SUSE: 2023:3074-1 ses/7.1/ceph/keepalived Security Update
Summary
Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2879-1 Released: Wed Jul 19 09:45:34 2023 Summary: Security update for dbus-1 Type: security Severity: moderate Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate Advisory ID: SUSE-SU-2023:3179-1 Released: Thu Aug 3 13:59:38 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate Advisory ID: SUSE-SU-2023:3210-1 Released: Mon Aug 7 15:20:04 2023 Summary: Security update for pcre2 Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3218-1 Released: Mon Aug 7 16:52:13 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3284-1 Released: Fri Aug 11 10:29:50 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3291-1 Released: Fri Aug 11 12:51:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate Advisory ID: SUSE-SU-2023:3365-1 Released: Fri Aug 18 20:35:01 2023 Summary: Security update for krb5 Type: security Severity: important Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low Advisory ID: SUSE-RU-2023:3487-1 Released: Tue Aug 29 14:28:35 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3515-1 Released: Fri Sep 1 15:54:25 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3639-1 Released: Mon Sep 18 13:33:16 2023 Summary: Security update for libeconf Type: security Severity: moderate Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important Advisory ID: SUSE-SU-2023:3698-1 Released: Wed Sep 20 11:01:15 2023 Summary: Security update for libxml2 Type: security Severity: important
References
References : 1089497 1158763 1198165 1201627 1202234 1206627 1207534 1208721
1209229 1209565 1210740 1210999 1211078 1211079 1211261 1211419
1211661 1211828 1212126 1212187 1212187 1212222 1212260 1213189
1213231 1213487 1213514 1213517 1213557 1213673 1213853 1214052
1214054 1214071 1214290 1214768 CVE-2022-41409 CVE-2022-4304
CVE-2023-22652 CVE-2023-2603 CVE-2023-30078 CVE-2023-30079 CVE-2023-31484
CVE-2023-32181 CVE-2023-3446 CVE-2023-34969 CVE-2023-36054 CVE-2023-3817
CVE-2023-39615 CVE-2023-4016 CVE-2023-4039
1211661,1212187
This update for libzypp fixes the following issues:
- Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187]
- Do not unconditionally release a medium if provideFile failed. [bsc#1211661]
This update for gcc12 fixes the following issues:
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression and other bug fixes
- Speed up builds with --enable-link-serialization.
- Update embedded newlib to version 4.2.0
1202234,1209565,1211261,1212187,1212222
This update for yast2-pkg-bindings fixes the following issues:
libzypp was updated to version 17.31.14 (22):
- Curl: trim all custom headers (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. So we make
sure all custom headers are trimmed. This also includes headers
returned by URL-Resolver plugins.
- build: honor libproxy.pc's includedir (bsc#1212222)
zypper was updated to version 1.14.61:
- targetos: Add an error note if XPath:/product/register/target
is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
yast2-pkg-bindings, autoyast:
- Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- Selected products are not installed after resetting the package manager internally (bsc#1202234)
yast2-update:
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
1212260
This update for openldap2 fixes the following issues:
- libldap2 crashes on ldap_sasl_bind_s (bsc#1212260)
1212126,CVE-2023-34969
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
1210999,CVE-2023-31484
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
1208721,1209229,1211828
This update for glibc fixes the following issues:
- getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235)
- Exclude static archives from preparation for live patching (bsc#1208721)
- resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527)
1089497
This update for gpgme fixes the following issues:
gpgme:
- Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497)
libassuan:
- Version upgrade to 2.5.5 in LTSS to address gpgme new requirements
1211419,CVE-2023-2603
This update for libcap fixes the following issues:
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
- Update further expiring certificates that affect tests [bsc#1201627]
1213514,CVE-2022-41409
This update for pcre2 fixes the following issues:
- CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).
1211079
This update for cryptsetup fixes the following issues:
- Handle system with low memory and no swap space (bsc#1211079)
1206627,1213189
This update for shadow fixes the following issues:
- Prevent lock files from remaining after power interruptions (bsc#1213189)
- Add --prefix support to passwd, chpasswd and chage (bsc#1206627)
1213517,1213853,CVE-2023-3817
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
1214054,CVE-2023-36054
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
1214290,CVE-2023-4016
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
1214071
This update for lvm2 fixes the following issues:
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
1158763,1210740,1213231,1213557,1213673
This update for libzypp, zypper fixes the following issues:
- Fix occasional isue with downloading very small files (bsc#1213673)
- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)
- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)
- Revised explanation of --force-resolution in man page (bsc#1213557)
- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)
1198165,1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
The following non-security bug was fixed:
- Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165).
1214052,CVE-2023-4039
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
1214768,CVE-2023-39615
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
The following package changes have been done:
- dbus-1-1.12.2-150100.8.17.1 updated
- glibc-2.31-150300.52.2 updated
- krb5-1.19.2-150300.13.1 updated
- libassuan0-2.5.5-150000.4.5.2 updated
- libcap2-2.26-150000.4.9.1 updated
- libcryptsetup12-hmac-2.3.7-150300.3.8.1 updated
- libcryptsetup12-2.3.7-150300.3.8.1 updated
- libdbus-1-3-1.12.2-150100.8.17.1 updated
- libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 updated
- libeconf0-0.5.2-150300.3.11.1 updated
- libgcc_s1-12.3.0+git1204-150000.1.16.1 updated
- libldap-2_4-2-2.4.46-150200.14.17.1 updated
- libldap-data-2.4.46-150200.14.17.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.75.1 updated
- libopenssl1_1-1.1.1d-150200.11.75.1 updated
- libpcre2-8-0-10.31-150000.3.15.1 updated
- libprocps7-3.3.15-150000.7.34.1 updated
- libprotobuf-lite20-3.9.2-150200.4.21.1 updated
- libsolv-tools-0.7.24-150200.20.2 updated
- libstdc++6-12.3.0+git1204-150000.1.16.1 updated
- libxml2-2-2.9.7-150000.3.60.1 updated
- libzypp-17.31.20-150200.75.1 updated
- login_defs-4.8.1-150300.4.9.1 updated
- openssl-1_1-1.1.1d-150200.11.75.1 updated
- perl-base-5.26.1-150300.17.14.1 updated
- perl-5.26.1-150300.17.14.1 updated
- procps-3.3.15-150000.7.34.1 updated
- shadow-4.8.1-150300.4.9.1 updated
- zypper-1.14.63-150200.59.1 updated
- container:sles15-image-15.0.0-17.20.185 updated