SUSE Container Update Advisory: suse/rmt-nginx
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:323-1
Container Tags        : suse/rmt-nginx:1.21 , suse/rmt-nginx:1.21-14.14 , suse/rmt-nginx:latest
Container Release     : 14.14
Severity              : important
Type                  : security
References            : 1040589 1047178 1073299 1093392 1104700 1112310 1113554 1120402
                        1121365 1130557 1137373 1140016 1150451 1169582 1172055 1177460
                        1177460 1177460 1177460 1177460 1177460 1177460 1177460 1178346
                        1178350 1178353 1179416 1180125 1180995 1181658 1181805 1182983
                        1183543 1183545 1183659 1185299 1185637 1187670 1188127 1188548
                        1190651 1190651 1190651 1190653 1190700 1190824 1190888 1191020
                        1191157 1192951 1193282 1193489 1193659 1193711 1193859 1194038
                        1194047 1194708 1194968 1195059 1195157 1195283 1195628 1195964
                        1195965 1196025 1196026 1196093 1196107 1196168 1196169 1196171
                        1196275 1196406 1196490 1196647 1196784 1196861 1197004 1197024
                        1197065 1197066 1197068 1197072 1197073 1197074 1197178 1197459
                        1197570 1197631 1197718 1197771 1197794 1198062 1198165 1198176
                        1198341 1198446 1198471 1198472 1198627 1198720 1198731 1198732
                        1198751 1198752 1198823 1198830 1198832 1198925 1199132 1199140
                        1199140 1199166 1199232 1199232 1199235 1199240 1199467 1199492
                        1200170 1200334 1200550 1200723 1200734 1200735 1200736 1200737
                        1200747 1200800 1200855 1200855 1201099 1201174 1201175 1201176
                        1201276 1201293 1201385 1201560 1201640 1201680 1201723 1201795
                        1201942 1201959 1201971 1202026 1202117 1202148 1202148 1202175
                        1202310 1202324 1202466 1202467 1202468 1202593 1202750 1202870
                        1202968 1202971 1202973 1203018 1203046 1203069 1203438 1203652
                        1203652 1203911 1204179 1204211 1204366 1204367 1204383 1204386
                        1204422 1204425 1204526 1204527 1204585 1204641 1204642 1204643
                        1204644 1204645 1204649 1204708 1204944 1204968 1205000 1205000
                        1205126 1205156 1205392 1205422 1205502 1205646 1206308 1206309
                        1207029 1207030 1207031 1207182 1207264 1207533 1207534 1207536
                        1207538 CVE-2017-6512 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271
                        CVE-2021-3421 CVE-2021-46828 CVE-2022-0561 CVE-2022-0561 CVE-2022-0562
                        CVE-2022-0865 CVE-2022-0891 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924
                        CVE-2022-1056 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586
                        CVE-2022-1586 CVE-2022-1587 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058
                        CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-2519 CVE-2022-2520
                        CVE-2022-2521 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314
                        CVE-2022-25315 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-2867
                        CVE-2022-2868 CVE-2022-2869 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824
                        CVE-2022-31252 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
                        CVE-2022-32221 CVE-2022-34266 CVE-2022-34526 CVE-2022-35252 CVE-2022-3554
                        CVE-2022-3555 CVE-2022-3570 CVE-2022-3597 CVE-2022-3598 CVE-2022-3599
                        CVE-2022-3626 CVE-2022-3627 CVE-2022-37434 CVE-2022-3821 CVE-2022-3970
                        CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-41741 CVE-2022-41742
                        CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552
                        CVE-2022-43680 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-44617
                        CVE-2022-46285 CVE-2022-4883 CVE-2023-0215 CVE-2023-0286 
-----------------------------------------------------------------

The container suse/rmt-nginx was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released:    Tue Jul 17 09:01:19 2018
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1073299,1093392
This update for timezone provides the following fixes:

- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
  in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
  timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
  setting an incorrect timezone. (bsc#1093392)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released:    Thu Oct 25 14:48:34 2018
Summary:     Recommended update for timezone, timezone-java
Type:        recommended
Severity:    moderate
References:  1104700,1112310

  
This update for timezone, timezone-java fixes the following issues:

The timezone database was updated to 2018f:

- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates

Other bugfixes:

- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released:    Wed Oct 31 16:16:56 2018
Summary:     Recommended update for timezone, timezone-java
Type:        recommended
Severity:    moderate
References:  1113554
This update provides the latest time zone definitions (2018g), including the following change:

- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released:    Tue Jan 15 18:02:58 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1120402
This update for timezone fixes the following issues:

- Update 2018i:
  São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
  Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
  New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
  Metlakatla, Alaska observes PST this winter only
  Guess Morocco will continue to adjust clocks around Ramadan
  Add predictions for Iran from 2038 through 2090
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released:    Thu Mar 28 12:06:17 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1130557
This update for timezone fixes the following issues:

timezone was updated 2019a:

* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released:    Thu Jul 11 07:47:55 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1140016
This update for timezone fixes the following issues:

- Timezone update 2019b. (bsc#1140016):
  - Brazil no longer observes DST.
  - 'zic -b slim' outputs smaller TZif files.
  - Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
  - Add info about the Crimea situation.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released:    Thu Oct 24 07:08:44 2019
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1150451
This update for timezone fixes the following issues:

- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released:    Mon May 18 09:40:36 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1169582
This update for timezone fixes the following issues:

- timezone update 2020a. (bsc#1169582)
  * Morocco springs forward on 2020-05-31, not 2020-05-24.
  * Canada's Yukon advanced to -07 year-round on 2020-03-08.
  * America/Nuuk renamed from America/Godthab.
  * zic now supports expiration dates for leap second lists.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released:    Thu Jun  4 13:24:37 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1172055
This update for timezone fixes the following issue:

- zdump --version reported 'unknown' (bsc#1172055)
 
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released:    Thu Oct 29 19:33:41 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2020b (bsc#1177460)
  * Revised predictions for Morocco's changes starting in 2023.
  * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
  * Macquarie Island has stayed in sync with Tasmania since 2011.
  * Casey, Antarctica is at +08 in winter and +11 in summer.
  * zic no longer supports -y, nor the TYPE field of Rules.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released:    Tue Nov  3 09:48:13 2020
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:

- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released:    Wed Jan 20 13:38:51 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

- timezone update 2020f (bsc#1177460)
  * 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
    fixing a 2020e bug.

- timezone update 2020e (bsc#1177460)
  * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released:    Thu Feb  4 08:46:27 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2021a (bsc#1177460)
  * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

- timezone update 2021a (bsc#1177460)
  * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released:    Thu Jul 29 14:21:52 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2682-1
Released:    Thu Aug 12 20:06:19 2021
Summary:     Security update for rpm
Type:        security
Severity:    important
References:  1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421
This update for rpm fixes the following issues:

- Changed default package verification level to 'none' to be compatible to rpm-4.14.1
- Made illegal obsoletes a warning
- Fixed a potential access of freed mem in ndb's glue code (bsc#1179416)
- Added support for enforcing signature policy and payload verification step to
  transactions (jsc#SLE-17817)
- Added :humansi and :hmaniec query formatters for human readable output
- Added query selectors for whatobsoletes and whatconflicts
- Added support for sorting caret higher than base version
- rpm does no longer require the signature header to be in a contiguous
  region when signing (bsc#1181805)

Security fixes:

- CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an
  attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM
  repository, to cause RPM database corruption. The highest threat from this vulnerability is to
  data integrity (bsc#1183543)

- CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file.
  This flaw allows an attacker who can convince a victim to install a seemingly verifiable package,
  whose signature header was modified, to cause RPM database corruption and execute code. The highest
  threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545)

- CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker
  who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability
  is to system availability.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3445-1
Released:    Fri Oct 15 09:03:39 2021
Summary:     Security update for rpm
Type:        security
Severity:    important
References:  1183659,1185299,1187670,1188548
This update for rpm fixes the following issues:

Security issues fixed:

- PGP hardening changes (bsc#1185299)

Maintaince issues fixed:

- Fixed zstd detection (bsc#1187670)
- Added ndb rofs support (bsc#1188548)
- Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released:    Thu Dec  2 11:47:07 2021
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

Update timezone to 2021e (bsc#1177460)

- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:96-1
Released:    Tue Jan 18 05:14:44 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    important
References:  1180125,1190824,1193711
This update for rpm fixes the following issues:

- Fix header check so that old rpms no longer get rejected (bsc#1190824)
- Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:520-1
Released:    Fri Feb 18 12:45:19 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    moderate
References:  1194968
This update for rpm fixes the following issues:

- Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:936-1
Released:    Tue Mar 22 18:10:17 2022
Summary:     Recommended update for filesystem and systemd-rpm-macros
Type:        recommended
Severity:    moderate
References:  1196275,1196406
This update for filesystem and systemd-rpm-macros fixes the following issues:

filesystem:

- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)

systemd-rpm-macros:

- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released:    Wed Mar 30 16:20:56 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1196093,1197024
This update for pam fixes the following issues:

- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. 
  This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released:    Wed Mar 30 18:27:06 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1197459,CVE-2018-25032
This update for zlib fixes the following issues:

- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released:    Tue Apr  5 18:34:06 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not on 03-26
  * `zdump -v` now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released:    Tue Apr 12 14:44:43 2022
Summary:     Security update for xz
Type:        security
Severity:    important
References:  1198062,CVE-2022-1271
This update for xz fixes the following issues:

- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released:    Wed Apr 20 12:26:38 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1196647
This update for libtirpc fixes the following issues:

- Add option to enforce connection via protocol version 2 first (bsc#1196647)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released:    Mon Apr 25 15:02:13 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1191157,1197004
This update for openldap2 fixes the following issues:

- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
  resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released:    Tue Apr 26 12:54:57 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1195628,1196107
This update for gcc11 fixes the following issues:

- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
  packages provided by older GCC work.  Add a requires from that
  package to the corresponding libstc++6 package to keep those
  at the same version.  [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
  to Recommends.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released:    Thu Apr 28 10:47:22 2022
Summary:     Recommended update for perl
Type:        recommended
Severity:    moderate
References:  1193489
This update for perl fixes the following issues:

- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released:    Fri May 13 15:36:10 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1197794
This update for pam fixes the following issue:

- Do not include obsolete header files (bsc#1197794)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released:    Fri May 13 15:40:20 2022
Summary:     Recommended update for libpsl
Type:        recommended
Severity:    important
References:  1197771
This update for libpsl fixes the following issues:

- Fix libpsl compilation issues (bsc#1197771)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released:    Mon May 16 10:06:30 2022
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:

- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1718-1
Released:    Tue May 17 17:44:43 2022
Summary:     Security update for e2fsprogs
Type:        security
Severity:    important
References:  1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:

- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
  and possibly arbitrary code execution. (bsc#1198446)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1882-1
Released:    Mon May 30 12:37:13 2022
Summary:     Security update for tiff
Type:        security
Severity:    important
References:  1195964,1195965,1197066,1197068,1197072,1197073,1197074,1197631,CVE-2022-0561,CVE-2022-0562,CVE-2022-0865,CVE-2022-0891,CVE-2022-0908,CVE-2022-0909,CVE-2022-0924,CVE-2022-1056
This update for tiff fixes the following issues:

- CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964).
- CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965).
- CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066).
- CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072).
- CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073).
- CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074).
- CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631).
- CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released:    Tue May 31 09:24:18 2022
Summary:     Recommended update for grep
Type:        recommended
Severity:    moderate
References:  1040589
This update for grep fixes the following issues:

- Make profiling deterministic. (bsc#1040589, SLE-24115)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released:    Wed Jun  1 10:43:22 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    important
References:  1198176
This update for libtirpc fixes the following issues:

- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released:    Wed Jun  1 16:25:35 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1198751
This update for glibc fixes the following issues:

- Add the correct name for the IBM Z16 (bsc#1198751).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released:    Wed Jun  8 16:50:07 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:

Update to the GCC 11.3.0 release.

* includes SLS hardening backport on x86_64.  [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild.  [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586.  [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune 
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines.  [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build  [bsc#1192951]
* Package mwaitintrin.h

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2294-1
Released:    Wed Jul  6 13:34:15 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
This update for expat fixes the following issues:

- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2305-1
Released:    Wed Jul  6 13:38:42 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208
This update for curl fixes the following issues:

- CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2308-1
Released:    Wed Jul  6 14:15:13 2022
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:

- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2360-1
Released:    Tue Jul 12 12:01:39 2022
Summary:     Security update for pcre2
Type:        security
Severity:    important
References:  1199232,CVE-2022-1586
This update for pcre2 fixes the following issues:

- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released:    Tue Jul 12 12:05:01 2022
Summary:     Security update for pcre
Type:        security
Severity:    important
References:  1199232,CVE-2022-1586
This update for pcre fixes the following issues:

- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released:    Fri Jul 15 11:49:01 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:

- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)

This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2469-1
Released:    Thu Jul 21 04:38:31 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276
This update for systemd fixes the following issues:

- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these
  directories are read by both udevd and systemd-networkd (bsc#1201276)
- Allow control characters in environment variable values (bsc#1200170)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2493-1
Released:    Thu Jul 21 14:35:08 2022
Summary:     Recommended update for rpm-config-SUSE
Type:        recommended
Severity:    moderate
References:  1193282
This update for rpm-config-SUSE fixes the following issues:

- Add SBAT values macros for other packages (bsc#1193282)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released:    Thu Jul 21 15:16:42 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    important
References:  1200855,1201560,1201640
This update for glibc fixes the following issues:

- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2552-1
Released:    Tue Jul 26 14:55:40 2022
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:

Update to 2.9.14:

- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).

Update to version 2.9.13:

- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2566-1
Released:    Wed Jul 27 15:04:49 2022
Summary:     Security update for pcre2
Type:        security
Severity:    important
References:  1199235,CVE-2022-1587
This update for pcre2 fixes the following issues:

- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2632-1
Released:    Wed Aug  3 09:51:00 2022
Summary:     Security update for permissions
Type:        security
Severity:    important
References:  1198720,1200747,1201385
This update for permissions fixes the following issues:

* apptainer: fix starter-suid location (bsc#1198720)
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
* postfix: add postlog setgid for maildrop binary (bsc#1201385)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2647-1
Released:    Wed Aug  3 13:44:01 2022
Summary:     Security update for tiff
Type:        security
Severity:    low
References:  1201174,1201175,1201176,CVE-2022-2056,CVE-2022-2057,CVE-2022-2058
This update for tiff fixes the following issues:

- CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176).
- CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175).
- CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released:    Tue Aug  9 12:54:16 2022
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1198627,CVE-2022-29458
This update for ncurses fixes the following issues:

- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released:    Fri Aug 12 14:34:31 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  
This update for jitterentropy fixes the following issues:

jitterentropy is included in version 3.4.0 (jsc#SLE-24941):

This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, 
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released:    Fri Aug 26 03:34:23 2022
Summary:     Recommended update for elfutils
Type:        recommended
Severity:    moderate
References:  
This update for elfutils fixes the following issues:

- Fix runtime dependency for devel package

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released:    Fri Aug 26 05:28:34 2022
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1198341
This update for openldap2 fixes the following issues:

- Prevent memory reuse which may lead to instability (bsc#1198341)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released:    Fri Aug 26 15:17:02 2022
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1195059,1201795
This update for systemd fixes the following issues:

- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters 
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message  
- tmpfiles: Check for the correct directory

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released:    Mon Aug 29 11:21:47 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1202310
This update for timezone fixes the following issue:

- Reflect new Chile DST change (bsc#1202310)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released:    Wed Aug 31 09:16:21 2022
Summary:     Security update for zlib
Type:        security
Severity:    important
References:  1202175,CVE-2022-37434
This update for zlib fixes the following issues:

- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released:    Thu Sep  1 12:30:19 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1197178,1198731
This update for util-linux fixes the following issues:

- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released:    Fri Sep  2 10:44:54 2022
Summary:     Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type:        recommended
Severity:    moderate
References:  1198925

This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)

No codechanges were done in this update.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released:    Fri Sep  2 15:01:44 2022
Summary:     Security update for curl
Type:        security
Severity:    low
References:  1202593,CVE-2022-35252
This update for curl fixes the following issues:

- CVE-2022-35252: Fixed a potential injection of control characters
  into cookies, which could be exploited by sister sites to cause a
  denial of service (bsc#1202593).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released:    Wed Sep  7 04:36:10 2022
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1198752,1200800
This update for libtirpc fixes the following issues:

- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3215-1
Released:    Thu Sep  8 15:58:27 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    moderate
References:  
This update for rpm fixes the following issues:

- Support Ed25519 RPM signatures [jsc#SLE-24714]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3252-1
Released:    Mon Sep 12 09:07:53 2022
Summary:     Security update for freetype2
Type:        security
Severity:    moderate
References:  1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
This update for freetype2 fixes the following issues:

- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).

Non-security fixes:

- Updated to version 2.10.4

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released:    Tue Sep 13 15:34:29 2022
Summary:     Recommended update for gcc11
Type:        recommended
Severity:    moderate
References:  1199140

This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released:    Wed Sep 14 06:45:39 2022
Summary:     Security update for perl
Type:        security
Severity:    moderate
References:  1047178,CVE-2017-6512
This update for perl fixes the following issues:

- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released:    Mon Sep 19 11:45:57 2022
Summary:     Security update for libtirpc
Type:        security
Severity:    important
References:  1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:

- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released:    Wed Sep 21 12:48:56 2022
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1202870
This update for jitterentropy fixes the following issues:

- Hide the non-GNUC constructs that are library internal from the 
  exported header, to make it usable in builds with strict C99
  compliance. (bsc#1202870)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released:    Fri Sep 23 15:23:40 2022
Summary:     Security update for permissions
Type:        security
Severity:    moderate
References:  1203018,CVE-2022-31252
This update for permissions fixes the following issues:

- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3452-1
Released:    Wed Sep 28 12:13:43 2022
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1201942
This update for glibc fixes the following issues:

- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3489-1
Released:    Sat Oct  1 13:35:24 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1203438,CVE-2022-40674
This update for expat fixes the following issues:

- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3551-1
Released:    Fri Oct  7 17:03:55 2022
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1182983,1190700,1191020,1202117
This update for libgcrypt fixes the following issues:

- FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while
  typing Tab key to Auto-Completion. [bsc#1182983]

- FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]

  * Enable the jitter based entropy generator by default in random.conf
  * Update the internal jitterentropy to version 3.4.0

- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]

  * Consider approved keylength greater or equal to 112 bits.

- FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3555-1
Released:    Mon Oct 10 14:05:12 2022
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    important
References:  1199492
This update for aaa_base fixes the following issues:

- The wrapper rootsh is not a restricted shell. (bsc#1199492)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3663-1
Released:    Wed Oct 19 19:05:21 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069
This update for openssl-1_1 fixes the following issues:

- FIPS: Default to RFC-7919 groups for genparam and dhparam
- FIPS: list only FIPS approved digest and public key algorithms
  [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472]
- FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069]
- FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293]
  * The FIPS_drbg implementation is not FIPS validated anymore. To
    provide backwards compatibility for applications that need FIPS
    compliant RNG number generation and use FIPS_drbg_generate,
    this function was re-wired to call the FIPS validated DRBG
    instance instead through the RAND_bytes() call.
- FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046]
- FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941]
  libcrypto.so now requires libjitterentropy3 library.
- FIPS: OpenSSL Provide a service-level indicator [bsc#1190651]
- FIPS: Add zeroization of temporary variables to the hmac integrity
  function FIPSCHECK_verify(). [bsc#1190653]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3690-1
Released:    Fri Oct 21 15:06:45 2022
Summary:     Security update for tiff
Type:        security
Severity:    important
References:  1201723,1201971,1202026,1202466,1202467,1202468,1202968,1202971,1202973,CVE-2022-0561,CVE-2022-2519,CVE-2022-2520,CVE-2022-2521,CVE-2022-2867,CVE-2022-2868,CVE-2022-2869,CVE-2022-34266,CVE-2022-34526
This update for tiff fixes the following issues:

- CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968).
- CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973).
- CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971).
- CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466).
- CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467).
- CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468).
- CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3692-1
Released:    Fri Oct 21 16:15:07 2022
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1204366,1204367,CVE-2022-40303,CVE-2022-40304
This update for libxml2 fixes the following issues:

  - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
  - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3785-1
Released:    Wed Oct 26 20:20:19 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1204383,1204386,CVE-2022-32221,CVE-2022-42916
This update for curl fixes the following issues:

  - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
  - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3787-1
Released:    Thu Oct 27 04:41:09 2022
Summary:     Recommended update for permissions
Type:        recommended
Severity:    important
References:  1194047,1203911
This update for permissions fixes the following issues:

- Fix regression introduced by backport of security fix (bsc#1203911)
- Add permissions for enlightenment helper on 32bit arches (bsc#1194047)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3870-1
Released:    Fri Nov  4 11:12:08 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1190651,1202148
This update for openssl-1_1 fixes the following issues:

- FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148)
- FIPS: OpenSSL service-level indicator:  Allow AES XTS 256 (bsc#1190651)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3884-1
Released:    Mon Nov  7 10:59:26 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1204708,CVE-2022-43680
This update for expat fixes the following issues:

  - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3910-1
Released:    Tue Nov  8 13:05:04 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  
This update for pam fixes the following issue:

- Update pam_motd to the most current version. (PED-1712)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3961-1
Released:    Mon Nov 14 07:33:50 2022
Summary:     Recommended update for zlib
Type:        recommended
Severity:    important
References:  1203652
This update for zlib fixes the following issues:

- Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3974-1
Released:    Mon Nov 14 15:39:20 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1201959,1204211
This update for util-linux fixes the following issues:

- Fix file conflict during upgrade (bsc#1204211)
- libuuid improvements (bsc#1201959, PED-1150):
  libuuid: Fix range when parsing UUIDs.
  Improve cache handling for short running applications-increment the cache size over runtime.
  Implement continuous clock handling for time based UUIDs.
  Check clock value from clock file to provide seamless libuuid.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3986-1
Released:    Tue Nov 15 12:57:41 2022
Summary:     Security update for libX11
Type:        security
Severity:    moderate
References:  1204422,1204425,CVE-2022-3554,CVE-2022-3555
This update for libX11 fixes the following issues:

  - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422).
  - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3999-1
Released:    Tue Nov 15 17:08:04 2022
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1204179,1204968,CVE-2022-3821
This update for systemd fixes the following issues:

- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).

- Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428
  * 0469b9f2bc pstore: do not try to load all known pstore modules
  * ad05f54439 pstore: Run after modules are loaded
  * ccad817445 core: Add trigger limit for path units
  * 281d818fe3 core/mount: also add default before dependency for automount mount units
  * ffe5b4afa8 logind: fix crash in logind on user-specified message string

- Document udev naming scheme (bsc#1204179)
- Make 'sle15-sp3' net naming scheme still available for backward compatibility
  reason

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4066-1
Released:    Fri Nov 18 10:43:00 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1177460,1202324,1204649,1205156
This update for timezone fixes the following issues:

Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):

- Mexico will no longer observe DST except near the US border
- Chihuahua moves to year-round -06 on 2022-10-30
- Fiji no longer observes DST
- In vanguard form, GMT is now a Zone and Etc/GMT a link
- zic now supports links to links, and vanguard form uses this
- Simplify four Ontario zones
- Fix a Y2438 bug when reading TZif data
- Enable 64-bit time_t on 32-bit glibc platforms
- Omit large-file support when no longer needed
- Jordan and Syria switch from +02/+03 with DST to year-round +03
- Palestine transitions are now Saturdays at 02:00
- Simplify three Ukraine zones into one
- Improve tzselect on intercontinental Zones
- Chile's DST is delayed by a week in September 2022 (bsc#1202324)
- Iran no longer observes DST after 2022
- Rename Europe/Kiev to Europe/Kyiv
- New `zic -R` command option
- Vanguard form now uses %z

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4135-1
Released:    Mon Nov 21 00:13:40 2022
Summary:     Recommended update for libeconf
Type:        recommended
Severity:    moderate
References:  1198165
This update for libeconf fixes the following issues:

- Update to version 0.4.6+git
  - econftool:
    Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter.
  - libeconf:
    Parse files correctly on space characters (1198165)

- Update to version 0.4.5+git
  - econftool:
    New call 'syntax' for checking the configuration files only. Returns an error string with line number if error.
    New options '--comment' and '--delimeters'

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4153-1
Released:    Mon Nov 21 14:34:09 2022
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1205126,CVE-2022-42898
This update for krb5 fixes the following issues:

- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4198-1
Released:    Wed Nov 23 13:15:04 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    moderate
References:  1202750
This update for rpm fixes the following issues:

- Strip critical bit in signature subpackage parsing
- No longer deadlock DNF after pubkey import (bsc#1202750)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4212-1
Released:    Thu Nov 24 15:53:48 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1190651
This update for openssl-1_1 fixes the following issues:

- FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651)
- FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651)
- FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4256-1
Released:    Mon Nov 28 12:36:32 2022
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.

The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

	https://gcc.gnu.org/gcc-12/changes.html


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4259-1
Released:    Mon Nov 28 15:42:54 2022
Summary:     Security update for tiff
Type:        security
Severity:    important
References:  1204641,1204643,1204644,1204645,1205392,CVE-2022-3597,CVE-2022-3599,CVE-2022-3626,CVE-2022-3627,CVE-2022-3970
This update for tiff fixes the following issues:

- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).
- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).
- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)
- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).
- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4411-1
Released:    Tue Dec 13 04:21:08 2022
Summary:     Security update for tiff
Type:        security
Severity:    important
References:  1204642,1205422,CVE-2022-3570,CVE-2022-3598
This update for tiff fixes the following issues:

- CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422).
- CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4597-1
Released:    Wed Dec 21 10:13:11 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1206308,1206309,CVE-2022-43551,CVE-2022-43552
This update for curl fixes the following issues:

- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4629-1
Released:    Wed Dec 28 09:24:07 2022
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1200723,1205000,CVE-2022-4415
This update for systemd fixes the following issues:

- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).

Bug fixes:

- Support by-path devlink for multipath nvme block devices (bsc#1200723).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:25-1
Released:    Thu Jan  5 09:51:41 2023
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

Version update from 2022f to 2022g (bsc#1177460):

- In the Mexican state of Chihuahua:
  * The border strip near the US will change to agree with nearby US locations on 2022-11-30.
  * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules,
    like El Paso, TX.
  * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX.
  * A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
- Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving
  time becomes standard time.
- Changes for pre-1996 northern Canada
- Update to past DST transition in Colombia (1993), Singapore (1981)
- 'timegm' is now supported by default

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:45-1
Released:    Mon Jan  9 10:32:26 2023
Summary:     Recommended update for libxml2
Type:        recommended
Severity:    moderate
References:  1204585
This update for libxml2 fixes the following issues:

- Add W3C conformance tests to the testsuite (bsc#1204585):
  * Added file xmlts20080827.tar.gz 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:48-1
Released:    Mon Jan  9 10:37:54 2023
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1199467
This update for libtirpc fixes the following issues:

- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:50-1
Released:    Mon Jan  9 10:42:21 2023
Summary:     Recommended update for shadow
Type:        recommended
Severity:    moderate
References:  1205502
This update for shadow fixes the following issues:

- Fix issue with user id field that cannot be interpreted (bsc#1205502)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:171-1
Released:    Thu Jan 26 18:31:58 2023
Summary:     Security update for libXpm
Type:        security
Severity:    important
References:  1207029,1207030,1207031,CVE-2022-44617,CVE-2022-46285,CVE-2022-4883
This update for libXpm fixes the following issues:

- CVE-2022-46285: Fixed an infinite loop that could be triggered
  when reading a XPM image with a C-style comment that is never
  closed (bsc#1207029).
- CVE-2022-44617: Fixed an excessive resource consumption that could
  be triggered when reading small crafted XPM image (bsc#1207030).
- CVE-2022-4883: Fixed an issue that made decompression commands
  susceptible to PATH environment variable manipulation attacks
  (bsc#1207031).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:177-1
Released:    Thu Jan 26 20:57:35 2023
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1194038,1205646
This update for util-linux fixes the following issues:

- Fix tests not passing when '@' character is in build path: 
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:178-1
Released:    Thu Jan 26 20:58:21 2023
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1207182
This update for openssl-1_1 fixes the following issues:

- FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:188-1
Released:    Fri Jan 27 12:07:19 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    important
References:  1203652
This update for zlib fixes the following issues:

- Follow up fix for bug bsc#1203652 due to libxml2 issues

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:201-1
Released:    Fri Jan 27 15:24:15 2023
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1204944,1205000,1207264,CVE-2022-4415
This update for systemd fixes the following issues:

- CVE-2022-4415: Fixed an issue where users could access coredumps
  with changed uid, gid or capabilities (bsc#1205000).

Non-security fixes:

- Enabled the pstore service (jsc#PED-2663).
- Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944).
- Fixed an issue where a pamd file could get accidentally overwritten
  after an update (bsc#1207264).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:212-1
Released:    Mon Jan 30 17:26:44 2023
Summary:     Security update for nginx
Type:        security
Severity:    important
References:  1204526,1204527,CVE-2022-41741,CVE-2022-41742
This update for nginx fixes the following issues:

- CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204526) 
- CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204527) 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:311-1
Released:    Tue Feb  7 17:36:32 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286
This update for openssl-1_1 fixes the following issues:

- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).


The following package changes have been done:

- filesystem-15.0-11.8.1 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libtirpc-netconfig-1.2.6-150300.3.17.1 updated
- glibc-2.31-150300.41.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libssh-config-0.9.6-150400.1.5 updated
- libzstd1-1.5.0-150400.1.71 updated
- libsepol1-3.1-150400.1.70 updated
- liblz4-1-1.9.3-150400.1.7 updated
- libgpg-error0-1.42-150400.1.101 updated
- libcap2-2.63-150400.1.7 updated
- libbz2-1-1.0.8-150400.1.122 updated
- libaudit1-3.0.6-150400.2.13 updated
- libuuid1-2.37.2-150400.8.14.1 updated
- libsmartcols1-2.37.2-150400.8.14.1 updated
- libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated
- libcom_err2-1.46.4-150400.3.3.1 updated
- libblkid1-2.37.2-150400.8.14.1 updated
- libgcrypt20-1.9.4-150400.6.5.1 updated
- libgcrypt20-hmac-1.9.4-150400.6.5.1 updated
- libfdisk1-2.37.2-150400.8.14.1 updated
- libz1-1.2.11-150000.3.39.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libjitterentropy3-3.4.0-150000.1.6.1 added
- libgcc_s1-12.2.1+git416-150000.1.5.1 updated
- libstdc++6-12.2.1+git416-150000.1.5.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libxml2-2-2.9.14-150400.5.13.1 updated
- libsystemd0-249.14-150400.8.19.1 updated
- libopenssl1_1-1.1.1l-150400.7.22.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libselinux1-3.1-150400.1.69 updated
- libreadline7-7.0-150400.25.22 updated
- patterns-base-fips-20200124-150400.18.4 updated
- libsemanage1-3.1-150400.1.65 updated
- bash-4.4-150400.25.22 updated
- bash-sh-4.4-150400.25.22 updated
- cpio-2.13-150400.1.98 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libmount1-2.37.2-150400.8.14.1 updated
- krb5-1.19.2-150400.3.3.1 updated
- login_defs-4.8.1-150400.10.3.1 updated
- coreutils-8.32-150400.7.5 updated
- libssh4-0.9.6-150400.1.5 updated
- sles-release-15.4-150400.55.1 updated
- libtirpc3-1.2.6-150300.3.17.1 updated
- grep-3.1-150000.4.6.1 updated
- libcurl4-7.79.1-150400.5.12.1 updated
- rpm-config-SUSE-1-150400.14.3.1 updated
- permissions-20201225-150400.5.16.1 updated
- rpm-ndb-4.14.3-150300.52.1 updated
- pam-1.3.0-150000.6.61.1 updated
- shadow-4.8.1-150400.10.3.1 updated
- sysuser-shadow-3.1-150400.1.35 updated
- system-group-hardware-20170617-150400.22.33 updated
- util-linux-2.37.2-150400.8.14.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated
- timezone-2022g-150000.75.18.1 added
- libX11-data-1.6.5-150000.3.24.1 updated
- libexpat1-2.4.4-150400.3.12.1 updated
- libjpeg8-8.2.2-150400.15.9 updated
- libpcre2-8-0-10.39-150400.4.6.1 updated
- libxslt1-1.1.34-150400.1.7 updated
- libxcb1-1.13-150000.3.9.1 updated
- perl-5.26.1-150300.17.11.1 updated
- libtiff5-4.0.9-150000.45.22.1 updated
- libfreetype6-2.10.4-150000.4.12.1 updated
- libX11-6-1.6.5-150000.3.24.1 updated
- fontconfig-2.13.1-150400.1.4 updated
- libfontconfig1-2.13.1-150400.1.4 updated
- libXpm4-3.5.12-150000.3.7.2 updated
- nginx-1.21.5-150400.3.3.1 updated
- container:sles15-image-15.0.0-27.14.34 updated