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:

- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released:    Fri May 27 10:03:40 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:

- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1883-1
Released:    Mon May 30 12:41:35 2022
Summary:     Security update for pcre2
Type:        security
Severity:    important
References:  1199232,CVE-2022-1586
This update for pcre2 fixes the following issues:

- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released:    Tue May 31 09:24:18 2022
Summary:     Recommended update for grep
Type:        recommended
Severity:    moderate
References:  1040589
This update for grep fixes the following issues:

- Make profiling deterministic. (bsc#1040589, SLE-24115)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released:    Wed Jun  1 10:43:22 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    important
References:  1198176
This update for libtirpc fixes the following issues:

- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released:    Wed Jun  1 16:25:35 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1198751
This update for glibc fixes the following issues:

- Add the correct name for the IBM Z16 (bsc#1198751).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released:    Wed Jun  8 16:50:07 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:

Update to the GCC 11.3.0 release.

* includes SLS hardening backport on x86_64.  [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild.  [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586.  [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune 
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines.  [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build  [bsc#1192951]
* Package mwaitintrin.h

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2102-1
Released:    Thu Jun 16 15:18:23 2022
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927
This update for vim fixes the following issues:

- CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
- CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
- CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
- CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
- CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
- CVE-2021-3974: Fixed use-after-free (bsc#1192904).
- CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466).
- CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
- CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
- CVE-2021-4192: Fixed use-after-free (bsc#1194217).
- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
- CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
- CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
- CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
- CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203).
- CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
- CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
- CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
- CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596).
- CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
- CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
- CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333).
- CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334).
- CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655).
- CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
- CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
- CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
- CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747).
- CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
- CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
- CVE-2022-1898: Fixed use-after-free (bsc#1200011).
- CVE-2022-1927: Fixed buffer over-read (bsc#1200012).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released:    Mon Jul  4 09:52:25 2022
Summary:     Security update for openssl-1_1
Type:        security
Severity:    moderate
References:  1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
	  
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2323-1
Released:    Thu Jul  7 12:16:58 2022
Summary:     Recommended update for systemd-presets-branding-SLE
Type:        recommended
Severity:    low
References:  
This update for systemd-presets-branding-SLE fixes the following issues:

- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released:    Thu Jul  7 15:06:13 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:

- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released:    Thu Jul  7 15:07:35 2022
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:

- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released:    Tue Jul 12 12:05:01 2022
Summary:     Security update for pcre
Type:        security
Severity:    important
References:  1199232,CVE-2022-1586
This update for pcre fixes the following issues:

- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released:    Fri Jul 15 11:49:01 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:

- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)

This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released:    Thu Jul 21 04:40:14 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:

- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating [email protected] (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released:    Thu Jul 21 15:16:42 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    important
References:  1200855,1201560,1201640
This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released:    Mon Jul 25 14:43:22 2022
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released:    Thu Jul 28 04:22:33 2022
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:

libzypp:

- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were 
  removed at the  beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER

zypper:

- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released:    Mon Aug  1 10:41:04 2022
Summary:     Security update for dwarves and elfutils
Type:        security
Severity:    moderate
References:  1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:

elfutils was updated to version 0.177 (jsc#SLE-24501):
  
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
             Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
            dwelf_elf_begin now only returns NULL when there is an error
            reading or decompressing a file. If the file is not an ELF file
            an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
  
Update to version 0.176:

- build: Add new --enable-install-elfh option.
         Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
  - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
  - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
  
Update to version 0.175:
  
- readelf: Handle mutliple .debug_macro sections.
           Recognize and parse GNU Property, NT_VERSION and
           GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
         Add strip --reloc-debug-sections-only option.
         Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
            and BPF_JSLE.
    backends: RISCV handles ADD/SUB relocations.
              Handle SHT_X86_64_UNWIND.
  - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
  - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
  - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
  
Update to version 0.174:
  
- libelf, libdw and all tools now handle extended shnum and
  shstrndx correctly.
  
- elfcompress: Don't rewrite input file if no section data needs
               updating. Try harder to keep same file mode bits
               (suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
            generate CFI based backtraces.
- Fixes:
  - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
  - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
  - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
    
Update to version 0.173:
  
- More fixes for crashes and hangs found by afl-fuzz. In particular various
  functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
           to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
         dwarf_begin_elf now accepts ELF files containing just .debug_line
         or .debug_frame sections (which can be read without needing a DIE
         tree from the .debug_info section).
         Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
            The RISCV backends now handles ABI specific CFI and knows about
            RISCV register types and names.
  
Update to version 0.172:
  
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
  Thanks to running the afl fuzzer on eu-readelf and various testcases.
  
Update to version 0.171:
  
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
  Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
  .debug_loclists, .debug_str_offsets and .debug_rnglists.  Plus the new
  DWARF5 and GNU DebugFission encodings of the existing .debug sections.
  Also in split DWARF .dwo (DWARF object) files.  This support is mostly
  handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
  dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
  sections and data formats.  But some new functions have been added
  to more easily get information about skeleton and split compile units
  (dwarf_get_units and dwarf_cu_info), handle new attribute data
  (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
  that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
  files, the .debug_names index, the .debug_cu_index and .debug_tu_index
  sections. Only a single .debug_info (and .debug_types) section are
  currently handled.
- readelf: Handle all new DWARF5 sections.
           --debug-dump=info+ will show split unit DIEs when found.
           --dwarf-skeleton can be used when inspecting a .dwo file.
     Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
         dwarf_getabbrevattr_data and dwarf_cu_info.
         libdw will now try to resolve the alt file on first use of
         an alt attribute FORM when not set yet with dwarf_set_alt.
         dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
  backends: Add a RISC-V backend.
  
  There were various improvements to build on Windows.
  The sha1 and md5 implementations have been removed, they weren't used.

Update to version 0.170:

- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
         calling convention, defaulted member function and macro constants
         to dwarf.h.
	 New functions dwarf_default_lower_bound and dwarf_line_file.
  	 dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
  	 dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.

Update to version 0.169:

- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
            Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
  - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
  - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
  - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
  - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
  - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
  - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
  - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
  already supplements elfutils.

dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2628-1
Released:    Tue Aug  2 12:21:23 2022
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    important
References:  1195463,1196850
This update for apparmor fixes the following issues:

- Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)
- Add new rule to allow reading of openssl.cnf (bsc#1195463)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2649-1
Released:    Wed Aug  3 15:06:21 2022
Summary:     Security update for pcre2
Type:        security
Severity:    important
References:  1164384,1199235,CVE-2019-20454,CVE-2022-1587
This update for pcre2 fixes the following issues:

- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released:    Tue Aug  9 12:54:16 2022
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1198627,CVE-2022-29458
This update for ncurses fixes the following issues:

- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released:    Mon Aug 22 15:36:30 2022
Summary:     Security update for systemd-presets-common-SUSE
Type:        security
Severity:    moderate
References:  1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:

- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).

The following non-security bugs were fixed:

- Modify branding-preset-states to fix systemd-presets-common-SUSE
  not enabling new user systemd service preset configuration just
  as it handles system service presets. By passing an (optional)
  second parameter 'user', the save/apply-changes commands now
  work with user services instead of system ones (bsc#1200485)

- Add the wireplumber user service preset to enable it by default
  in SLE15-SP4 where it replaced pipewire-media-session, but keep
  pipewire-media-session preset so we don't have to branch the
  systemd-presets-common-SUSE package for SP4 (bsc#1200485)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released:    Fri Aug 26 05:28:34 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1198341
This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released:    Fri Aug 26 15:17:43 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1195059
This update for systemd fixes the following issues:

- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released:    Mon Aug 29 11:21:47 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1202310
This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released:    Wed Aug 31 05:39:14 2022
Summary:     Recommended update for procps
Type:        recommended
Severity:    important
References:  1181475
This update for procps fixes the following issues:

- Fix 'free' command reporting misleading 'used' value (bsc#1181475)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released:    Wed Aug 31 09:16:21 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1202175,CVE-2022-37434
This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released:    Thu Sep  1 12:33:47 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1197178,1198731,1200842
This update for util-linux fixes the following issues:


- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released:    Fri Sep  2 10:44:54 2022
Summary:     Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type:        recommended
Severity:    moderate
References:  1198925

This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)

No codechanges were done in this update.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released:    Fri Sep  2 15:02:14 2022
Summary:     Security update for curl
Type:        security
Severity:    low
References:  1202593,CVE-2022-35252
This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters
  into cookies, which could be exploited by sister sites to cause a
  denial of service (bsc#1202593).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released:    Wed Sep  7 04:36:10 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1198752,1200800
This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)


The following package changes have been done:

- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- gzip-1.10-150200.10.1 updated
- libapparmor1-2.13.6-150300.3.15.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libpcre2-8-0-10.31-150000.3.12.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- procps-3.3.15-150000.7.25.1 updated
- systemd-presets-branding-SLE-15.1-150100.20.11.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-246.16-150300.7.51.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- udev-246.16-150300.7.51.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- vim-data-common-8.2.5038-150000.5.21.1 updated
- vim-8.2.5038-150000.5.21.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated

SUSE: 2022:2084-1 ses/7.1/ceph/haproxy Security Update

September 7, 2022
The container ses/7.1/ceph/haproxy was updated

Summary

Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-RU-2022:2982-1 Released: Thu Sep 1 12:33:47 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3004-1 Released: Fri Sep 2 15:02:14 2022 Summary: Security update for curl Type: security Severity: low Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate

References

References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589

1070955 1073299 1082318 1093392 1104264 1104700 1106390 1107066

1107067 1111973 1112310 1112723 1112726 1113554 1120402 1123685

1125007 1130557 1137373 1140016 1150451 1164384 1169582 1172055

1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350

1178353 1181475 1181658 1185637 1188127 1191770 1192167 1192902

1192903 1192904 1192951 1193466 1193659 1193905 1194093 1194216

1194217 1194388 1194550 1194708 1194872 1194885 1195004 1195059

1195157 1195203 1195283 1195332 1195354 1195463 1196125 1196361

1196490 1196850 1196861 1197065 1197178 1197443 1197570 1197684

1197718 1197771 1197794 1198062 1198090 1198114 1198176 1198341

1198446 1198507 1198596 1198614 1198627 1198723 1198731 1198732

1198748 1198751 1198752 1198766 1198922 1198925 1199042 1199132

1199140 1199166 1199223 1199224 1199232 1199232 1199235 1199240

1199331 1199333 1199334 1199524 1199651 1199655 1199693 1199745

1199747 1199936 1200010 1200011 1200012 1200170 1200334 1200485

1200550 1200735 1200737 1200800 1200842 1200855 1200855 1201099

1201225 1201560 1201640 1202175 1202310 1202593 CVE-2017-17087

CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611

CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403

CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-20454 CVE-2019-7146

CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665

CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903

CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974

CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166

CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213

CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359

CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696

CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1381 CVE-2022-1420

CVE-2022-1586 CVE-2022-1586 CVE-2022-1587 CVE-2022-1616 CVE-2022-1619

CVE-2022-1620 CVE-2022-1706 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771

CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898

CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-23308

CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155

CVE-2022-29458 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903

CVE-2022-35252 CVE-2022-37434

1073299,1093392

This update for timezone provides the following fixes:

- North Korea switches back from +0830 to +09 on 2018-05-05.

- Ireland's standard time is in the summer, with negative DST offset to standard time used

in Winter. (bsc#1073299)

- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd

timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid

setting an incorrect timezone. (bsc#1093392)

1104700,1112310

This update for timezone, timezone-java fixes the following issues:

The timezone database was updated to 2018f:

- Volgograd moves from +03 to +04 on 2018-10-28.

- Fiji ends DST 2019-01-13, not 2019-01-20.

- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)

- Corrections to past timestamps of DST transitions

- Use 'PST' and 'PDT' for Philippine time

- minor code changes to zic handling of the TZif format

- documentation updates

Other bugfixes:

- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)

1113554

This update provides the latest time zone definitions (2018g), including the following change:

- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)

1120402

This update for timezone fixes the following issues:

- Update 2018i:

S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)

- Update 2018h:

Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21

New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move

Metlakatla, Alaska observes PST this winter only

Guess Morocco will continue to adjust clocks around Ramadan

Add predictions for Iran from 2038 through 2090

1130557

This update for timezone fixes the following issues:

timezone was updated 2019a:

* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23

* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00

* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)

* zic now has an -r option to limit the time range of output data

1140016

This update for timezone fixes the following issues:

- Timezone update 2019b. (bsc#1140016):

- Brazil no longer observes DST.

- 'zic -b slim' outputs smaller TZif files.

- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.

- Add info about the Crimea situation.

1150451

This update for timezone fixes the following issues:

- Fiji observes DST from 2019-11-10 to 2020-01-12.

- Norfolk Island starts observing Australian-style DST.

1169582

This update for timezone fixes the following issues:

- timezone update 2020a. (bsc#1169582)

* Morocco springs forward on 2020-05-31, not 2020-05-24.

* Canada's Yukon advanced to -07 year-round on 2020-03-08.

* America/Nuuk renamed from America/Godthab.

* zic now supports expiration dates for leap second lists.

1172055

This update for timezone fixes the following issue:

- zdump --version reported 'unknown' (bsc#1172055)

1177460

This update for timezone fixes the following issues:

- timezone update 2020b (bsc#1177460)

* Revised predictions for Morocco's changes starting in 2023.

* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.

* Macquarie Island has stayed in sync with Tasmania since 2011.

* Casey, Antarctica is at +08 in winter and +11 in summer.

* zic no longer supports -y, nor the TYPE field of Rules.

1177460,1178346,1178350,1178353

This update for timezone fixes the following issues:

- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)

- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)

- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)

1177460

This update for timezone fixes the following issues:

- timezone update 2020f (bsc#1177460)

* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,

fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)

* Volgograd switches to Moscow time on 2020-12-27 at 02:00.

- timezone update 2020f (bsc#1177460)

* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,

fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)

* Volgograd switches to Moscow time on 2020-12-27 at 02:00.

1177460

This update for timezone fixes the following issues:

- timezone update 2021a (bsc#1177460)

* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

- timezone update 2021a (bsc#1177460)

* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

1188127

This update for timezone fixes the following issue:

- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by

the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are

now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

1177460

This update for timezone fixes the following issues:

Update timezone to 2021e (bsc#1177460)

- Palestine will fall back 10-29 (not 10-30) at 01:00

- Fiji suspends DST for the 2021/2022 season

- 'zic -r' marks unspecified timestamps with '-00'

- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers

- Refresh timezone info for china

1177460

This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):

* Palestine will spring forward on 2022-03-27, not on 03-26

* `zdump -v` now outputs better failure indications

* Bug fixes for code that reads corrupted TZif data

1198062,1198922,CVE-2022-1271

This update for gzip fixes the following issues:

- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)

1198090,1198114

This update for systemd fixes the following issues:

- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)

- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)

- tmpfiles: constify item_compatible() parameters

- test tmpfiles: add a test for 'w+'

- test: add test checking tmpfiles conf file precedence

- journald: make use of CLAMP() in cache_space_refresh()

- journal-file: port journal_file_open() to openat_report_new()

- fs-util: make sure openat_report_new() initializes return param also on shortcut

- fs-util: fix typos in comments

- fs-util: add openat_report_new() wrapper around openat()

1197794

This update for pam fixes the following issue:

- Do not include obsolete header files (bsc#1197794)

1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776

This update for curl fixes the following issues:

- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)

- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)

- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)

1197771

This update for libpsl fixes the following issues:

- Fix libpsl compilation issues (bsc#1197771)

1199240,CVE-2022-29155

This update for openldap2 fixes the following issues:

- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

1198446,CVE-2022-1304

This update for e2fsprogs fixes the following issues:

- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault

and possibly arbitrary code execution. (bsc#1198446)

1197443

This update for augeas fixes the following issue:

- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)

1196490,1199132,CVE-2022-23308,CVE-2022-29824

This update for libxml2 fixes the following issues:

- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).

- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).

1199223,1199224,CVE-2022-27781,CVE-2022-27782

This update for curl fixes the following issues:

- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)

- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)

1199232,CVE-2022-1586

This update for pcre2 fixes the following issues:

- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).

1040589

This update for grep fixes the following issues:

- Make profiling deterministic. (bsc#1040589, SLE-24115)

1198176

This update for libtirpc fixes the following issues:

- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)

1198751

This update for glibc fixes the following issues:

- Add the correct name for the IBM Z16 (bsc#1198751).

1192951,1193659,1195283,1196861,1197065

This update for gcc11 fixes the following issues:

Update to the GCC 11.3.0 release.

* includes SLS hardening backport on x86_64. [bsc#1195283]

* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]

* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]

* use --with-cpu rather than specifying --with-arch/--with-tune

* Fix D memory corruption in -M output.

* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]

* fixes issue with debug dumping together with -o /dev/null

* fixes libgccjit issue showing up in emacs build [bsc#1192951]

* Package mwaitintrin.h

1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927

This update for vim fixes the following issues:

- CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).

- CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).

- CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).

- CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).

- CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).

- CVE-2021-3974: Fixed use-after-free (bsc#1192904).

- CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466).

- CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).

- CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).

- CVE-2021-4192: Fixed use-after-free (bsc#1194217).

- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).

- CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).

- CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).

- CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).

- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).

- CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203).

- CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).

- CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).

- CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).

- CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596).

- CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).

- CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).

- CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333).

- CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334).

- CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655).

- CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).

- CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).

- CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).

- CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747).

- CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).

- CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).

- CVE-2022-1898: Fixed use-after-free (bsc#1200011).

- CVE-2022-1927: Fixed buffer over-read (bsc#1200012).

1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068

This update for openssl-1_1 fixes the following issues:

- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).

- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)

This update for systemd-presets-branding-SLE fixes the following issues:

- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)

1200735,1200737,CVE-2022-32206,CVE-2022-32208

This update for curl fixes the following issues:

- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)

- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

1201099,CVE-2022-2097

This update for openssl-1_1 fixes the following issues:

- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).

1199232,CVE-2022-1586

This update for pcre fixes the following issues:

- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

1197718,1199140,1200334,1200855

This update for glibc fixes the following issues:

- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)

- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)

- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)

- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)

This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).

1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170

This update for systemd fixes the following issues:

- Allow control characters in environment variable values (bsc#1200170)

- Call pam_loginuid when creating [email protected] (bsc#1198507)

- Fix parsing error in s390 udev rules conversion script (bsc#1198732)

- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)

- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit

- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'

- basic/env-util: (mostly) follow POSIX for what variable names are allowed

- basic/env-util: make function shorter

- basic/escape: add mode where empty arguments are still shown as ''

- basic/escape: always escape newlines in shell_escape()

- basic/escape: escape control characters, but not utf-8, in shell quoting

- basic/escape: use consistent location for '*' in function declarations

- basic/string-util: inline iterator variable declarations

- basic/string-util: simplify how str_realloc() is used

- basic/string-util: split out helper function

- core/device: device_coldplug(): don't set DEVICE_DEAD

- core/device: do not downgrade device state if it is already enumerated

- core/device: drop unnecessary condition

- string-util: explicitly cast character to unsigned

- string-util: fix build error on aarch64

- test-env-util: Verify that \r is disallowed in env var values

- test-env-util: print function headers

1200855,1201560,1201640

This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)

- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

1196125,1201225,CVE-2022-34903

This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).

- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

1194550,1197684,1199042

This update for libzypp, zypper fixes the following issues:

libzypp:

- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)

- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag

- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh

- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)

- singletrans: no dry-run commit if doing just download-only

- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were

removed at the beginning of the repo.

- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER

zypper:

- Basic JobReport for 'cmdout/monitor'

- versioncmp: if verbose, also print the edition 'parts' which are compared

- Make sure MediaAccess is closed on exception (bsc#1194550)

- Display plus-content hint conditionally

- Honor the NO_COLOR environment variable when auto-detecting whether to use color

- Define table columns which should be sorted natural [case insensitive]

- lr/ls: Use highlight color on name and alias as well

1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665

This update for dwarves and elfutils fixes the following issues:

elfutils was updated to version 0.177 (jsc#SLE-24501):

- elfclassify: New tool to analyze ELF objects.

- readelf: Print DW_AT_data_member_location as decimal offset.

Decode DW_AT_discr_list block attributes.

- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.

- libdwelf: Add dwelf_elf_e_machine_string.

dwelf_elf_begin now only returns NULL when there is an error

reading or decompressing a file. If the file is not an ELF file

an ELF handle of type ELF_K_NONE is returned.

- backends: Add support for C-SKY.

Update to version 0.176:

- build: Add new --enable-install-elfh option.

Do NOT use this for system installs (it overrides glibc elf.h).

- backends: riscv improved core file and return value location support.

- Fixes:

- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)

- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)

Update to version 0.175:

- readelf: Handle mutliple .debug_macro sections.

Recognize and parse GNU Property, NT_VERSION and

GNU Build Attribute ELF Notes.

- strip: Handle SHT_GROUP correctly.

Add strip --reloc-debug-sections-only option.

Handle relocations against GNU compressed sections.

- libdwelf: New function dwelf_elf_begin.

- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT

and BPF_JSLE.

backends: RISCV handles ADD/SUB relocations.

Handle SHT_X86_64_UNWIND.

- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)

- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)

- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)

Update to version 0.174:

- libelf, libdw and all tools now handle extended shnum and

shstrndx correctly.

- elfcompress: Don't rewrite input file if no section data needs

updating. Try harder to keep same file mode bits

(suid) on rewrite.

- strip: Handle mixed (out of order) allocated/non-allocated sections.

- unstrip: Handle SHT_GROUP sections.

- backends: RISCV and M68K now have backend implementations to

generate CFI based backtraces.

- Fixes:

- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf

- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)

- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)

Update to version 0.173:

- More fixes for crashes and hangs found by afl-fuzz. In particular various

functions now detect and break infinite loops caused by bad DIE tree cycles.

- readelf: Will now lookup the size and signedness of constant value types

to display them correctly (and not just how they were encoded).

- libdw: New function dwarf_next_lines to read CU-less .debug_line data.

dwarf_begin_elf now accepts ELF files containing just .debug_line

or .debug_frame sections (which can be read without needing a DIE

tree from the .debug_info section).

Removed dwarf_getscn_info, which was never implemented.

- backends: Handle BPF simple relocations.

The RISCV backends now handles ABI specific CFI and knows about

RISCV register types and names.

Update to version 0.172:

- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.

Thanks to running the afl fuzzer on eu-readelf and various testcases.

Update to version 0.171:

- DWARF5 and split dwarf, including GNU DebugFission, are supported now.

Data can be read from the new DWARF sections .debug_addr, .debug_line_str,

.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new

DWARF5 and GNU DebugFission encodings of the existing .debug sections.

Also in split DWARF .dwo (DWARF object) files. This support is mostly

handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,

dwarf_ranges, dwarf_form*, etc.) now returning the data from the new

sections and data formats. But some new functions have been added

to more easily get information about skeleton and split compile units

(dwarf_get_units and dwarf_cu_info), handle new attribute data

(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies

that might come from different sections or files (dwarf_die_addr_die).

- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)

files, the .debug_names index, the .debug_cu_index and .debug_tu_index

sections. Only a single .debug_info (and .debug_types) section are

currently handled.

- readelf: Handle all new DWARF5 sections.

--debug-dump=info+ will show split unit DIEs when found.

--dwarf-skeleton can be used when inspecting a .dwo file.

Recognizes GNU locviews with --debug-dump=loc.

- libdw: New functions dwarf_die_addr_die, dwarf_get_units,

dwarf_getabbrevattr_data and dwarf_cu_info.

libdw will now try to resolve the alt file on first use of

an alt attribute FORM when not set yet with dwarf_set_alt.

dwarf_aggregate_size() now works with multi-dimensional arrays.

- libdwfl: Use process_vm_readv when available instead of ptrace.

backends: Add a RISC-V backend.

There were various improvements to build on Windows.

The sha1 and md5 implementations have been removed, they weren't used.

Update to version 0.170:

- libdw: Added new DWARF5 attribute, tag, character encoding, language code,

calling convention, defaulted member function and macro constants

to dwarf.h.

New functions dwarf_default_lower_bound and dwarf_line_file.

dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.

dwarf_getmacros now handles DWARF5 .debug_macro sections.

- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.

- backends: The bpf disassembler is now always build on all platforms.

Update to version 0.169:

- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.

Frame pointer unwinding fallback support for i386, x86_64, aarch64.

- translations: Update Polish translation.

- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)

- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)

- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)

- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)

- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)

- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)

- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)

- Don't make elfutils recommend elfutils-lang as elfutils-lang

already supplements elfutils.

dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.

1195463,1196850

This update for apparmor fixes the following issues:

- Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)

- Add new rule to allow reading of openssl.cnf (bsc#1195463)

1164384,1199235,CVE-2019-20454,CVE-2022-1587

This update for pcre2 fixes the following issues:

- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).

- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).

1198627,CVE-2022-29458

This update for ncurses fixes the following issues:

- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

1199524,1200485,CVE-2022-1706

This update for systemd-presets-common-SUSE fixes the following issues:

- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).

The following non-security bugs were fixed:

- Modify branding-preset-states to fix systemd-presets-common-SUSE

not enabling new user systemd service preset configuration just

as it handles system service presets. By passing an (optional)

second parameter 'user', the save/apply-changes commands now

work with user services instead of system ones (bsc#1200485)

- Add the wireplumber user service preset to enable it by default

in SLE15-SP4 where it replaced pipewire-media-session, but keep

pipewire-media-session preset so we don't have to branch the

systemd-presets-common-SUSE package for SP4 (bsc#1200485)

1198341

This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

1195059

This update for systemd fixes the following issues:

- Drop or soften some of the deprecation warnings (jsc#PED-944)

- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)

- tmpfiles: check for the correct directory

1202310

This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

1181475

This update for procps fixes the following issues:

- Fix 'free' command reporting misleading 'used' value (bsc#1181475)

1202175,CVE-2022-37434

This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

1197178,1198731,1200842

This update for util-linux fixes the following issues:

- su: Change owner and mode for pty (bsc#1200842)

- agetty: Resolve tty name even if stdin is specified (bsc#1197178)

- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)

- mesg: use only stat() to get the current terminal status (bsc#1200842)

1198925

This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)

No codechanges were done in this update.

1202593,CVE-2022-35252

This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters

into cookies, which could be exploited by sister sites to cause a

denial of service (bsc#1202593).

1198752,1200800

This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)

- Fix memory leak in params.r_addr assignement (bsc#1198752)

The following package changes have been done:

- glibc-2.31-150300.37.1 updated

- gpg2-2.2.27-150300.3.5.1 updated

- grep-3.1-150000.4.6.1 updated

- gzip-1.10-150200.10.1 updated

- libapparmor1-2.13.6-150300.3.15.1 updated

- libaugeas0-1.10.1-150000.3.12.1 updated

- libblkid1-2.36.2-150300.4.23.1 updated

- libcom_err2-1.43.8-150000.4.33.1 updated

- libcrypt1-4.4.15-150300.4.4.3 updated

- libcurl4-7.66.0-150200.4.39.1 updated

- libdw1-0.177-150300.11.3.1 updated

- libebl-plugins-0.177-150300.11.3.1 updated

- libelf1-0.177-150300.11.3.1 updated

- libfdisk1-2.36.2-150300.4.23.1 updated

- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated

- libldap-2_4-2-2.4.46-150200.14.11.2 updated

- libldap-data-2.4.46-150200.14.11.2 updated

- libmount1-2.36.2-150300.4.23.1 updated

- libncurses6-6.1-150000.5.12.1 updated

- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated

- libopenssl1_1-1.1.1d-150200.11.51.1 updated

- libpcre1-8.45-150000.20.13.1 updated

- libpcre2-8-0-10.31-150000.3.12.1 updated

- libprocps7-3.3.15-150000.7.25.1 updated

- libpsl5-0.20.1-150000.3.3.1 updated

- libsmartcols1-2.36.2-150300.4.23.1 updated

- libstdc++6-11.3.0+git1637-150000.1.9.1 updated

- libsystemd0-246.16-150300.7.51.1 updated

- libtirpc-netconfig-1.2.6-150300.3.11.1 updated

- libtirpc3-1.2.6-150300.3.11.1 updated

- libudev1-246.16-150300.7.51.1 updated

- libusb-1_0-0-1.0.21-150000.3.5.1 updated

- libuuid1-2.36.2-150300.4.23.1 updated

- libxml2-2-2.9.7-150000.3.46.1 updated

- libz1-1.2.11-150000.3.33.1 updated

- libzypp-17.30.2-150200.39.1 updated

- ncurses-utils-6.1-150000.5.12.1 updated

- openssl-1_1-1.1.1d-150200.11.51.1 updated

- pam-1.3.0-150000.6.58.3 updated

- procps-3.3.15-150000.7.25.1 updated

- systemd-presets-branding-SLE-15.1-150100.20.11.1 updated

- systemd-presets-common-SUSE-15-150100.8.17.1 updated

- systemd-246.16-150300.7.51.1 updated

- terminfo-base-6.1-150000.5.12.1 updated

- timezone-2022a-150000.75.10.1 added

- udev-246.16-150300.7.51.1 updated

- util-linux-2.36.2-150300.4.23.1 updated

- vim-data-common-8.2.5038-150000.5.21.1 updated

- vim-8.2.5038-150000.5.21.1 updated

- zypper-1.14.53-150200.33.1 updated

- container:sles15-image-15.0.0-17.20.29 updated

Severity
Container Advisory ID : SUSE-CU-2022:2084-1
Container Tags : ses/7.1/ceph/haproxy:2.0.14 , ses/7.1/ceph/haproxy:2.0.14.3.5.153 , ses/7.1/ceph/haproxy:latest , ses/7.1/ceph/haproxy:sle15.3.pacific
Container Release : 3.5.153
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.