SUSE: 2022:2972-1 suse/sle-micro/5.2/toolbox Security Update
Summary
Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important
References
References : 1196840 1199492 1199918 1199926 1199927 1204708 CVE-2022-43680
1196840,1199492,1199918,1199926,1199927
This update for aaa_base and iputils fixes the following issues:
aaa_base:
- Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927)
- The wrapper rootsh is not a restricted shell (bsc#1199492)
iputils:
- Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927)
1204708,CVE-2022-43680
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
The following package changes have been done:
- iputils-s20161105-150000.8.6.1 updated
- libexpat1-2.2.5-150000.3.25.1 updated