SUSE: 2022:2149-1 suse/manager/4.3/proxy-httpd Security Update | Li...

Advisories

SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2149-1
Container Tags        : suse/manager/4.3/proxy-httpd:4.3.1 , suse/manager/4.3/proxy-httpd:4.3.1.9.7.1 , suse/manager/4.3/proxy-httpd:latest
Container Release     : 9.7.1
Severity              : important
Type                  : security
References            : 1040589 1073299 1093392 1104700 1112310 1113554 1120402 1130557
                        1137373 1140016 1150451 1160171 1169582 1172055 1172179 1176460
                        1177460 1177460 1177460 1177460 1177460 1177460 1178331 1178332
                        1178346 1178350 1178353 1179962 1180816 1180942 1181119 1181223
                        1181475 1181658 1181935 1183684 1185637 1186011 1187028 1187725
                        1188061 1188127 1190462 1191925 1192449 1193282 1193585 1193600
                        1194351 1194394 1194550 1194708 1195059 1195157 1195455 1196025
                        1196026 1196125 1196168 1196169 1196171 1196490 1196704 1196784
                        1197178 1197443 1197507 1197570 1197684 1197689 1197718 1197771
                        1197794 1197963 1198176 1198331 1198341 1198356 1198358 1198446
                        1198511 1198627 1198720 1198731 1198732 1198913 1198944 1199042
                        1199132 1199140 1199147 1199157 1199166 1199232 1199240 1199523
                        1199524 1199528 1199629 1199646 1199652 1199656 1199659 1199662
                        1199663 1199679 1199714 1199727 1199779 1199817 1199874 1199950
                        1199984 1199998 1200110 1200142 1200170 1200276 1200278 1200334
                        1200338 1200340 1200341 1200345 1200347 1200348 1200350 1200352
                        1200485 1200532 1200550 1200591 1200591 1200606 1200624 1200707
                        1200734 1200735 1200736 1200737 1200747 1200771 1200802 1200855
                        1200855 1200968 1200970 1201003 1201003 1201099 1201142 1201189
                        1201224 1201225 1201276 1201385 1201411 1201498 1201560 1201640
                        1201782 1201795 1201842 1202011 1202175 1202310 1202593 1202614
                        1202724 CVE-2015-20107 CVE-2020-25659 CVE-2021-20178 CVE-2021-20180
                        CVE-2021-20191 CVE-2021-20228 CVE-2021-3447 CVE-2021-3583 CVE-2021-3620
                        CVE-2022-1292 CVE-2022-1304 CVE-2022-1348 CVE-2022-1586 CVE-2022-1706
                        CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-25235 CVE-2022-25236
                        CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-26377 CVE-2022-28614
                        CVE-2022-28615 CVE-2022-29155 CVE-2022-29404 CVE-2022-29458 CVE-2022-29824
                        CVE-2022-30522 CVE-2022-30556 CVE-2022-31248 CVE-2022-31813 CVE-2022-32205
                        CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-34903 CVE-2022-35252
                        CVE-2022-37434 
-----------------------------------------------------------------

The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released:    Tue Jul 17 09:01:19 2018
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1073299,1093392
This update for timezone provides the following fixes:

- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
  in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
  timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
  setting an incorrect timezone. (bsc#1093392)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released:    Thu Oct 25 14:48:34 2018
Summary:     Recommended update for timezone, timezone-java
Type:        recommended
Severity:    moderate
References:  1104700,1112310

  
This update for timezone, timezone-java fixes the following issues:

The timezone database was updated to 2018f:

- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates

Other bugfixes:

- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released:    Wed Oct 31 16:16:56 2018
Summary:     Recommended update for timezone, timezone-java
Type:        recommended
Severity:    moderate
References:  1113554
This update provides the latest time zone definitions (2018g), including the following change:

- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released:    Tue Jan 15 18:02:58 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1120402
This update for timezone fixes the following issues:

- Update 2018i:
  São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
  Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
  New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
  Metlakatla, Alaska observes PST this winter only
  Guess Morocco will continue to adjust clocks around Ramadan
  Add predictions for Iran from 2038 through 2090
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released:    Thu Mar 28 12:06:17 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1130557
This update for timezone fixes the following issues:

timezone was updated 2019a:

* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released:    Thu Jul 11 07:47:55 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1140016
This update for timezone fixes the following issues:

- Timezone update 2019b. (bsc#1140016):
  - Brazil no longer observes DST.
  - 'zic -b slim' outputs smaller TZif files.
  - Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
  - Add info about the Crimea situation.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released:    Thu Oct 24 07:08:44 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1150451
This update for timezone fixes the following issues:

- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released:    Mon May 18 09:40:36 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1169582
This update for timezone fixes the following issues:

- timezone update 2020a. (bsc#1169582)
  * Morocco springs forward on 2020-05-31, not 2020-05-24.
  * Canada's Yukon advanced to -07 year-round on 2020-03-08.
  * America/Nuuk renamed from America/Godthab.
  * zic now supports expiration dates for leap second lists.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released:    Thu Jun  4 13:24:37 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1172055
This update for timezone fixes the following issue:

- zdump --version reported 'unknown' (bsc#1172055)
 
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released:    Thu Oct 29 19:33:41 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2020b (bsc#1177460)
  * Revised predictions for Morocco's changes starting in 2023.
  * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
  * Macquarie Island has stayed in sync with Tasmania since 2011.
  * Casey, Antarctica is at +08 in winter and +11 in summer.
  * zic no longer supports -y, nor the TYPE field of Rules.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released:    Tue Nov  3 09:48:13 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:

- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released:    Wed Jan 20 13:38:51 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released:    Thu Feb  4 08:46:27 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2021a (bsc#1177460)
  * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

- timezone update 2021a (bsc#1177460)
  * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released:    Thu Jul 29 14:21:52 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released:    Thu Dec  2 11:47:07 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

Update timezone to 2021e (bsc#1177460)

- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released:    Tue Apr  5 18:34:06 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not on 03-26
  * `zdump -v` now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released:    Fri May 13 15:36:10 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1197794
This update for pam fixes the following issue:

- Do not include obsolete header files (bsc#1197794)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released:    Fri May 13 15:40:20 2022
Summary:     Recommended update for libpsl
Type:        recommended
Severity:    important
References:  1197771
This update for libpsl fixes the following issues:

- Fix libpsl compilation issues (bsc#1197771)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released:    Mon May 16 10:06:30 2022
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:

- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1718-1
Released:    Tue May 17 17:44:43 2022
Summary:     Security update for e2fsprogs
Type:        security
Severity:    important
References:  1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:

- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
  and possibly arbitrary code execution. (bsc#1198446)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released:    Tue May 31 09:24:18 2022
Summary:     Recommended update for grep
Type:        recommended
Severity:    moderate
References:  1040589
This update for grep fixes the following issues:

- Make profiling deterministic. (bsc#1040589, SLE-24115)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released:    Wed Jun  1 10:43:22 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    important
References:  1198176
This update for libtirpc fixes the following issues:

- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2118-1
Released:    Mon Jun 20 13:04:15 2022
Summary:     Recommended update for SUSE Manager Client Tools
Type:        recommended
Severity:    moderate
References:  1181223,1190462,1193600,1196704,1197507,1197689
This update fixes the following issues:

golang-github-QubitProducts-exporter_exporter:

- Adapted to build on Enterprise Linux.
- Fix build for RedHat 7
- Require Go >= 1.14 also for CentOS
- Add support for CentOS
- Replace %{?systemd_requires} with %{?systemd_ordering}

mgr-cfg:

- Version 4.3.6-1
  * Corrected source URL in spec file
  * Fix installation problem for SLE15SP4 due missing python-selinux
  * Fix python selinux package name depending on build target (bsc#1193600)
  * Do not build python 2 package for SLE15SP4 and higher
  * Remove unused legacy code

mgr-custom-info:

- Version 4.3.3-1
  * Remove unused legacy code

mgr-daemon:

- Version 4.3.4-1
  * Corrected source URLs in spec file.
  * Update translation strings

mgr-osad:

- Version 4.3.6-1
  * Corrected source URL in spec file.
  * Do not build python 2 package for SLE15SP4 and higher
  * Removed spacewalk-selinux dependencies.
  * Updated source url.

mgr-push:

- Version 4.3.4-1
  * Corrected source URLs in spec file.

mgr-virtualization:

- Version 4.3.5-1
  * Corrected source URLs in spec file.
  * Do not build python 2 package for SLE15SP4 and higher

prometheus-blackbox_exporter:

- Enhanced to build on Enterprise Linux 8

prometheus-postgres_exporter:

- Updated for RHEL8.

python-hwdata:

- Require python macros for building

rhnlib:

- Version 4.3.4-1
  * Reorganize python files

spacecmd:

- Version 4.3.11-1
  * on full system update call schedulePackageUpdate API (bsc#1197507)
  * parse boolean paramaters correctly (bsc#1197689)
  * Add parameter to set containerized proxy SSH port
  * Add proxy config generation subcommand
  * Option 'org_createfirst' added to perform initial organization and user creation
  * Added gettext build requirement for RHEL.
  * Removed RHEL 5 references.
  * Include group formulas configuration in spacecmd group_backup and
    spacecmd group_restore. This changes backup format to json,
    previously used plain text is still supported for reading (bsc#1190462)
  * Update translation strings
  * Improved event history listing and added new system_eventdetails 
    command to retrieve the details of an event
  * Make schedule_deletearchived to get all actions without display limit
  * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)

spacewalk-client-tools:

- Version 4.3.9-1
  * Corrected source URLs in spec file.
  * do not build python 2 package for SLE15
  * Remove unused legacy code
  * Update translation strings

spacewalk-koan:

- Version 4.3.5-1
  * Corrected source URLs in spec file.

spacewalk-oscap:

- Version 4.3.5-1
  * Corrected source URLs in spec file.
  * Do not build python 2 package for SLE15SP4 and higher

spacewalk-remote-utils:

- Version 4.3.3-1
  * Adapt the package for changes in rhnlib

supportutils-plugin-susemanager-client:

- Version 4.3.2-1
  * Add proxy containers config and logs

suseRegisterInfo:

- Version 4.3.3-1
  * Bump version to 4.3.0

supportutils-plugin-salt:

- Add support for Salt Bundle

uyuni-common-libs:

- Version 4.3.4-1
  * implement more decompression algorithms for reposync (bsc#1196704)
  * Reorganize python files
  * Add decompression of zck files to fileutils


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2294-1
Released:    Wed Jul  6 13:34:15 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
This update for expat fixes the following issues:

- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2302-1
Released:    Wed Jul  6 13:37:15 2022
Summary:     Security update for apache2
Type:        security
Severity:    important
References:  1198913,1200338,1200340,1200341,1200345,1200348,1200350,1200352,CVE-2022-26377,CVE-2022-28614,CVE-2022-28615,CVE-2022-29404,CVE-2022-30522,CVE-2022-30556,CVE-2022-31813
This update for apache2 fixes the following issues:

  - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)
  - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)
  - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)
  - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)
  - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)
  - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)
  - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2305-1
Released:    Wed Jul  6 13:38:42 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208
This update for curl fixes the following issues:

- CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2308-1
Released:    Wed Jul  6 14:15:13 2022
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:

- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2323-1
Released:    Thu Jul  7 12:16:58 2022
Summary:     Recommended update for systemd-presets-branding-SLE
Type:        recommended
Severity:    low
References:  
This update for systemd-presets-branding-SLE fixes the following issues:

- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2355-1
Released:    Mon Jul 11 12:44:33 2022
Summary:     Recommended update for python-cryptography
Type:        recommended
Severity:    moderate
References:  1198331,CVE-2020-25659

This update for python-cryptography fixes the following issues:

python-cryptography was updated to 3.3.2.

update to 3.3.0:

* BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
  to 1024-bit (8 byte to 128 byte) initialization vectors. This
  change is to conform with an upcoming OpenSSL release that will
  no longer support sizes outside this window.
* BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
  now raise ValueError rather than UnsupportedAlgorithm when an
  unsupported cipher is used. This change is to conform with an
  upcoming OpenSSL release that will no longer distinguish
  between error types.
* BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
  field Diffie-Hellman parameters of less than 512 bits in
  length. This change is to conform with an upcoming OpenSSL
  release that no longer supports smaller sizes. These keys were
  already wildly insecure and should not have been used in any
  application outside of testing.
* Added the recover_data_from_signature() function to
  RSAPublicKey for recovering the signed data from an RSA
  signature. 

Update to 3.2.1:

Disable blinding on RSA public keys to address an error with
some versions of OpenSSL.

update to 3.2 (bsc#1178168, CVE-2020-25659):

* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
  to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
  by our API, we cannot completely mitigate this vulnerability.
* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.

update to 3.1:

* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
  :term:`U-label` parsing in various X.509 classes. This support was originally
  deprecated in version 2.1 and moved to an extra in 2.5.
* ``backend`` arguments to functions are no longer required and the
  default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
  and
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
  .
* Calling ``update`` or ``update_into`` on
  :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
  longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
  also resolves the same issue in :doc:`/fernet`.

update to 3.0:

* RSA generate_private_key() no longer accepts public_exponent values except
   65537 and 3 (the latter for legacy purposes).
* X.509 certificate parsing now enforces that the version field contains
   a valid value, rather than deferring this check until version is accessed.
* Deprecated support for Python 2
* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
   private keys: load_ssh_private_key() for loading and OpenSSH for writing.
* Added support for OpenSSH certificates to load_ssh_public_key().
* Added encrypt_at_time() and decrypt_at_time() to Fernet.
* Added support for the SubjectInformationAccess X.509 extension.
* Added support for parsing SignedCertificateTimestamps in OCSP responses.
* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
* Added support for encoding attributes in certificate signing requests via add_attribute().
* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG
   instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with serialize_key_and_certificates().

Update to 2.9:

* BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
  low usage and maintenance burden.
* BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
  Users on older version of OpenSSL will need to upgrade.
* BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
* Removed support for calling public_bytes() with no arguments, as per 
  our deprecation policy. You must now pass encoding and format.
* BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
  returns the RDNs as required by RFC 4514.
* Added support for parsing single_extensions in an OCSP response.
* NameAttribute values can now be empty strings.


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2357-1
Released:    Mon Jul 11 20:34:20 2022
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1198511,CVE-2015-20107
This update for python3 fixes the following issues:

- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2358-1
Released:    Tue Jul 12 04:21:59 2022
Summary:     Recommended update for augeas
Type:        recommended
Severity:    moderate
References:  1197443
This update for augeas fixes the following issues:

- Fix handling of keywords in new sysctl.conf (bsc#1197443)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released:    Tue Jul 12 12:05:01 2022
Summary:     Security update for pcre
Type:        security
Severity:    important
References:  1199232,CVE-2022-1586
This update for pcre fixes the following issues:

- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2396-1
Released:    Thu Jul 14 11:57:58 2022
Summary:     Security update for logrotate
Type:        security
Severity:    important
References:  1192449,1199652,1200278,1200802,CVE-2022-1348
This update for logrotate fixes the following issues:

Security issues fixed:

- CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652).
- Improved coredump handing for SUID binaries (bsc#1192449).

Non-security issues fixed:

- Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released:    Fri Jul 15 11:49:01 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:

- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)

This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2469-1
Released:    Thu Jul 21 04:38:31 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276
This update for systemd fixes the following issues:

- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these
  directories are read by both udevd and systemd-networkd (bsc#1201276)
- Allow control characters in environment variable values (bsc#1200170)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2488-1
Released:    Thu Jul 21 12:15:27 2022
Summary:     Feature update for python-python-debian
Type:        feature
Severity:    moderate
References:  
This feature update for python-python-debian provides:

- Rename python-debian to python-python-debian according to the Python packaging guidelines (jsc#SLE-24672)
- Provide python-python-debian version 0.1.44 (jsc#SLE-24672)
  * Add support for zstd compression in .deb files 
  * Use logging.warning rather than warnings for data problems.
  * Support for finding files (including changelog.Debian.gz) that are beyond a symlink within the package
  * Update packaging for zstd compressed .deb code
  * Annotate binutils build-dep with 
  * Update Standards-Version to 4.6.1
  * Various improvements to the round-trip-safe deb822 parser
  * Support the Files-Included field in debian/copyright
  * Fix URL for API documentation in README.rst
  * RTS parser: minor documentation fixes
  * Declare minimum Python version of 3.5 for most modules except the RTS parser. Add CI testing with Python 3.5
  * RTS parser: Handle leading tabs for setting values
  * RTS parser: Preserve original field case
  * RTS parser: Expose str type for keys in paragraphs
  * Use logging for warnings about data that's being read, rather than the warnings module
  * Fix type checks for mypy 0.910
  * Silence lintian complaint about touching the dpkg database in the examples
  * Add RTS parser to setup.py so that it is installed.
  * Add copyright attribution for RTS parser
  * RTS parser: Accept tabs as continuation line marker
  * Interpretation: Preserve tab as continuation line if used
  * RTS parser: Make value interpretation tokenization consistent
  * RTS parser: Add interpretation for Uploaders field
  * Add contextmanager to DebFile
  * Added format/comment preserving deb822 parser as debian._deb822_repro.
  * Add Build-Depends-Arch, Build-Conflicts-Arch to list of relationship fields
  * In debian.changelog.get_maintainer, cope with unknown UIDs
  * Numerous enhancements to the deb822.BuildInfo class
  * Include portability patch for pwd module on Windows
  * Drop the deb822.BuildInfo.get_debian_suite function
  * Move re.compile calls out of functions
  * Revert unintended renaming of Changelog.get_version/set_version
  * Add a type for .buildinfo files (deb822.BuildInfo)
  * Add support for SHA1-Download and SHA256-* variants in PdiffIndex class for .diff/Index files
  * Permit single-character package names in dependency relationship specifications
  * Update to debhelper-compat (= 13)
  * Update examples to use #!/usr/bin/python3
  * Fix tabs vs spaces in examples.
  * Provide accessor for source package version for binary packages
  * Allow debian_support.PackageFile to accept StringIO as well as BytesIO
  * Change handling of case-insensitive field names to allow Deb822 objects to be serialised
  * Add SHA265 support to handling of pdiffs
  * Add support for additional headers for merged pdiffs to PDiffIndex
  * Add a debian.watch module for parsing watch files
  * Prevent stripping of last newline in initial lines before changelog files
  * Add a Copyright.files_excluded field
  * Allow specifying allow_missing_author when reserializing changelog entries
  * Drop python2 support (from version 0.1.37)
  * Add Rules-Requires-Root: no
  * Parse Built-Using relationship fields
  * Extend Deb822 parser to allow underscores in the field name 
  * Add accessors for Version objects from Deb822
- Remove superfluous devel dependency for noarch package

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2493-1
Released:    Thu Jul 21 14:35:08 2022
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    moderate
References:  1193282
This update for rpm-config-SUSE fixes the following issues:

- Add SBAT values macros for other packages (bsc#1193282)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released:    Thu Jul 21 15:16:42 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    important
References:  1200855,1201560,1201640
This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released:    Mon Jul 25 14:43:22 2022
Summary:     Security update for gpg2
Type:        security
Severity:    important
References:  1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2552-1
Released:    Tue Jul 26 14:55:40 2022
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:

Update to 2.9.14:

- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).

Update to version 2.9.13:

- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2573-1
Released:    Thu Jul 28 04:24:19 2022
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:

libzypp:

- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were 
  removed at the  beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER

zypper:

- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2632-1
Released:    Wed Aug  3 09:51:00 2022
Summary:     Security update for permissions
Type:        security
Severity:    important
References:  1198720,1200747,1201385
This update for permissions fixes the following issues:

* apptainer: fix starter-suid location (bsc#1198720)
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
* postfix: add postlog setgid for maildrop binary (bsc#1201385)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2640-1
Released:    Wed Aug  3 10:43:44 2022
Summary:     Recommended update for yaml-cpp
Type:        recommended
Severity:    moderate
References:  1160171,1178331,1178332,1200624
This update for yaml-cpp fixes the following issue:

- Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old
  ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 
  (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released:    Tue Aug  9 12:54:16 2022
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1198627,CVE-2022-29458
This update for ncurses fixes the following issues:

- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released:    Mon Aug 22 15:36:30 2022
Summary:     Security update for systemd-presets-common-SUSE
Type:        security
Severity:    moderate
References:  1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:

- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).

The following non-security bugs were fixed:

- Modify branding-preset-states to fix systemd-presets-common-SUSE
  not enabling new user systemd service preset configuration just
  as it handles system service presets. By passing an (optional)
  second parameter 'user', the save/apply-changes commands now
  work with user services instead of system ones (bsc#1200485)

- Add the wireplumber user service preset to enable it by default
  in SLE15-SP4 where it replaced pipewire-media-session, but keep
  pipewire-media-session preset so we don't have to branch the
  systemd-presets-common-SUSE package for SP4 (bsc#1200485)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released:    Fri Aug 26 03:34:23 2022
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  
This update for elfutils fixes the following issues:

- Fix runtime dependency for devel package

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released:    Fri Aug 26 05:28:34 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1198341
This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released:    Fri Aug 26 15:17:02 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1195059,1201795
This update for systemd fixes the following issues:

- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters 
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message  
- tmpfiles: Check for the correct directory

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released:    Mon Aug 29 11:21:47 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1202310
This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released:    Wed Aug 31 05:39:14 2022
Summary:     Recommended update for procps
Type:        recommended
Severity:    important
References:  1181475
This update for procps fixes the following issues:

- Fix 'free' command reporting misleading 'used' value (bsc#1181475)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released:    Wed Aug 31 09:16:21 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1202175,CVE-2022-37434
This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released:    Thu Sep  1 12:30:19 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1197178,1198731
This update for util-linux fixes the following issues:

- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released:    Fri Sep  2 15:01:44 2022
Summary:     Security update for curl
Type:        security
Severity:    low
References:  1202593,CVE-2022-35252
This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters
  into cookies, which could be exploited by sister sites to cause a
  denial of service (bsc#1202593).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3021-1
Released:    Mon Sep  5 11:57:55 2022
Summary:     Recommended update for python-dmidecode
Type:        recommended
Severity:    moderate
References:  1194351
This update for python-dmidecode fixes the following issues:

- Fixed memory map size for 'Type Detail' (bsc#1194351)
- Use update-alternatives mechanism instead of shared subpackage.
- Realign the spec file for python singlespec

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3022-1
Released:    Mon Sep  5 15:16:02 2022
Summary:     Recommended update for python-pyOpenSSL
Type:        recommended
Severity:    moderate
References:  1200771
This update for python-pyOpenSSL fixes the following issues:

- Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056).

python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519):

- The minimum ``cryptography`` version is now 3.3.
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released:    Tue Sep  6 15:43:53 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1202011
This update for lvm2 fixes the following issues:

- Do not use udev for device listing or device information (bsc#1202011)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3135-1
Released:    Wed Sep  7 08:39:31 2022
Summary:     Recommended update for hwdata
Type:        recommended
Severity:    low
References:  1200110
This update for hwdata fixes the following issue:

- Update pci, usb and vendor ids to version 0.360 (bsc#1200110)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3178-1
Released:    Thu Sep  8 09:35:05 2022
Summary:     Important security update for SUSE Manager Client Tools
Type:        security
Severity:    important
References:  1176460,1180816,1180942,1181119,1181935,1183684,1187725,1188061,1193585,1197963,1199528,1200142,1200591,1200968,1200970,1201003,1202614,CVE-2021-20178,CVE-2021-20180,CVE-2021-20191,CVE-2021-20228,CVE-2021-3447,CVE-2021-3583,CVE-2021-3620
This update fixes the following issues:

ansible:

- Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133)
  * CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725)
  * CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061)
  * ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460)
- Update to 2.9.22:
  * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values 
  * CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option
  * CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values
  * CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values
  * CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module

dracut-saltboot:

- Require e2fsprogs (bsc#1202614)
- Update to version 0.1.1657643023.0d694ce
  * Update dracut-saltboot dependencies (bsc#1200970)
  * Fix network loading when ipappend is used in pxe config
  * Add new information messages

golang-github-QubitProducts-exporter_exporter:

- Remove license file from %doc

mgr-daemon:

- Version 4.3.5-1
  * Update translation strings

mgr-virtualization:

- Version 4.3.6-1
  * Report all VMs in poller, not only running ones (bsc#1199528)

prometheus-blackbox_exporter:

- Exclude s390 arch

python-hwdata:

- Declare the LICENSE file as license and not doc

spacecmd:

- Version 4.3.14-1
  * Fix missing argument on system_listmigrationtargets (bsc#1201003)
  * Show correct help on calling kickstart_importjson with no arguments
  * Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
  * Change proxy container config default filename to end with tar.gz
  * Update translation strings

spacewalk-client-tools:

- Version 4.3.11-1
  * Update translation strings

uyuni-common-libs:

- Version 4.3.5-1
  * Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

uyuni-proxy-systemd-services:

- Version 4.3.6-1
  * Expose port 80 (bsc#1200142)
  * Use volumes rather than bind mounts
  * TFTPD to listen on udp port (bsc#1200968)
  * Add TAG variable in configuration 
  * Fix containers namespaces in configuration

zypp-plugin-spacewalk:

- 1.0.13
  * Log in before listing channels. (bsc#1197963, bsc#1193585)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3194-1
Released:    Thu Sep  8 10:04:36 2022
Summary:     Security update for SUSE Manager 4.3: Server and Proxy
Type:        security
Severity:    moderate
References:  1172179,1179962,1186011,1187028,1191925,1194394,1195455,1198356,1198358,1198944,1199147,1199157,1199523,1199629,1199646,1199656,1199659,1199662,1199663,1199679,1199714,1199727,1199779,1199817,1199874,1199950,1199984,1199998,1200276,1200347,1200532,1200591,1200606,1200707,1201003,1201142,1201189,1201224,1201411,1201498,1201782,1201842,1202724,CVE-2022-31248
Security update for SUSE Manager 4.3: Server and Proxy

The following package changes have been done:

- libldap-data-2.4.46-150200.14.11.2 updated
- libtirpc-netconfig-1.2.6-150300.3.6.1 updated
- glibc-2.31-150300.37.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libudev1-249.12-150400.8.10.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libcom_err2-1.46.4-150400.3.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- libopenssl1_1-1.1.1l-150400.7.7.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libxml2-2-2.9.14-150400.5.7.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libyaml-cpp0_6-0.6.3-150400.4.3.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libaugeas0-1.12.0-150400.3.3.6 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- procps-3.3.15-150000.7.25.1 updated
- sles-release-15.4-150400.55.1 updated
- grep-3.1-150000.4.6.1 updated
- libtirpc3-1.2.6-150300.3.6.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- rpm-config-SUSE-1-150400.14.3.1 updated
- permissions-20201225-150400.5.8.1 updated
- pam-1.3.0-150000.6.58.3 updated
- libzypp-17.30.2-150400.3.3.1 updated
- zypper-1.14.53-150400.3.3.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 added
- curl-7.79.1-150400.5.6.1 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libexpat1-2.4.4-150400.3.6.9 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- zstd-1.5.0-150400.1.71 added
- libpython3_6m1_0-3.6.15-150300.10.27.1 updated
- python3-base-3.6.15-150300.10.27.1 updated
- python3-3.6.15-150300.10.27.1 updated
- systemd-presets-branding-SLE-15.1-150100.20.11.1 updated
- python3-uyuni-common-libs-4.3.5-150400.3.3.2 updated
- hwdata-0.360-150000.3.48.1 updated
- apache2-utils-2.4.51-150400.6.3.1 updated
- systemd-249.12-150400.8.10.1 updated
- python3-python-debian-0.1.44-150400.9.3.1 added
- python3-hwdata-2.3.5-150000.3.9.1 updated
- logrotate-3.18.1-150400.3.7.1 updated
- apache2-2.4.51-150400.6.3.1 updated
- apache2-prefork-2.4.51-150400.6.3.1 updated
- python3-cryptography-3.3.2-150400.16.3.1 updated
- python3-pyOpenSSL-21.0.0-150400.3.3.1 updated
- spacewalk-backend-4.3.15-150400.3.3.5 updated
- python3-libxml2-2.9.14-150400.5.7.1 updated
- python3-dmidecode-3.12.2-150400.14.3.1 updated
- python3-spacewalk-client-tools-4.3.11-150400.3.3.4 updated
- spacewalk-client-tools-4.3.11-150400.3.3.4 updated
- spacewalk-proxy-package-manager-4.3.12-150400.3.5.1 updated
- spacewalk-proxy-common-4.3.12-150400.3.5.1 updated
- spacewalk-proxy-broker-4.3.12-150400.3.5.1 updated
- spacewalk-proxy-redirect-4.3.12-150400.3.5.1 updated
- binutils-2.37-150100.7.29.1 removed
- bzip2-1.0.8-150400.1.122 removed
- cpp-7-3.9.1 removed
- cpp7-7.5.0+r278197-4.30.1 removed
- crypto-policies-20210917.c9d86d1-150400.1.7 removed
- dwz-0.12-1.483 removed
- file-5.32-7.14.1 removed
- gcc-7-3.9.1 removed
- gcc7-7.5.0+r278197-4.30.1 removed
- gettext-runtime-0.20.2-1.43 removed
- gettext-tools-0.20.2-1.43 removed
- glibc-devel-2.31-150300.26.5 removed
- glibc-locale-2.31-150300.26.5 removed
- glibc-locale-base-2.31-150300.26.5 removed
- gzip-1.10-150200.10.1 removed
- libasan4-7.5.0+r278197-4.30.1 removed
- libatomic1-11.3.0+git1637-150000.1.9.1 removed
- libcilkrts5-7.5.0+r278197-4.30.1 removed
- libctf-nobfd0-2.37-150100.7.29.1 removed
- libctf0-2.37-150100.7.29.1 removed
- libgomp1-11.3.0+git1637-150000.1.9.1 removed
- libisl15-0.18-1.443 removed
- libitm1-11.3.0+git1637-150000.1.9.1 removed
- liblsan0-11.3.0+git1637-150000.1.9.1 removed
- libmpc3-1.1.0-1.47 removed
- libmpfr6-4.0.2-3.3.1 removed
- libmpx2-8.2.1+r264010-150000.1.6.4 removed
- libmpxwrappers2-8.2.1+r264010-150000.1.6.4 removed
- libtextstyle0-0.20.2-1.43 removed
- libtsan0-11.3.0+git1637-150000.1.9.1 removed
- libubsan0-7.5.0+r278197-4.30.1 removed
- libxcrypt-devel-4.4.15-150300.4.2.41 removed
- linux-glibc-devel-5.14-150400.4.44 removed
- make-4.2.1-7.3.2 removed
- openssl-1.1.1l-150400.1.5 removed
- openssl-1_1-1.1.1l-150400.5.14 removed
- patch-2.7.6-150000.5.3.1 removed
- perl-5.26.1-150300.17.3.1 removed
- perl-DBI-1.642-3.9.1 removed
- perl-Module-Implementation-0.09-1.22 removed
- perl-Module-Runtime-0.016-1.17 removed
- perl-Params-Validate-1.29-1.25 removed
- perl-Try-Tiny-0.30-1.17 removed
- python-rpm-macros-20220106.80d3756-150400.1.44 removed
- python3-debian-0.1.31-3.19 removed
- python3-spacewalk-certs-tools-4.3.13-150400.1.1 removed
- rpm-build-4.14.3-150300.46.1 removed
- spacewalk-base-minimal-4.3.20-150400.1.2 removed
- spacewalk-base-minimal-config-4.3.20-150400.1.2 removed
- spacewalk-certs-tools-4.3.13-150400.1.1 removed
- spacewalk-ssl-cert-check-4.3.2-150400.1.29 removed
- sudo-1.9.9-150400.2.5 removed
- susemanager-build-keys-15.3.5-150400.1.12 removed
- susemanager-build-keys-web-15.3.5-150400.1.12 removed
- systemd-rpm-macros-11-7.27.1 removed
- tar-1.34-150000.3.12.1 removed

SUSE: 2022:2149-1 suse/manager/4.3/proxy-httpd Security Update

September 9, 2022
The container suse/manager/4.3/proxy-httpd was updated

Summary

Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2118-1 Released: Mon Jun 20 13:04:15 2022 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important Advisory ID: SUSE-SU-2022:2302-1 Released: Wed Jul 6 13:37:15 2022 Summary: Security update for apache2 Type: security Severity: important Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low Advisory ID: SUSE-RU-2022:2355-1 Released: Mon Jul 11 12:44:33 2022 Summary: Recommended update for python-cryptography Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important Advisory ID: SUSE-RU-2022:2358-1 Released: Tue Jul 12 04:21:59 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important Advisory ID: SUSE-SU-2022:2396-1 Released: Thu Jul 14 11:57:58 2022 Summary: Security update for logrotate Type: security Severity: important Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-feature-2022:2488-1 Released: Thu Jul 21 12:15:27 2022 Summary: Feature update for python-python-debian Type: feature Severity: moderate Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-RU-2022:2573-1 Released: Thu Jul 28 04:24:19 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important Advisory ID: SUSE-RU-2022:2640-1 Released: Wed Aug 3 10:43:44 2022 Summary: Recommended update for yaml-cpp Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low Advisory ID: SUSE-RU-2022:3021-1 Released: Mon Sep 5 11:57:55 2022 Summary: Recommended update for python-dmidecode Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3022-1 Released: Mon Sep 5 15:16:02 2022 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3118-1 Released: Tue Sep 6 15:43:53 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3135-1 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Type: recommended Severity: low Advisory ID: SUSE-SU-2022:3178-1 Released: Thu Sep 8 09:35:05 2022 Summary: Important security update for SUSE Manager Client Tools Type: security Severity: important Advisory ID: SUSE-SU-2022:3194-1 Released: Thu Sep 8 10:04:36 2022 Summary: Security update for SUSE Manager 4.3: Server and Proxy Type: security Severity: moderate

References

References : 1040589 1073299 1093392 1104700 1112310 1113554 1120402 1130557

1137373 1140016 1150451 1160171 1169582 1172055 1172179 1176460

1177460 1177460 1177460 1177460 1177460 1177460 1178331 1178332

1178346 1178350 1178353 1179962 1180816 1180942 1181119 1181223

1181475 1181658 1181935 1183684 1185637 1186011 1187028 1187725

1188061 1188127 1190462 1191925 1192449 1193282 1193585 1193600

1194351 1194394 1194550 1194708 1195059 1195157 1195455 1196025

1196026 1196125 1196168 1196169 1196171 1196490 1196704 1196784

1197178 1197443 1197507 1197570 1197684 1197689 1197718 1197771

1197794 1197963 1198176 1198331 1198341 1198356 1198358 1198446

1198511 1198627 1198720 1198731 1198732 1198913 1198944 1199042

1199132 1199140 1199147 1199157 1199166 1199232 1199240 1199523

1199524 1199528 1199629 1199646 1199652 1199656 1199659 1199662

1199663 1199679 1199714 1199727 1199779 1199817 1199874 1199950

1199984 1199998 1200110 1200142 1200170 1200276 1200278 1200334

1200338 1200340 1200341 1200345 1200347 1200348 1200350 1200352

1200485 1200532 1200550 1200591 1200591 1200606 1200624 1200707

1200734 1200735 1200736 1200737 1200747 1200771 1200802 1200855

1200855 1200968 1200970 1201003 1201003 1201099 1201142 1201189

1201224 1201225 1201276 1201385 1201411 1201498 1201560 1201640

1201782 1201795 1201842 1202011 1202175 1202310 1202593 1202614

1202724 CVE-2015-20107 CVE-2020-25659 CVE-2021-20178 CVE-2021-20180

CVE-2021-20191 CVE-2021-20228 CVE-2021-3447 CVE-2021-3583 CVE-2021-3620

CVE-2022-1292 CVE-2022-1304 CVE-2022-1348 CVE-2022-1586 CVE-2022-1706

CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-25235 CVE-2022-25236

CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-26377 CVE-2022-28614

CVE-2022-28615 CVE-2022-29155 CVE-2022-29404 CVE-2022-29458 CVE-2022-29824

CVE-2022-30522 CVE-2022-30556 CVE-2022-31248 CVE-2022-31813 CVE-2022-32205

CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-34903 CVE-2022-35252

CVE-2022-37434

1073299,1093392

This update for timezone provides the following fixes:

- North Korea switches back from +0830 to +09 on 2018-05-05.

- Ireland's standard time is in the summer, with negative DST offset to standard time used

in Winter. (bsc#1073299)

- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd

timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid

setting an incorrect timezone. (bsc#1093392)

1104700,1112310

This update for timezone, timezone-java fixes the following issues:

The timezone database was updated to 2018f:

- Volgograd moves from +03 to +04 on 2018-10-28.

- Fiji ends DST 2019-01-13, not 2019-01-20.

- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)

- Corrections to past timestamps of DST transitions

- Use 'PST' and 'PDT' for Philippine time

- minor code changes to zic handling of the TZif format

- documentation updates

Other bugfixes:

- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)

1113554

This update provides the latest time zone definitions (2018g), including the following change:

- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)

1120402

This update for timezone fixes the following issues:

- Update 2018i:

São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)

- Update 2018h:

Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21

New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move

Metlakatla, Alaska observes PST this winter only

Guess Morocco will continue to adjust clocks around Ramadan

Add predictions for Iran from 2038 through 2090

1130557

This update for timezone fixes the following issues:

timezone was updated 2019a:

* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23

* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00

* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)

* zic now has an -r option to limit the time range of output data

1140016

This update for timezone fixes the following issues:

- Timezone update 2019b. (bsc#1140016):

- Brazil no longer observes DST.

- 'zic -b slim' outputs smaller TZif files.

- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.

- Add info about the Crimea situation.

1150451

This update for timezone fixes the following issues:

- Fiji observes DST from 2019-11-10 to 2020-01-12.

- Norfolk Island starts observing Australian-style DST.

1169582

This update for timezone fixes the following issues:

- timezone update 2020a. (bsc#1169582)

* Morocco springs forward on 2020-05-31, not 2020-05-24.

* Canada's Yukon advanced to -07 year-round on 2020-03-08.

* America/Nuuk renamed from America/Godthab.

* zic now supports expiration dates for leap second lists.

1172055

This update for timezone fixes the following issue:

- zdump --version reported 'unknown' (bsc#1172055)

1177460

This update for timezone fixes the following issues:

- timezone update 2020b (bsc#1177460)

* Revised predictions for Morocco's changes starting in 2023.

* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.

* Macquarie Island has stayed in sync with Tasmania since 2011.

* Casey, Antarctica is at +08 in winter and +11 in summer.

* zic no longer supports -y, nor the TYPE field of Rules.

1177460,1178346,1178350,1178353

This update for timezone fixes the following issues:

- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)

- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)

- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)

1177460

This update for timezone fixes the following issues:

- timezone update 2020f (bsc#1177460)

* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,

fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)

* Volgograd switches to Moscow time on 2020-12-27 at 02:00.

- timezone update 2020f (bsc#1177460)

* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,

fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)

* Volgograd switches to Moscow time on 2020-12-27 at 02:00.

1177460

This update for timezone fixes the following issues:

- timezone update 2021a (bsc#1177460)

* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

- timezone update 2021a (bsc#1177460)

* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

1188127

This update for timezone fixes the following issue:

- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by

the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are

now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

1177460

This update for timezone fixes the following issues:

Update timezone to 2021e (bsc#1177460)

- Palestine will fall back 10-29 (not 10-30) at 01:00

- Fiji suspends DST for the 2021/2022 season

- 'zic -r' marks unspecified timestamps with '-00'

- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers

- Refresh timezone info for china

1177460

This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):

* Palestine will spring forward on 2022-03-27, not on 03-26

* `zdump -v` now outputs better failure indications

* Bug fixes for code that reads corrupted TZif data

1197794

This update for pam fixes the following issue:

- Do not include obsolete header files (bsc#1197794)

1197771

This update for libpsl fixes the following issues:

- Fix libpsl compilation issues (bsc#1197771)

1199240,CVE-2022-29155

This update for openldap2 fixes the following issues:

- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

1198446,CVE-2022-1304

This update for e2fsprogs fixes the following issues:

- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault

and possibly arbitrary code execution. (bsc#1198446)

1040589

This update for grep fixes the following issues:

- Make profiling deterministic. (bsc#1040589, SLE-24115)

1198176

This update for libtirpc fixes the following issues:

- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)

1181223,1190462,1193600,1196704,1197507,1197689

This update fixes the following issues:

golang-github-QubitProducts-exporter_exporter:

- Adapted to build on Enterprise Linux.

- Fix build for RedHat 7

- Require Go >= 1.14 also for CentOS

- Add support for CentOS

- Replace %{?systemd_requires} with %{?systemd_ordering}

mgr-cfg:

- Version 4.3.6-1

* Corrected source URL in spec file

* Fix installation problem for SLE15SP4 due missing python-selinux

* Fix python selinux package name depending on build target (bsc#1193600)

* Do not build python 2 package for SLE15SP4 and higher

* Remove unused legacy code

mgr-custom-info:

- Version 4.3.3-1

* Remove unused legacy code

mgr-daemon:

- Version 4.3.4-1

* Corrected source URLs in spec file.

* Update translation strings

mgr-osad:

- Version 4.3.6-1

* Corrected source URL in spec file.

* Do not build python 2 package for SLE15SP4 and higher

* Removed spacewalk-selinux dependencies.

* Updated source url.

mgr-push:

- Version 4.3.4-1

* Corrected source URLs in spec file.

mgr-virtualization:

- Version 4.3.5-1

* Corrected source URLs in spec file.

* Do not build python 2 package for SLE15SP4 and higher

prometheus-blackbox_exporter:

- Enhanced to build on Enterprise Linux 8

prometheus-postgres_exporter:

- Updated for RHEL8.

python-hwdata:

- Require python macros for building

rhnlib:

- Version 4.3.4-1

* Reorganize python files

spacecmd:

- Version 4.3.11-1

* on full system update call schedulePackageUpdate API (bsc#1197507)

* parse boolean paramaters correctly (bsc#1197689)

* Add parameter to set containerized proxy SSH port

* Add proxy config generation subcommand

* Option 'org_createfirst' added to perform initial organization and user creation

* Added gettext build requirement for RHEL.

* Removed RHEL 5 references.

* Include group formulas configuration in spacecmd group_backup and

spacecmd group_restore. This changes backup format to json,

previously used plain text is still supported for reading (bsc#1190462)

* Update translation strings

* Improved event history listing and added new system_eventdetails

command to retrieve the details of an event

* Make schedule_deletearchived to get all actions without display limit

* Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)

spacewalk-client-tools:

- Version 4.3.9-1

* Corrected source URLs in spec file.

* do not build python 2 package for SLE15

* Remove unused legacy code

* Update translation strings

spacewalk-koan:

- Version 4.3.5-1

* Corrected source URLs in spec file.

spacewalk-oscap:

- Version 4.3.5-1

* Corrected source URLs in spec file.

* Do not build python 2 package for SLE15SP4 and higher

spacewalk-remote-utils:

- Version 4.3.3-1

* Adapt the package for changes in rhnlib

supportutils-plugin-susemanager-client:

- Version 4.3.2-1

* Add proxy containers config and logs

suseRegisterInfo:

- Version 4.3.3-1

* Bump version to 4.3.0

supportutils-plugin-salt:

- Add support for Salt Bundle

uyuni-common-libs:

- Version 4.3.4-1

* implement more decompression algorithms for reposync (bsc#1196704)

* Reorganize python files

* Add decompression of zck files to fileutils

1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315

This update for expat fixes the following issues:

- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).

- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).

- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).

- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).

- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).

- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).

1198913,1200338,1200340,1200341,1200345,1200348,1200350,1200352,CVE-2022-26377,CVE-2022-28614,CVE-2022-28615,CVE-2022-29404,CVE-2022-30522,CVE-2022-30556,CVE-2022-31813

This update for apache2 fixes the following issues:

- CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)

- CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)

- CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)

- CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)

- CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)

- CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)

- CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)

1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208

This update for curl fixes the following issues:

- CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)

- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)

- CVE-2022-32207: Unpreserved file permissions (bsc#1200736)

- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097

This update for openssl-1_1 fixes the following issues:

- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).

- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)

- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).

This update for systemd-presets-branding-SLE fixes the following issues:

- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)

1198331,CVE-2020-25659

This update for python-cryptography fixes the following issues:

python-cryptography was updated to 3.3.2.

update to 3.3.0:

* BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit

to 1024-bit (8 byte to 128 byte) initialization vectors. This

change is to conform with an upcoming OpenSSL release that will

no longer support sizes outside this window.

* BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we

now raise ValueError rather than UnsupportedAlgorithm when an

unsupported cipher is used. This change is to conform with an

upcoming OpenSSL release that will no longer distinguish

between error types.

* BACKWARDS INCOMPATIBLE: We no longer allow loading of finite

field Diffie-Hellman parameters of less than 512 bits in

length. This change is to conform with an upcoming OpenSSL

release that no longer supports smaller sizes. These keys were

already wildly insecure and should not have been used in any

application outside of testing.

* Added the recover_data_from_signature() function to

RSAPublicKey for recovering the signed data from an RSA

signature.

Update to 3.2.1:

Disable blinding on RSA public keys to address an error with

some versions of OpenSSL.

update to 3.2 (bsc#1178168, CVE-2020-25659):

* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,

to protect against Bleichenbacher vulnerabilities. Due to limitations imposed

by our API, we cannot completely mitigate this vulnerability.

* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.

update to 3.1:

* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based

:term:`U-label` parsing in various X.509 classes. This support was originally

deprecated in version 2.1 and moved to an extra in 2.5.

* ``backend`` arguments to functions are no longer required and the

default backend will automatically be selected if no ``backend`` is provided.

* Added initial support for parsing certificates from PKCS7 files with

:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`

and

:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`

.

* Calling ``update`` or ``update_into`` on

:class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``

longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This

also resolves the same issue in :doc:`/fernet`.

update to 3.0:

* RSA generate_private_key() no longer accepts public_exponent values except

65537 and 3 (the latter for legacy purposes).

* X.509 certificate parsing now enforces that the version field contains

a valid value, rather than deferring this check until version is accessed.

* Deprecated support for Python 2

* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa

private keys: load_ssh_private_key() for loading and OpenSSH for writing.

* Added support for OpenSSH certificates to load_ssh_public_key().

* Added encrypt_at_time() and decrypt_at_time() to Fernet.

* Added support for the SubjectInformationAccess X.509 extension.

* Added support for parsing SignedCertificateTimestamps in OCSP responses.

* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().

* Added support for encoding attributes in certificate signing requests via add_attribute().

* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG

instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.

* Added initial support for creating PKCS12 files with serialize_key_and_certificates().

Update to 2.9:

* BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to

low usage and maintenance burden.

* BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.

Users on older version of OpenSSL will need to upgrade.

* BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.

* Removed support for calling public_bytes() with no arguments, as per

our deprecation policy. You must now pass encoding and format.

* BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()

returns the RDNs as required by RFC 4514.

* Added support for parsing single_extensions in an OCSP response.

* NameAttribute values can now be empty strings.

1198511,CVE-2015-20107

This update for python3 fixes the following issues:

- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).

1197443

This update for augeas fixes the following issues:

- Fix handling of keywords in new sysctl.conf (bsc#1197443)

1199232,CVE-2022-1586

This update for pcre fixes the following issues:

- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

1192449,1199652,1200278,1200802,CVE-2022-1348

This update for logrotate fixes the following issues:

Security issues fixed:

- CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652).

- Improved coredump handing for SUID binaries (bsc#1192449).

Non-security issues fixed:

- Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).

1197718,1199140,1200334,1200855

This update for glibc fixes the following issues:

- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)

- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)

- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)

- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)

This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).

1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276

This update for systemd fixes the following issues:

- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these

directories are read by both udevd and systemd-networkd (bsc#1201276)

- Allow control characters in environment variable values (bsc#1200170)

- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)

- Fix parsing error in s390 udev rules conversion script (bsc#1198732)

- core/device: device_coldplug(): don't set DEVICE_DEAD

- core/device: do not downgrade device state if it is already enumerated

- core/device: drop unnecessary condition

This feature update for python-python-debian provides:

- Rename python-debian to python-python-debian according to the Python packaging guidelines (jsc#SLE-24672)

- Provide python-python-debian version 0.1.44 (jsc#SLE-24672)

* Add support for zstd compression in .deb files

* Use logging.warning rather than warnings for data problems.

* Support for finding files (including changelog.Debian.gz) that are beyond a symlink within the package

* Update packaging for zstd compressed .deb code

* Annotate binutils build-dep with

* Update Standards-Version to 4.6.1

* Various improvements to the round-trip-safe deb822 parser

* Support the Files-Included field in debian/copyright

* Fix URL for API documentation in README.rst

* RTS parser: minor documentation fixes

* Declare minimum Python version of 3.5 for most modules except the RTS parser. Add CI testing with Python 3.5

* RTS parser: Handle leading tabs for setting values

* RTS parser: Preserve original field case

* RTS parser: Expose str type for keys in paragraphs

* Use logging for warnings about data that's being read, rather than the warnings module

* Fix type checks for mypy 0.910

* Silence lintian complaint about touching the dpkg database in the examples

* Add RTS parser to setup.py so that it is installed.

* Add copyright attribution for RTS parser

* RTS parser: Accept tabs as continuation line marker

* Interpretation: Preserve tab as continuation line if used

* RTS parser: Make value interpretation tokenization consistent

* RTS parser: Add interpretation for Uploaders field

* Add contextmanager to DebFile

* Added format/comment preserving deb822 parser as debian._deb822_repro.

* Add Build-Depends-Arch, Build-Conflicts-Arch to list of relationship fields

* In debian.changelog.get_maintainer, cope with unknown UIDs

* Numerous enhancements to the deb822.BuildInfo class

* Include portability patch for pwd module on Windows

* Drop the deb822.BuildInfo.get_debian_suite function

* Move re.compile calls out of functions

* Revert unintended renaming of Changelog.get_version/set_version

* Add a type for .buildinfo files (deb822.BuildInfo)

* Add support for SHA1-Download and SHA256-* variants in PdiffIndex class for .diff/Index files

* Permit single-character package names in dependency relationship specifications

* Update to debhelper-compat (= 13)

* Update examples to use #!/usr/bin/python3

* Fix tabs vs spaces in examples.

* Provide accessor for source package version for binary packages

* Allow debian_support.PackageFile to accept StringIO as well as BytesIO

* Change handling of case-insensitive field names to allow Deb822 objects to be serialised

* Add SHA265 support to handling of pdiffs

* Add support for additional headers for merged pdiffs to PDiffIndex

* Add a debian.watch module for parsing watch files

* Prevent stripping of last newline in initial lines before changelog files

* Add a Copyright.files_excluded field

* Allow specifying allow_missing_author when reserializing changelog entries

* Drop python2 support (from version 0.1.37)

* Add Rules-Requires-Root: no

* Parse Built-Using relationship fields

* Extend Deb822 parser to allow underscores in the field name

* Add accessors for Version objects from Deb822

- Remove superfluous devel dependency for noarch package

1193282

This update for rpm-config-SUSE fixes the following issues:

- Add SBAT values macros for other packages (bsc#1193282)

1200855,1201560,1201640

This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)

- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

1196125,1201225,CVE-2022-34903

This update for gpg2 fixes the following issues:

- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).

- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

1196490,1199132,CVE-2022-23308,CVE-2022-29824

This update for libxml2 fixes the following issues:

Update to 2.9.14:

- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).

Update to version 2.9.13:

- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)

1194550,1197684,1199042

This update for libzypp, zypper fixes the following issues:

libzypp:

- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)

- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag

- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh

- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)

- singletrans: no dry-run commit if doing just download-only

- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were

removed at the beginning of the repo.

- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER

zypper:

- Basic JobReport for 'cmdout/monitor'

- versioncmp: if verbose, also print the edition 'parts' which are compared

- Make sure MediaAccess is closed on exception (bsc#1194550)

- Display plus-content hint conditionally

- Honor the NO_COLOR environment variable when auto-detecting whether to use color

- Define table columns which should be sorted natural [case insensitive]

- lr/ls: Use highlight color on name and alias as well

1198720,1200747,1201385

This update for permissions fixes the following issues:

* apptainer: fix starter-suid location (bsc#1198720)

* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)

* postfix: add postlog setgid for maildrop binary (bsc#1201385)

1160171,1178331,1178332,1200624

This update for yaml-cpp fixes the following issue:

- Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old

ABI to prevent ABI breakage and crash of applications compiled with 0.6.1

(bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171).

1198627,CVE-2022-29458

This update for ncurses fixes the following issues:

- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

1199524,1200485,CVE-2022-1706

This update for systemd-presets-common-SUSE fixes the following issues:

- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).

The following non-security bugs were fixed:

- Modify branding-preset-states to fix systemd-presets-common-SUSE

not enabling new user systemd service preset configuration just

as it handles system service presets. By passing an (optional)

second parameter 'user', the save/apply-changes commands now

work with user services instead of system ones (bsc#1200485)

- Add the wireplumber user service preset to enable it by default

in SLE15-SP4 where it replaced pipewire-media-session, but keep

pipewire-media-session preset so we don't have to branch the

systemd-presets-common-SUSE package for SP4 (bsc#1200485)

This update for elfutils fixes the following issues:

- Fix runtime dependency for devel package

1198341

This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

1195059,1201795

This update for systemd fixes the following issues:

- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)

- Drop or soften some of the deprecation warnings (jsc#PED-944)

- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)

- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default

- analyze: Fix offline check for syscal filter

- calendarspec: Fix timer skipping the next elapse

- core: Allow command argument to be longer

- hwdb: Add AV production controllers to hwdb and add uaccess

- hwdb: Allow console users access to rfkill

- hwdb: Allow end-users root-less access to TL866 EPROM readers

- hwdb: Permit unsetting power/persist for USB devices

- hwdb: Tag IR cameras as such

- hwdb: Fix parsing issue

- hwdb: Make usb match patterns uppercase

- hwdb: Update the hardware database

- journal-file: Stop using the event loop if it's already shutting down

- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called

- journald: Ensure resources are properly allocated for SIGTERM handling

- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed

- macro: Account for negative values in DECIMAL_STR_WIDTH()

- manager: Disallow clone3() function call in seccomp filters

- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing

- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable

- resolve: Fix typo in dns_class_is_pseudo()

- sd-event: Improve handling of process events and termination of processes

- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces

- stdio-bridge: Improve the meaning of the error message

- tmpfiles: Check for the correct directory

1202310

This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

1181475

This update for procps fixes the following issues:

- Fix 'free' command reporting misleading 'used' value (bsc#1181475)

1202175,CVE-2022-37434

This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

1197178,1198731

This update for util-linux fixes the following issues:

- agetty: Resolve tty name even if stdin is specified (bsc#1197178)

- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)

1202593,CVE-2022-35252

This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters

into cookies, which could be exploited by sister sites to cause a

denial of service (bsc#1202593).

1194351

This update for python-dmidecode fixes the following issues:

- Fixed memory map size for 'Type Detail' (bsc#1194351)

- Use update-alternatives mechanism instead of shared subpackage.

- Realign the spec file for python singlespec

1200771

This update for python-pyOpenSSL fixes the following issues:

- Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056).

python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519):

- The minimum ``cryptography`` version is now 3.3.

- Raise an error when an invalid ALPN value is set.

- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``

- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.

1202011

This update for lvm2 fixes the following issues:

- Do not use udev for device listing or device information (bsc#1202011)

1200110

This update for hwdata fixes the following issue:

- Update pci, usb and vendor ids to version 0.360 (bsc#1200110)

1176460,1180816,1180942,1181119,1181935,1183684,1187725,1188061,1193585,1197963,1199528,1200142,1200591,1200968,1200970,1201003,1202614,CVE-2021-20178,CVE-2021-20180,CVE-2021-20191,CVE-2021-20228,CVE-2021-3447,CVE-2021-3583,CVE-2021-3620

This update fixes the following issues:

ansible:

- Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133)

* CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725)

* CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061)

* ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460)

- Update to 2.9.22:

* CVE-2021-3447 (bsc#1183684) multiple modules expose secured values

* CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option

* CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values

* CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values

* CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module

dracut-saltboot:

- Require e2fsprogs (bsc#1202614)

- Update to version 0.1.1657643023.0d694ce

* Update dracut-saltboot dependencies (bsc#1200970)

* Fix network loading when ipappend is used in pxe config

* Add new information messages

golang-github-QubitProducts-exporter_exporter:

- Remove license file from %doc

mgr-daemon:

- Version 4.3.5-1

* Update translation strings

mgr-virtualization:

- Version 4.3.6-1

* Report all VMs in poller, not only running ones (bsc#1199528)

prometheus-blackbox_exporter:

- Exclude s390 arch

python-hwdata:

- Declare the LICENSE file as license and not doc

spacecmd:

- Version 4.3.14-1

* Fix missing argument on system_listmigrationtargets (bsc#1201003)

* Show correct help on calling kickstart_importjson with no arguments

* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)

* Change proxy container config default filename to end with tar.gz

* Update translation strings

spacewalk-client-tools:

- Version 4.3.11-1

* Update translation strings

uyuni-common-libs:

- Version 4.3.5-1

* Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

uyuni-proxy-systemd-services:

- Version 4.3.6-1

* Expose port 80 (bsc#1200142)

* Use volumes rather than bind mounts

* TFTPD to listen on udp port (bsc#1200968)

* Add TAG variable in configuration

* Fix containers namespaces in configuration

zypp-plugin-spacewalk:

- 1.0.13

* Log in before listing channels. (bsc#1197963, bsc#1193585)

1172179,1179962,1186011,1187028,1191925,1194394,1195455,1198356,1198358,1198944,1199147,1199157,1199523,1199629,1199646,1199656,1199659,1199662,1199663,1199679,1199714,1199727,1199779,1199817,1199874,1199950,1199984,1199998,1200276,1200347,1200532,1200591,1200606,1200707,1201003,1201142,1201189,1201224,1201411,1201498,1201782,1201842,1202724,CVE-2022-31248

Security update for SUSE Manager 4.3: Server and Proxy

The following package changes have been done:

- libldap-data-2.4.46-150200.14.11.2 updated

- libtirpc-netconfig-1.2.6-150300.3.6.1 updated

- glibc-2.31-150300.37.1 updated

- libcrypt1-4.4.15-150300.4.4.3 updated

- libuuid1-2.37.2-150400.8.3.1 updated

- libudev1-249.12-150400.8.10.1 updated

- libsmartcols1-2.37.2-150400.8.3.1 updated

- libcom_err2-1.46.4-150400.3.3.1 updated

- libblkid1-2.37.2-150400.8.3.1 updated

- libfdisk1-2.37.2-150400.8.3.1 updated

- libz1-1.2.11-150000.3.33.1 updated

- libpcre1-8.45-150000.20.13.1 updated

- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated

- libstdc++6-11.3.0+git1637-150000.1.9.1 updated

- libpsl5-0.20.1-150000.3.3.1 updated

- libncurses6-6.1-150000.5.12.1 updated

- terminfo-base-6.1-150000.5.12.1 updated

- ncurses-utils-6.1-150000.5.12.1 updated

- libopenssl1_1-1.1.1l-150400.7.7.1 updated

- libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated

- libelf1-0.185-150400.5.3.1 updated

- libxml2-2-2.9.14-150400.5.7.1 updated

- libsystemd0-249.12-150400.8.10.1 updated

- libyaml-cpp0_6-0.6.3-150400.4.3.1 updated

- libmount1-2.37.2-150400.8.3.1 updated

- libdw1-0.185-150400.5.3.1 updated

- libaugeas0-1.12.0-150400.3.3.6 updated

- libldap-2_4-2-2.4.46-150200.14.11.2 updated

- libprocps7-3.3.15-150000.7.25.1 updated

- procps-3.3.15-150000.7.25.1 updated

- sles-release-15.4-150400.55.1 updated

- grep-3.1-150000.4.6.1 updated

- libtirpc3-1.2.6-150300.3.6.1 updated

- gpg2-2.2.27-150300.3.5.1 updated

- libcurl4-7.79.1-150400.5.6.1 updated

- rpm-config-SUSE-1-150400.14.3.1 updated

- permissions-20201225-150400.5.8.1 updated

- pam-1.3.0-150000.6.58.3 updated

- libzypp-17.30.2-150400.3.3.1 updated

- zypper-1.14.53-150400.3.3.1 updated

- util-linux-2.37.2-150400.8.3.1 updated

- timezone-2022a-150000.75.10.1 added

- curl-7.79.1-150400.5.6.1 updated

- libdevmapper1_03-1.02.163-150400.17.3.1 updated

- libexpat1-2.4.4-150400.3.6.9 updated

- systemd-presets-common-SUSE-15-150100.8.17.1 updated

- zstd-1.5.0-150400.1.71 added

- libpython3_6m1_0-3.6.15-150300.10.27.1 updated

- python3-base-3.6.15-150300.10.27.1 updated

- python3-3.6.15-150300.10.27.1 updated

- systemd-presets-branding-SLE-15.1-150100.20.11.1 updated

- python3-uyuni-common-libs-4.3.5-150400.3.3.2 updated

- hwdata-0.360-150000.3.48.1 updated

- apache2-utils-2.4.51-150400.6.3.1 updated

- systemd-249.12-150400.8.10.1 updated

- python3-python-debian-0.1.44-150400.9.3.1 added

- python3-hwdata-2.3.5-150000.3.9.1 updated

- logrotate-3.18.1-150400.3.7.1 updated

- apache2-2.4.51-150400.6.3.1 updated

- apache2-prefork-2.4.51-150400.6.3.1 updated

- python3-cryptography-3.3.2-150400.16.3.1 updated

- python3-pyOpenSSL-21.0.0-150400.3.3.1 updated

- spacewalk-backend-4.3.15-150400.3.3.5 updated

- python3-libxml2-2.9.14-150400.5.7.1 updated

- python3-dmidecode-3.12.2-150400.14.3.1 updated

- python3-spacewalk-client-tools-4.3.11-150400.3.3.4 updated

- spacewalk-client-tools-4.3.11-150400.3.3.4 updated

- spacewalk-proxy-package-manager-4.3.12-150400.3.5.1 updated

- spacewalk-proxy-common-4.3.12-150400.3.5.1 updated

- spacewalk-proxy-broker-4.3.12-150400.3.5.1 updated

- spacewalk-proxy-redirect-4.3.12-150400.3.5.1 updated

- binutils-2.37-150100.7.29.1 removed

- bzip2-1.0.8-150400.1.122 removed

- cpp-7-3.9.1 removed

- cpp7-7.5.0+r278197-4.30.1 removed

- crypto-policies-20210917.c9d86d1-150400.1.7 removed

- dwz-0.12-1.483 removed

- file-5.32-7.14.1 removed

- gcc-7-3.9.1 removed

- gcc7-7.5.0+r278197-4.30.1 removed

- gettext-runtime-0.20.2-1.43 removed

- gettext-tools-0.20.2-1.43 removed

- glibc-devel-2.31-150300.26.5 removed

- glibc-locale-2.31-150300.26.5 removed

- glibc-locale-base-2.31-150300.26.5 removed

- gzip-1.10-150200.10.1 removed

- libasan4-7.5.0+r278197-4.30.1 removed

- libatomic1-11.3.0+git1637-150000.1.9.1 removed

- libcilkrts5-7.5.0+r278197-4.30.1 removed

- libctf-nobfd0-2.37-150100.7.29.1 removed

- libctf0-2.37-150100.7.29.1 removed

- libgomp1-11.3.0+git1637-150000.1.9.1 removed

- libisl15-0.18-1.443 removed

- libitm1-11.3.0+git1637-150000.1.9.1 removed

- liblsan0-11.3.0+git1637-150000.1.9.1 removed

- libmpc3-1.1.0-1.47 removed

- libmpfr6-4.0.2-3.3.1 removed

- libmpx2-8.2.1+r264010-150000.1.6.4 removed

- libmpxwrappers2-8.2.1+r264010-150000.1.6.4 removed

- libtextstyle0-0.20.2-1.43 removed

- libtsan0-11.3.0+git1637-150000.1.9.1 removed

- libubsan0-7.5.0+r278197-4.30.1 removed

- libxcrypt-devel-4.4.15-150300.4.2.41 removed

- linux-glibc-devel-5.14-150400.4.44 removed

- make-4.2.1-7.3.2 removed

- openssl-1.1.1l-150400.1.5 removed

- openssl-1_1-1.1.1l-150400.5.14 removed

- patch-2.7.6-150000.5.3.1 removed

- perl-5.26.1-150300.17.3.1 removed

- perl-DBI-1.642-3.9.1 removed

- perl-Module-Implementation-0.09-1.22 removed

- perl-Module-Runtime-0.016-1.17 removed

- perl-Params-Validate-1.29-1.25 removed

- perl-Try-Tiny-0.30-1.17 removed

- python-rpm-macros-20220106.80d3756-150400.1.44 removed

- python3-debian-0.1.31-3.19 removed

- python3-spacewalk-certs-tools-4.3.13-150400.1.1 removed

- rpm-build-4.14.3-150300.46.1 removed

- spacewalk-base-minimal-4.3.20-150400.1.2 removed

- spacewalk-base-minimal-config-4.3.20-150400.1.2 removed

- spacewalk-certs-tools-4.3.13-150400.1.1 removed

- spacewalk-ssl-cert-check-4.3.2-150400.1.29 removed

- sudo-1.9.9-150400.2.5 removed

- susemanager-build-keys-15.3.5-150400.1.12 removed

- susemanager-build-keys-web-15.3.5-150400.1.12 removed

- systemd-rpm-macros-11-7.27.1 removed

- tar-1.34-150000.3.12.1 removed

Severity
Container Advisory ID : SUSE-CU-2022:2149-1
Container Tags : suse/manager/4.3/proxy-httpd:4.3.1 , suse/manager/4.3/proxy-httpd:4.3.1.9.7.1 , suse/manager/4.3/proxy-httpd:latest
Container Release : 9.7.1
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.