SUSE: 2023:338-1 sles-15-sp4-chost-byos-v20230606-arm64 Security Update
Summary
Advisory ID: SUSE-feature-2023:2192-1 Released: Fri May 12 12:49:02 2023 Summary: Feature update for python311, python311-pip, python311-setuptools Type: feature Severity: moderate Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2245-1 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2254-1 Released: Fri May 19 15:20:23 2023 Summary: Security update for containerd Type: security Severity: important Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important Advisory ID: SUSE-RU-2023:2276-1 Released: Wed May 24 07:54:42 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2279-1 Released: Wed May 24 07:57:53 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2341-1 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-SU-2023:2347-1 Released: Thu Jun 1 14:33:10 2023 Summary: Security update for cups Type: security Severity: important Advisory ID: SUSE-RU-2023:2355-1 Released: Fri Jun 2 12:48:25 2023 Summary: Recommended update for librelp Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2363-1 Released: Mon Jun 5 09:21:36 2023 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2366-1 Released: Mon Jun 5 09:23:08 2023 Summary: Recommended update for xen Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:2430-1 Released: Tue Jun 6 22:55:28 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: critical
References
References : 1027519 1127591 1186870 1195633 1199282 1200441 1203141 1204478
1204563 1207410 1208329 1208581 1209094 1209131 1209140 1209237
1209245 1209406 1209550 1209669 1209905 1210089 1210105 1210164
1210298 1210593 1210640 1210649 1210702 1210870 1211144 1211230
1211231 1211232 1211233 1211430 1211604 1211605 1211606 1211607
1211643 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321
CVE-2023-28322 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067
CVE-2023-32324
This release of python311, python311-pip, python311-setuptools adds the following feature:
- Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634)
1186870,1199282
This update for python-packaging fixes the following issues:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Add patch to fix testsuite on big-endian targets
- Ignore python3.6.2 since the test doesn't support it.
- update to 21.3:
* Add a pp3-none-any tag
* Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
* Fix a spelling mistake
- update to 21.2:
* Update documentation entry for 21.1.
* Update pin to pyparsing to exclude 3.0.0.
* PEP 656: musllinux support
* Drop support for Python 2.7, Python 3.4 and Python 3.5
* Replace distutils usage with sysconfig
* Add support for zip files
* Use cached hash attribute to short-circuit tag equality comparisons
* Specify the default value for the 'specifier' argument to 'SpecifierSet'
* Proper keyword-only 'warn' argument in packaging.tags
* Correctly remove prerelease suffixes from ~= check
* Fix type hints for 'Version.post' and 'Version.dev'
* Use typing alias 'UnparsedVersion'
* Improve type inference
* Tighten the return typeo
- Add Provides: for python*dist(packaging). (bsc#1186870)
- add no-legacyversion-warning.patch to restore compatibility with 20.4
- update to 20.9:
* Add support for the ``macosx_10_*_universal2`` platform tags
* Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``
- update to 20.8:
* Revert back to setuptools for compatibility purposes for some Linux distros
* Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits
* Fix flit configuration, to include LICENSE files
* Make `intel` a recognized CPU architecture for the `universal` macOS platform tag
* Add some missing type hints to `packaging.requirements`
* Officially support Python 3.9
* Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes
* Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string.
- update to 20.4:
* Canonicalize version before comparing specifiers.
* Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``.
This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names.
1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322
This update for curl adds the following feature:
Update to version 8.0.1 (jsc#PED-2580)
- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).
1211144
This update for vim fixes the following issues:
* Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144)
1203141,1207410
This update for systemd fixes the following issues:
- udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
- Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141)
- Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626)
1127591,1195633,1208329,1209406,1210870
This update for libzypp, zypper fixes the following issues:
- Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633)
- multicurl: propagate ssl settings stored in repo url (bsc#1127591)
- MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870)
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329)
- Teach MediaNetwork to retry on HTTP2 errors.
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority
1210298
This update for containerd fixes the following issues:
- Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298)
1200441
This update of runc fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
1204563,1208581
This update for grub2 fixes the following issues:
- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)
- Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581)
1204478,1210640
This update for dracut fixes the following issues:
- Update to version 055+suse.342.g2e6dce8e:
fips=1 and separate /boot break s390x (bsc#1204478):
* fix(fips): move fips-boot script to pre-pivot
* fix(fips): only unmount /boot if it was mounted by the fips module
* feat(fips): add progress messages
* fix(fips): do not blindly remove /boot
* fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640)
1210702
This update for kbd fixes the following issue:
- Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702)
1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067
This update for c-ares fixes the following issues:
Update to version 1.19.1:
- CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604)
- CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605)
- CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606)
- CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607)
- Fix uninitialized memory warning in test
- ares_getaddrinfo() should allow a port of 0
- Fix memory leak in ares_send() on error
- Fix comment style in ares_data.h
- Fix typo in ares_init_options.3
- Sync ax_pthread.m4 with upstream
- Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
1210164
This update for util-linux fixes the following issue:
- Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164)
1210593
This update for zlib fixes the following issue:
- Fix function calling order to avoid crashes (bsc#1210593)
1209094,1209140
This update for libsigc++2 fixes the following issues:
- Remove executable permission for file (bsc#1209094, bsc#1209140)
1211430,CVE-2023-2650
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
1211643,CVE-2023-32324
This update for cups fixes the following issues:
- CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643).
1210649
This update for librelp fixes the following issues:
- update to librelp 1.11.0 (bsc#1210649)
1209131,1209550,1209669,1209905,1210089,1210105
This update for libnvme, nvme-cli fixes the following issues:
- Fix GC in Python binding (bsc#1209905 bsc#1209131)
- Fix crash when printing json output for supported log pages (bsc#1209550)
- Add coverity reported fixes (bsc#1209669)
- Update host_traddr when using config.json file (bsc#1210089)
- Fix compiler warning (git-fixes)
- Fix condition in autoconnect service (bsc#1210105)
- Set version-tag so that version are correctly reported
1027519,1209237,1209245
This update for xen fixes the following issues:
- Added debug-info to xen-syms (bsc#1209237)
- Update to Xen 4.16.4 bug fix release (bsc#1027519)
- Added upstream bug fixes (bsc#1027519)
- Fix host-assisted kexec/kdump for HVM domUs (bsc#1209245)
- Drop patches contained in new tarball and switch to upstream backports for some patches
This update for supportutils-plugin-suse-public-cloud fixes the following issues:
- This update will be delivered to SLE Micro. (SMO-219)
The following package changes have been done:
- containerd-ctr-1.6.19-150000.90.3 updated
- containerd-1.6.19-150000.90.3 updated
- cups-config-2.2.7-150000.3.43.1 updated
- curl-8.0.1-150400.5.23.1 updated
- dracut-055+suse.342.g2e6dce8e-150400.3.22.1 updated
- grub2-i386-pc-2.06-150400.11.33.1 updated
- grub2-x86_64-efi-2.06-150400.11.33.1 updated
- grub2-2.06-150400.11.33.1 updated
- kbd-legacy-2.4.0-150400.5.6.1 updated
- kbd-2.4.0-150400.5.6.1 updated
- libblkid1-2.37.2-150400.8.17.1 updated
- libcares2-1.19.1-150000.3.23.1 updated
- libcups2-2.2.7-150000.3.43.1 updated
- libcurl4-8.0.1-150400.5.23.1 updated
- libfdisk1-2.37.2-150400.8.17.1 updated
- libmount1-2.37.2-150400.8.17.1 updated
- libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1 updated
- libopenssl1_1-1.1.1l-150400.7.37.1 updated
- librelp0-1.11.0-150000.3.3.1 updated
- libsigc-2_0-0-2.10.7-150400.3.3.1 updated
- libsmartcols1-2.37.2-150400.8.17.1 updated
- libsolv-tools-0.7.24-150400.3.6.4 updated
- libsystemd0-249.16-150400.8.28.3 updated
- libudev1-249.16-150400.8.28.3 updated
- libuuid1-2.37.2-150400.8.17.1 updated
- libz1-1.2.11-150000.3.45.1 updated
- libzypp-17.31.11-150400.3.25.2 updated
- nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1 updated
- openssl-1_1-1.1.1l-150400.7.37.1 updated
- python3-packaging-21.3-150200.3.3.1 updated
- python3-setuptools-44.1.1-150400.9.3.3 updated
- runc-1.1.5-150000.43.1 updated
- supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 updated
- systemd-sysvinit-249.16-150400.8.28.3 updated
- systemd-249.16-150400.8.28.3 updated
- udev-249.16-150400.8.28.3 updated
- util-linux-systemd-2.37.2-150400.8.17.1 updated
- util-linux-2.37.2-150400.8.17.1 updated
- vim-data-common-9.0.1443-150000.5.43.1 updated
- vim-9.0.1443-150000.5.43.1 updated
- xen-libs-4.16.4_02-150400.4.28.1 updated
- xxd-9.0.1443-150000.5.43.1 updated
- zypper-1.14.60-150400.3.21.2 updated