SUSE: 2022:2730-1 suse/manager/4.3/proxy-ssh Security Update
Summary
Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security Severity: important Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important
References
References : 1047178 1121365 1180995 1182983 1189802 1190651 1190653 1190700
1190888 1191020 1193859 1195773 1198471 1198472 1198752 1199140
1199492 1200800 1201293 1201680 1201783 1201942 1202117 1202148
1202624 1202870 1203018 1203046 1203069 1203438 1204366 1204367
CVE-2017-6512 CVE-2021-28861 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252
CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
1202870
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
1201942
This update for glibc fixes the following issues:
- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)
1203438,CVE-2022-40674
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
1202624,CVE-2021-28861
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
1182983,1190700,1191020,1202117
This update for libgcrypt fixes the following issues:
- FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while
typing Tab key to Auto-Completion. [bsc#1182983]
- FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
* Enable the jitter based entropy generator by default in random.conf
* Update the internal jitterentropy to version 3.4.0
- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
* Consider approved keylength greater or equal to 112 bits.
- FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020]
1199492
This update for aaa_base fixes the following issues:
- The wrapper rootsh is not a restricted shell. (bsc#1199492)
1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069
This update for openssl-1_1 fixes the following issues:
- FIPS: Default to RFC-7919 groups for genparam and dhparam
- FIPS: list only FIPS approved digest and public key algorithms
[bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472]
- FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069]
- FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293]
* The FIPS_drbg implementation is not FIPS validated anymore. To
provide backwards compatibility for applications that need FIPS
compliant RNG number generation and use FIPS_drbg_generate,
this function was re-wired to call the FIPS validated DRBG
instance instead through the RAND_bytes() call.
- FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046]
- FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941]
libcrypto.so now requires libjitterentropy3 library.
- FIPS: OpenSSL Provide a service-level indicator [bsc#1190651]
- FIPS: Add zeroization of temporary variables to the hmac integrity
function FIPSCHECK_verify(). [bsc#1190653]
1204366,1204367,CVE-2022-40303,CVE-2022-40304
This update for libxml2 fixes the following issues:
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- glibc-2.31-150300.41.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libgcrypt20-1.9.4-150400.6.5.1 updated
- libgcrypt20-hmac-1.9.4-150400.6.5.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libjitterentropy3-3.4.0-150000.1.6.1 added
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libxml2-2-2.9.14-150400.5.10.1 updated
- libopenssl1_1-1.1.1l-150400.7.10.5 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.10.5 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated
- libexpat1-2.4.4-150400.3.9.1 updated
- libpython3_6m1_0-3.6.15-150300.10.30.1 updated
- python3-base-3.6.15-150300.10.30.1 updated
- python3-3.6.15-150300.10.30.1 updated
