SUSE Container Update Advisory: suse/sles/15.4/virt-launcher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2278-1
Container Tags        : suse/sles/15.4/virt-launcher:0.49.0 , suse/sles/15.4/virt-launcher:0.49.0-150400.1.37 , suse/sles/15.4/virt-launcher:0.49.0.18.29
Container Release     : 18.29
Severity              : important
Type                  : security
References            : 1187365 1197178 1198405 1198731 1198752 1198925 1199724 1200270
                        1200570 1200697 1200698 1200700 1200701 1200732 1200800 1200884
                        1200902 1200903 1200904 1201132 1201133 1201134 1201135 1201136
                        1201150 1201151 1201152 1201153 1201154 1201155 1201249 1201356
                        1201359 1201363 1201551 1201620 1201863 1202011 1202046 1202049
                        1202050 1202051 1202175 1202310 1202414 1202420 1202421 1202511
                        1202512 1202515 1202552 1202593 1202599 1202687 1202689 1202862
                        CVE-2021-3593 CVE-2022-1720 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125
                        CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183
                        CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231
                        CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286
                        CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345
                        CVE-2022-24795 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581
                        CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845
                        CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923
                        CVE-2022-2946 CVE-2022-3016 CVE-2022-35252 CVE-2022-37434 
-----------------------------------------------------------------

The container suse/sles/15.4/virt-launcher was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released:    Mon Aug 29 11:21:47 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1202310
This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2941-1
Released:    Tue Aug 30 10:51:09 2022
Summary:     Security update for libslirp
Type:        security
Severity:    moderate
References:  1187365,1201551,CVE-2021-3593
This update for libslirp fixes the following issues:

- CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).

Non-security fixes:

- Fix the version header (bsc#1201551)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released:    Wed Aug 31 09:16:21 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1202175,CVE-2022-37434
This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released:    Thu Sep  1 12:30:19 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1197178,1198731
This update for util-linux fixes the following issues:

- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released:    Fri Sep  2 10:44:54 2022
Summary:     Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type:        recommended
Severity:    moderate
References:  1198925

This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)

No codechanges were done in this update.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released:    Fri Sep  2 15:01:44 2022
Summary:     Security update for curl
Type:        security
Severity:    low
References:  1202593,CVE-2022-35252
This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters  into cookies, which could be exploited by sister sites to cause a
  denial of service (bsc#1202593).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released:    Tue Sep  6 15:43:53 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1202011
This update for lvm2 fixes the following issues:

- Do not use udev for device listing or device information (bsc#1202011)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released:    Wed Sep  7 04:36:10 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1198752,1200800
This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3162-1
Released:    Wed Sep  7 15:07:31 2022
Summary:     Security update for libyajl
Type:        security
Severity:    moderate
References:  1198405,CVE-2022-24795
This update for libyajl fixes the following issues:

- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3206-1
Released:    Thu Sep  8 11:16:02 2022
Summary:     Recommended update for bash-completion
Type:        recommended
Severity:    low
References:  1199724
This update for bash-completion fixes the following issues:

- Enable upstream commit to list ko.zst modules as well. (bsc#1199724)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3209-1
Released:    Thu Sep  8 13:10:13 2022
Summary:     Recommended update for open-iscsi
Type:        recommended
Severity:    moderate
References:  1200570
This update for open-iscsi fixes the following issues:

- Set the systemd unit files as non executable. (bsc#1200570)
- For openSUSE Tumbleweed, moved logrotate files from user-specific directory `/etc/logrotate.d` to 
  vendor-specific `/usr/etc/logrotate.d`

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3229-1
Released:    Fri Sep  9 14:46:01 2022
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016
This update for vim fixes the following issues:

Updated to version 9.0 with patch level 0313:

- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
  
Bugfixes:

- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).


The following package changes have been done:

- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- bash-completion-2.7-150000.4.9.1 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libnettle8-3.8.1-150500.1.4 updated
- libslirp0-4.3.1-150300.11.1 updated
- libyajl2-2.1.0-150000.4.3.1 updated
- vim-data-common-9.0.0313-150000.5.25.1 updated
- libxcb1-1.13-150000.3.9.1 updated
- liblvm2cmd2_03-2.03.05-150400.175.1 updated
- libdevmapper-event1_03-1.02.163-150400.17.3.1 updated
- libhogweed6-3.8.1-150500.1.4 updated
- libmpath0-0.9.1+52+suse.be8809e-150500.1.1 updated
- libopeniscsiusr0_2_0-2.1.7-150400.39.8.1 updated
- device-mapper-1.02.163-150400.17.3.1 updated
- vim-9.0.0313-150000.5.25.1 updated
- open-iscsi-2.1.7-150400.39.8.1 updated
- lvm2-2.03.05-150400.175.1 updated
- qemu-ovmf-x86_64-202205-150500.1.1 updated
- container:sles15-image-15.0.0-31.13 updated

SUSE: 2022:2278-1 suse/sles/15.4/virt-launcher Security Update

September 16, 2022
The container suse/sles/15.4/virt-launcher was updated

Summary

Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2941-1 Released: Tue Aug 30 10:51:09 2022 Summary: Security update for libslirp Type: security Severity: moderate Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low Advisory ID: SUSE-RU-2022:3118-1 Released: Tue Sep 6 15:43:53 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3162-1 Released: Wed Sep 7 15:07:31 2022 Summary: Security update for libyajl Type: security Severity: moderate Advisory ID: SUSE-RU-2022:3206-1 Released: Thu Sep 8 11:16:02 2022 Summary: Recommended update for bash-completion Type: recommended Severity: low Advisory ID: SUSE-RU-2022:3209-1 Released: Thu Sep 8 13:10:13 2022 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3229-1 Released: Fri Sep 9 14:46:01 2022 Summary: Security update for vim Type: security Severity: important

References

References : 1187365 1197178 1198405 1198731 1198752 1198925 1199724 1200270

1200570 1200697 1200698 1200700 1200701 1200732 1200800 1200884

1200902 1200903 1200904 1201132 1201133 1201134 1201135 1201136

1201150 1201151 1201152 1201153 1201154 1201155 1201249 1201356

1201359 1201363 1201551 1201620 1201863 1202011 1202046 1202049

1202050 1202051 1202175 1202310 1202414 1202420 1202421 1202511

1202512 1202515 1202552 1202593 1202599 1202687 1202689 1202862

CVE-2021-3593 CVE-2022-1720 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125

CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183

CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231

CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286

CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345

CVE-2022-24795 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581

CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845

CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923

CVE-2022-2946 CVE-2022-3016 CVE-2022-35252 CVE-2022-37434

1202310

This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

1187365,1201551,CVE-2021-3593

This update for libslirp fixes the following issues:

- CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).

Non-security fixes:

- Fix the version header (bsc#1201551)

1202175,CVE-2022-37434

This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

1197178,1198731

This update for util-linux fixes the following issues:

- agetty: Resolve tty name even if stdin is specified (bsc#1197178)

- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)

1198925

This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)

No codechanges were done in this update.

1202593,CVE-2022-35252

This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a

denial of service (bsc#1202593).

1202011

This update for lvm2 fixes the following issues:

- Do not use udev for device listing or device information (bsc#1202011)

1198752,1200800

This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)

- Fix memory leak in params.r_addr assignement (bsc#1198752)

1198405,CVE-2022-24795

This update for libyajl fixes the following issues:

- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).

1199724

This update for bash-completion fixes the following issues:

- Enable upstream commit to list ko.zst modules as well. (bsc#1199724)

1200570

This update for open-iscsi fixes the following issues:

- Set the systemd unit files as non executable. (bsc#1200570)

- For openSUSE Tumbleweed, moved logrotate files from user-specific directory `/etc/logrotate.d` to

vendor-specific `/usr/etc/logrotate.d`

1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016

This update for vim fixes the following issues:

Updated to version 9.0 with patch level 0313:

- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).

- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).

- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).

- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).

- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).

- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).

- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).

- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).

- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).

- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).

- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).

- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).

- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).

- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).

- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).

- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).

- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).

- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).

- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).

- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).

- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).

- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).

- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).

- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).

- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).

- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).

- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).

- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).

- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).

- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).

- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).

- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).

- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).

- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).

- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).

- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).

- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).

- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).

- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).

- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).

Bugfixes:

- Fixing vim error on startup (bsc#1200884).

- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).

The following package changes have been done:

- libtirpc-netconfig-1.2.6-150300.3.11.1 updated

- libuuid1-2.37.2-150400.8.3.1 updated

- libsmartcols1-2.37.2-150400.8.3.1 updated

- libblkid1-2.37.2-150400.8.3.1 updated

- libfdisk1-2.37.2-150400.8.3.1 updated

- libz1-1.2.11-150000.3.33.1 updated

- libmount1-2.37.2-150400.8.3.1 updated

- libtirpc3-1.2.6-150300.3.11.1 updated

- sles-release-15.5-150500.10.2 updated

- libcurl4-7.79.1-150400.5.6.1 updated

- util-linux-2.37.2-150400.8.3.1 updated

- timezone-2022a-150000.75.10.1 updated

- bash-completion-2.7-150000.4.9.1 updated

- libdevmapper1_03-1.02.163-150400.17.3.1 updated

- libnettle8-3.8.1-150500.1.4 updated

- libslirp0-4.3.1-150300.11.1 updated

- libyajl2-2.1.0-150000.4.3.1 updated

- vim-data-common-9.0.0313-150000.5.25.1 updated

- libxcb1-1.13-150000.3.9.1 updated

- liblvm2cmd2_03-2.03.05-150400.175.1 updated

- libdevmapper-event1_03-1.02.163-150400.17.3.1 updated

- libhogweed6-3.8.1-150500.1.4 updated

- libmpath0-0.9.1+52+suse.be8809e-150500.1.1 updated

- libopeniscsiusr0_2_0-2.1.7-150400.39.8.1 updated

- device-mapper-1.02.163-150400.17.3.1 updated

- vim-9.0.0313-150000.5.25.1 updated

- open-iscsi-2.1.7-150400.39.8.1 updated

- lvm2-2.03.05-150400.175.1 updated

- qemu-ovmf-x86_64-202205-150500.1.1 updated

- container:sles15-image-15.0.0-31.13 updated

Severity
Container Advisory ID : SUSE-CU-2022:2278-1
Container Tags : suse/sles/15.4/virt-launcher:0.49.0 , suse/sles/15.4/virt-launcher:0.49.0-150400.1.37 , suse/sles/15.4/virt-launcher:0.49.0.18.29
Container Release : 18.29
Severity : important
Type : security

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved