SUSE: 2022:2561-1 suse/sle-micro/5.3/toolbox Security Update
Summary
Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-RU-2022:2573-1 Released: Thu Jul 28 04:24:19 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important Advisory ID: SUSE-RU-2022:2640-1 Released: Wed Aug 3 10:43:44 2022 Summary: Recommended update for yaml-cpp Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3220-1 Released: Fri Sep 9 04:30:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important Advisory ID: SUSE-RU-2022:3564-1 Released: Tue Oct 11 16:15:57 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical Advisory ID: SUSE-RU-2022:3604-1 Released: Mon Oct 17 22:29:59 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate
References
References : 1160171 1178331 1178332 1181475 1182983 1189282 1189802 1190700
1191020 1193282 1194550 1195061 1195773 1196125 1196490 1197684
1198341 1198627 1198720 1198752 1199042 1199132 1199140 1199492
1199895 1200624 1200747 1200800 1200993 1201092 1201225 1201385
1201576 1201638 1201680 1201783 1201972 1202117 1202175 1202310
1202593 1203018 1203649 CVE-2021-36690 CVE-2021-46828 CVE-2022-23308
CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-34903 CVE-2022-35252
CVE-2022-35737 CVE-2022-37434
1193282
This update for rpm-config-SUSE fixes the following issues:
- Add SBAT values macros for other packages (bsc#1193282)
1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
Update to 2.9.14:
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
Update to version 2.9.13:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)
1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
1198720,1200747,1201385
This update for permissions fixes the following issues:
* apptainer: fix starter-suid location (bsc#1198720)
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
1160171,1178331,1178332,1200624
This update for yaml-cpp fixes the following issue:
- Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old
ABI to prevent ABI breakage and crash of applications compiled with 0.6.1
(bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171).
1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
This update for rpm fixes the following issues:
- Support Ed25519 RPM signatures [jsc#SLE-24714]
1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors- Put signing key supplying repository name in quotes
1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
1182983,1190700,1191020,1202117
This update for libgcrypt fixes the following issues:
- FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while
typing Tab key to Auto-Completion. [bsc#1182983]
- FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
* Enable the jitter based entropy generator by default in random.conf
* Update the internal jitterentropy to version 3.4.0
- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
* Consider approved keylength greater or equal to 112 bits.
- FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020]
1199492
This update for aaa_base fixes the following issues:
- The wrapper rootsh is not a restricted shell. (bsc#1199492)
1189282,1201972,1203649
This update for libzypp, zypper fixes the following issues:
libzypp:
- Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282)
- Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
- Remove migration code that is no longer needed (bsc#1203649)
- Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined
zypper:
- Fix contradiction in the man page: `--download-in-advance` option is the default behavior
- Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
- Fix tests to use locale 'C.UTF-8' rather than 'en_US'
- Make sure 'up' respects solver related CLI options (bsc#1201972)
- Remove unneeded code to compute the PPP status because it is now auto established
- Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined
1195061
This update for sles15-image fixes the following issues:
- Make the title match BCI (bsc#1195061)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated
- glibc-2.31-150300.41.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- libassuan0-2.5.5-150000.4.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libgcrypt20-hmac-1.9.4-150400.6.5.1 updated
- libgcrypt20-1.9.4-150400.6.5.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- libudev1-249.12-150400.8.10.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libxml2-2-2.9.14-150400.5.7.1 updated
- libyaml-cpp0_6-0.6.3-150400.4.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzck1-1.1.16-150400.1.10 added
- libzypp-17.31.2-150400.3.9.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- permissions-20201225-150400.5.11.1 updated
- procps-3.3.15-150000.7.25.1 updated
- rpm-config-SUSE-1-150400.14.3.1 updated
- rpm-ndb-4.14.3-150300.49.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- zypper-1.14.57-150400.3.9.1 updated
- container:sles15-image-15.0.0-27.12.1 updated