SUSE: 2023:500-1 ses/7.1/ceph/ceph Security Update | LinuxSecurity.com
SUSE Container Update Advisory: ses/7.1/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:500-1
Container Tags        : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.408 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific
Container Release     : 3.2.408
Severity              : critical
Type                  : security
References            : 1087072 1101820 1121365 1142579 1149792 1167864 1176785 1177083
                        1177460 1177460 1178676 1179465 1180995 1181961 1183533 1185597
                        1185712 1188374 1188607 1190818 1191473 1192439 1193929 1194038
                        1194530 1194783 1197255 1197592 1197998 1198237 1198472 1198523
                        1199074 1199467 1199856 1199944 1200723 1200901 1201959 1201978
                        1202324 1202627 1202750 1202812 1202816 1202966 1202967 1202969
                        1203046 1203125 1203201 1203216 1203246 1203652 1203652 1203669
                        1203681 1203857 1203911 1204111 1204112 1204113 1204137 1204145
                        1204179 1204211 1204256 1204364 1204366 1204367 1204383 1204423
                        1204577 1204649 1204690 1204708 1204968 1204986 1205000 1205126
                        1205156 1205244 1205646 1206212 1206212 1206309 1206337 1206412
                        1206579 1206622 1206667 1206738 1207082 1207533 1207534 1207536
                        1207538 1208443 CVE-2016-3709 CVE-2018-10903 CVE-2019-1010204
                        CVE-2019-18348 CVE-2020-10696 CVE-2020-10735 CVE-2020-25658 CVE-2020-8492
                        CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2021-3530 CVE-2021-3648
                        CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2021-46848 CVE-2022-1664
                        CVE-2022-1941 CVE-2022-23491 CVE-2022-24761 CVE-2022-27943 CVE-2022-2990
                        CVE-2022-3171 CVE-2022-32221 CVE-2022-37454 CVE-2022-38126 CVE-2022-38127
                        CVE-2022-3821 CVE-2022-38533 CVE-2022-40023 CVE-2022-40303 CVE-2022-40304
                        CVE-2022-40897 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898
                        CVE-2022-42969 CVE-2022-4304 CVE-2022-43552 CVE-2022-43680 CVE-2022-43995
                        CVE-2022-4415 CVE-2022-4450 CVE-2022-45061 CVE-2022-46908 CVE-2022-47629
                        CVE-2023-0215 CVE-2023-0286 CVE-2023-22809 
-----------------------------------------------------------------

The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3731-1
Released:    Tue Oct 25 17:10:20 2022
Summary:     Security update for python-waitress
Type:        security
Severity:    important
References:  1197255,CVE-2022-24761
This update for python-waitress fixes the following issues:

- CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197255)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3766-1
Released:    Wed Oct 26 11:38:01 2022
Summary:     Security update for buildah
Type:        security
Severity:    important
References:  1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990
This update for buildah fixes the following issues:

- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812

Buildah was updated to version 1.27.1:

* run: add container gid to additional groups

- Add fix for CVE-2022-2990 / bsc#1202812


Update to version 1.27.0:

* Don't try to call runLabelStdioPipes if spec.Linux is not set
* build: support filtering cache by duration using --cache-ttl
* build: support building from commit when using git repo as build context
* build: clean up git repos correctly when using subdirs
* integration tests: quote '?' in shell scripts
* test: manifest inspect should have OCIv1 annotation
* vendor: bump to c/[email protected]
* Failure to determine a file or directory should print an error
* refactor: remove unused CommitOptions from generateBuildOutput
* stage_executor: generate output for cases with no commit
* stage_executor, commit: output only if last stage in build
* Use errors.Is() instead of os.Is{Not,}Exist
* Minor test tweak for podman-remote compatibility
* Cirrus: Use the latest imgts container
* imagebuildah: complain about the right Dockerfile
* tests: don't try to wrap `nil` errors
* cmd/buildah.commitCmd: don't shadow 'err'
* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig
* Fix a copy/paste error message
* Fix a typo in an error message
* build,cache: support pulling/pushing cache layers to/from remote sources
* Update vendor of containers/(common, storage, image)
* Rename chroot/run.go to chroot/run_linux.go
* Don't bother telling codespell to skip files that don't exist
* Set user namespace defaults correctly for the library
* imagebuildah: optimize cache hits for COPY and ADD instructions
* Cirrus: Update VM images w/ updated bats
* docs, run: show SELinux label flag for cache and bind mounts
* imagebuildah, build: remove undefined concurrent writes
* bump github.com/opencontainers/runtime-tools
* Add FreeBSD support for 'buildah info'
* Vendor in latest containers/(storage, common, image)
* Add freebsd cross build targets
* Make the jail package build on 32bit platforms
* Cirrus: Ensure the build-push VM image is labeled
* GHA: Fix dynamic script filename
* Vendor in containers/(common, storage, image)
* Run codespell
* Remove import of github.com/pkg/errors
* Avoid using cgo in pkg/jail
* Rename footypes to fooTypes for naming consistency
* Move cleanupTempVolumes and cleanupRunMounts to run_common.go
* Make the various run mounts work for FreeBSD
* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go
* Move runSetupRunMounts to run_common.go
* Move cleanableDestinationListFromMounts to run_common.go
* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD
* Move setupMounts and runSetupBuiltinVolumes to run_common.go
* Tidy up - runMakeStdioPipe can't be shared with linux
* Move runAcceptTerminal to run_common.go
* Move stdio copying utilities to run_common.go
* Move runUsingRuntime and runCollectOutput to run_common.go
* Move fileCloser, waitForSync and contains to run_common.go
* Move checkAndOverrideIsolationOptions to run_common.go
* Move DefaultNamespaceOptions to run_common.go
* Move getNetworkInterface to run_common.go
* Move configureEnvironment to run_common.go
* Don't crash in configureUIDGID if Process.Capabilities is nil
* Move configureUIDGID to run_common.go
* Move runLookupPath to run_common.go
* Move setupTerminal to run_common.go
* Move etc file generation utilities to run_common.go
* Add run support for FreeBSD
* Add a simple FreeBSD jail library
* Add FreeBSD support to pkg/chrootuser
* Sync call signature for RunUsingChroot with chroot/run.go
* test: verify feature to resolve basename with args
* vendor: bump openshift/imagebuilder to [email protected]
* GHA: Remove required reserved-name use
* buildah: set XDG_RUNTIME_DIR before setting default runroot
* imagebuildah: honor build output even if build container is not commited
* chroot: honor DefaultErrnoRet
* [CI:DOCS] improve pull-policy documentation
* tests: retrofit test since --file does not supports dir
* Switch to golang native error wrapping
* BuildDockerfiles: error out if path to containerfile is a directory
* define.downloadToDirectory: fail early if bad HTTP response
* GHA: Allow re-use of Cirrus-Cron fail-mail workflow
* add: fail on bad http response instead of writing to container
* [CI:DOCS] Update buildahimage comment
* lint: inspectable is never nil
* vendor: c/common to [email protected]
* build: support OCI hooks for ephemeral build containers
* [CI:BUILD] Install latest buildah instead of compiling
* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]
* Make sure cpp is installed in buildah images
* demo: use unshare for rootless invocations
* buildah.spec.rpkg: initial addition
* build: fix test for subid 4
* build, userns: add support for --userns=auto
* Fix building upstream buildah image
* Remove redundant buildahimages-are-sane validation
* Docs: Update multi-arch buildah images readme
* Cirrus: Migrate multiarch build off github actions
* retrofit-tests: we skip unused stages so use stages
* stage_executor: dont rely on stage while looking for additional-context
* buildkit, multistage: skip computing unwanted stages
* More test cleanup
* copier: work around freebsd bug for 'mkdir /'
* Replace $BUILDAH_BINARY with buildah() function
* Fix up buildah images
* Make util and copier build on FreeBSD
* Vendor in latest github.com/sirupsen/logrus
* Makefile: allow building without .git
* run_unix: don't return an error from getNetworkInterface
* run_unix: return a valid DefaultNamespaceOptions
* Update vendor of containers/storage
* chroot: use ActKillThread instead of ActKill
* use resolvconf package from c/common/libnetwork
* update c/common to latest main
* copier: add `NoOverwriteNonDirDir` option
* Sort buildoptions and move cli/build functions to internal
* Fix TODO: de-spaghettify run mounts
* Move options parsing out of build.go and into pkg/cli
* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps
* build, multiarch: support splitting build logs for --platform
* [CI:BUILD] WIP Cleanup Image Dockerfiles
* cli remove stutter
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* Fix use generic/ambiguous DEBUG name
* Cirrus: use Ubuntu 22.04 LTS
* Fix codespell errors
* Remove util.StringInSlice because it is defined in containers/common
* buildah: add support for renaming a device in rootless setups
* squash: never use build cache when computing last step of last stage
* Update vendor of containers/(common, storage, image)
* buildkit: supports additionalBuildContext in builds via --build-context
* buildah source pull/push: show progress bar
* run: allow resuing secret twice in different RUN steps
* test helpers: default to being rootless-aware
* Add --cpp-flag flag to buildah build
* build: accept branch and subdirectory when context is git repo
* Vendor in latest containers/common
* vendor: update c/storage and c/image
* Fix gentoo install docs
* copier: move NSS load to new process
* Add test for prevention of reusing encrypted layers
* Make `buildah build --label foo` create an empty 'foo' label again


Update to version 1.26.4:

* build, multiarch: support splitting build logs for --platform
* copier: add `NoOverwriteNonDirDir` option
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* buildkit: supports additionalBuildContext in builds via --build-context
* Add --cpp-flag flag to buildah build

Update to version 1.26.3:

* define.downloadToDirectory: fail early if bad HTTP response
* add: fail on bad http response instead of writing to container
* squash: never use build cache when computing last step of last stage
* run: allow resuing secret twice in different RUN steps
* integration tests: update expected error messages
* integration tests: quote '?' in shell scripts
* Use errors.Is() to check for storage errors
* lint: inspectable is never nil
* chroot: use ActKillThread instead of ActKill
* chroot: honor DefaultErrnoRet
* Set user namespace defaults correctly for the library
* contrib/rpm/buildah.spec: fix `rpm` parser warnings

Drop requires on apparmor pattern, should be moved elsewhere
for systems which want AppArmor instead of SELinux.

- Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file
  is required to build.

Update to version 1.26.2:

* buildah: add support for renaming a device in rootless setups

Update to version 1.26.1:

* Make `buildah build --label foo` create an empty 'foo' label again
* imagebuildah,build: move deepcopy of args before we spawn goroutine
* Vendor in containers/storage v1.40.2
* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated
* help output: get more consistent about option usage text
* Handle OS version and features flags
* buildah build: --annotation and --label should remove values
* buildah build: add a --env
* buildah: deep copy options.Args before performing concurrent build/stage
* test: inline platform and builtinargs behaviour
* vendor: bump imagebuilder to master/009dbc6
* build: automatically set correct TARGETPLATFORM where expected
* Vendor in containers/(common, storage, image)
* imagebuildah, executor: process arg variables while populating baseMap
* buildkit: add support for custom build output with --output
* Cirrus: Update CI VMs to F36
* fix staticcheck linter warning for deprecated function
* Fix docs build on FreeBSD
* copier.unwrapError(): update for Go 1.16
* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit
* copier.Put(): write to read-only directories
* Ed's periodic test cleanup
* using consistent lowercase 'invalid' word in returned err msg
* use etchosts package from c/common
* run: set actual hostname in /etc/hostname to match docker parity
* Update vendor of containers/(common,storage,image)
* manifest-create: allow creating manifest list from local image
* Update vendor of storage,common,image
* Initialize network backend before first pull
* oci spec: change special mount points for namespaces
* tests/helpers.bash: assert handle corner cases correctly
* buildah: actually use containers.conf settings
* integration tests: learn to start a dummy registry
* Fix error check to work on Podman
* buildah build should accept at most one arg
* tests: reduce concurrency for flaky bud-multiple-platform-no-run
* vendor in latest containers/common,image,storage
* manifest-add: allow override arch,variant while adding image
* Remove a stray `\` from .containerenv
* Vendor in latest opencontainers/selinux v1.10.1
* build, commit: allow removing default identity labels
* Create shorter names for containers based on image IDs
* test: skip rootless on cgroupv2 in root env
* fix hang when oci runtime fails
* Set permissions for GitHub actions
* copier test: use correct UID/GID in test archives
* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3773-1
Released:    Wed Oct 26 12:19:29 2022
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1204383,CVE-2022-32221
This update for curl fixes the following issues:

  - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3776-1
Released:    Wed Oct 26 14:06:43 2022
Summary:     Recommended update for permissions
Type:        recommended
Severity:    important
References:  1203911,1204137
This update for permissions fixes the following issues:

- Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't
  properly support ICMP_PROTO sockets feature yet (bsc#1204137)
- Fix regression introduced by backport of security fix (bsc#1203911)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3784-1
Released:    Wed Oct 26 18:03:28 2022
Summary:     Security update for libtasn1
Type:        security
Severity:    critical
References:  1204690,CVE-2021-46848
This update for libtasn1 fixes the following issues:

- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3805-1
Released:    Thu Oct 27 17:19:46 2022
Summary:     Security update for dbus-1
Type:        security
Severity:    important
References:  1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012
This update for dbus-1 fixes the following issues:

  - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
  - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
  - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).

  Bugfixes:

  - Disable asserts (bsc#1087072).


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3871-1
Released:    Fri Nov  4 13:26:29 2022
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304
This update for libxml2 fixes the following issues:

  - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978).
  - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
  - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3901-1
Released:    Tue Nov  8 10:50:06 2022
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1180995,1203046
This update for openssl-1_1 fixes the following issues:

- Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995)
- Fix memory leaks (bsc#1203046)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3904-1
Released:    Tue Nov  8 10:52:13 2022
Summary:     Recommended update for openssh
Type:        recommended
Severity:    moderate
References:  1192439
This update for openssh fixes the following issue:

- Prevent empty messages from being sent. (bsc#1192439)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3910-1
Released:    Tue Nov  8 13:05:04 2022
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  
This update for pam fixes the following issue:

- Update pam_motd to the most current version. (PED-1712)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3912-1
Released:    Tue Nov  8 13:38:11 2022
Summary:     Security update for expat
Type:        security
Severity:    important
References:  1204708,CVE-2022-43680
This update for expat fixes the following issues:

  - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3922-1
Released:    Wed Nov  9 09:03:33 2022
Summary:     Security update for protobuf
Type:        security
Severity:    important
References:  1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171
This update for protobuf fixes the following issues:

- CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530).
- CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681)
- CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3932-1
Released:    Thu Nov 10 11:55:12 2022
Summary:     Security update for python-rsa
Type:        security
Severity:    moderate
References:  1178676,CVE-2020-25658
This update for python-rsa fixes the following issues:

  - CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3961-1
Released:    Mon Nov 14 07:33:50 2022
Summary:     Recommended update for zlib
Type:        recommended
Severity:    important
References:  1203652
This update for zlib fixes the following issues:

- Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3973-1
Released:    Mon Nov 14 15:38:25 2022
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1201959,1204211
This update for util-linux fixes the following issues:

- Fix file conflict during upgrade (bsc#1204211)
- libuuid improvements (bsc#1201959, PED-1150):
  libuuid: Fix range when parsing UUIDs.
  Improve cache handling for short running applications-increment the cache size over runtime.
  Implement continuous clock handling for time based UUIDs.
  Check clock value from clock file to provide seamless libuuid.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3979-1
Released:    Tue Nov 15 11:05:22 2022
Summary:     Security update for python-Mako
Type:        security
Severity:    moderate
References:  1203246,CVE-2022-40023
This update for python-Mako fixes the following issues:

  - CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246).


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3985-1
Released:    Tue Nov 15 12:54:11 2022
Summary:     
	  Recommended update for python-apipkg
  
Type:        recommended
Severity:    moderate
References:  1204145

	  This update fixes for python3-apipkg the following issues:
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4020-1
Released:    Wed Nov 16 15:45:13 2022
Summary:     Recommended update for nfs-utils
Type:        recommended
Severity:    moderate
References:  1199856,1202627
This update for nfs-utils fixes the following issues:

- Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627)
- Ensure sysctl setting work (bsc#1199856)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4044-1
Released:    Thu Nov 17 09:07:24 2022
Summary:     Security update for python-cryptography, python-cryptography-vectors
Type:        security
Severity:    important
References:  1101820,1149792,1176785,1177083,CVE-2018-10903
This update for python-cryptography, python-cryptography-vectors fixes the following issues:

- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Refresh patches for new version
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.9.2
  * 2.9.2 - 2020-04-22
    - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
  * 2.9.1 - 2020-04-21
    - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
  * 2.9 - 2020-04-02
    - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
      low usage and maintenance burden.
    - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
      Users on older version of OpenSSL will need to upgrade.
    - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
    - Removed support for calling public_bytes() with no arguments, as per 
      our deprecation policy. You must now pass encoding and format.
    - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
      returns the RDNs as required by RFC 4514.
    - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
    - Added support for parsing single_extensions in an OCSP response.
    - NameAttribute values can now be empty strings.

- Add openSSL_111d.patch to make this version of the package
  compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.

- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
  finalize_with_tag API
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.9.2:
  * updated vectors for the cryptography 2.9.2 testing

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4056-1
Released:    Thu Nov 17 15:38:08 2022
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1204179,1204968,CVE-2022-3821
This update for systemd fixes the following issues:

- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).

- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
  * 8a70235d8a core: Add trigger limit for path units
  * 93e544f3a0 core/mount: also add default before dependency for automount mount units
  * 5916a7748c logind: fix crash in logind on user-specified message string

- Document udev naming scheme (bsc#1204179).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4066-1
Released:    Fri Nov 18 10:43:00 2022
Summary:     Recommended update for timezone
Type:        recommended
Severity:    important
References:  1177460,1202324,1204649,1205156
This update for timezone fixes the following issues:

Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):

- Mexico will no longer observe DST except near the US border
- Chihuahua moves to year-round -06 on 2022-10-30
- Fiji no longer observes DST
- In vanguard form, GMT is now a Zone and Etc/GMT a link
- zic now supports links to links, and vanguard form uses this
- Simplify four Ontario zones
- Fix a Y2438 bug when reading TZif data
- Enable 64-bit time_t on 32-bit glibc platforms
- Omit large-file support when no longer needed
- Jordan and Syria switch from +02/+03 with DST to year-round +03
- Palestine transitions are now Saturdays at 02:00
- Simplify three Ukraine zones into one
- Improve tzselect on intercontinental Zones
- Chile's DST is delayed by a week in September 2022 (bsc#1202324)
- Iran no longer observes DST after 2022
- Rename Europe/Kiev to Europe/Kyiv
- New `zic -R` command option
- Vanguard form now uses %z

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4077-1
Released:    Fri Nov 18 15:05:28 2022
Summary:     Security update for sudo
Type:        security
Severity:    important
References:  1190818,1203201,1204986,CVE-2022-43995
This update for sudo fixes the following issues:

- CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986).

- Fix wrong information output in the error message (bsc#1190818).
- Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4081-1
Released:    Fri Nov 18 15:40:46 2022
Summary:     Security update for dpkg
Type:        security
Severity:    low
References:  1199944,CVE-2022-1664
This update for dpkg fixes the following issues:

- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4146-1
Released:    Mon Nov 21 09:56:12 2022
Summary:     Security update for binutils
Type:        security
Severity:    moderate
References:  1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533
This update for binutils fixes the following issues:

The following security bugs were fixed:

- CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579).
- CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597).
- CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374).
- CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969).
- CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929).
- CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783).
- CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592).
- CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966).
- CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967).
- CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816).


The following non-security bugs were fixed:
  
- SLE toolchain update of binutils, update to 2.39 from 2.37.
- Update to 2.39:  
  * The ELF linker will now generate a warning message if the stack is made
    executable.  Similarly it will warn if the output binary contains a
    segment with all three of the read, write and execute permission
    bits set.  These warnings are intended to help developers identify
    programs which might be vulnerable to attack via these executable
    memory regions.
    The warnings are enabled by default but can be disabled via a command
    line option.  It is also possible to build a linker with the warnings
    disabled, should that be necessary.
  * The ELF linker now supports a --package-metadata option that allows
    embedding a JSON payload in accordance to the Package Metadata
    specification. 
  * In linker scripts it is now possible to use TYPE= in an output
    section description to set the section type value.
  * The objdump program now supports coloured/colored syntax
    highlighting of its disassembler output for some architectures.
    (Currently: AVR, RiscV, s390, x86, x86_64).
  * The nm program now supports a --no-weak/-W option to make it ignore
    weak symbols.
  * The readelf and objdump programs now support a -wE option to prevent
    them from attempting to access debuginfod servers when following
    links.
  * The objcopy program's --weaken, --weaken-symbol, and
    --weaken-symbols options now works with unique symbols as well.

- Update to 2.38:
  * elfedit: Add --output-abiversion option to update ABIVERSION.
  * Add support for the LoongArch instruction set.
  * Tools which display symbols or strings (readelf, strings, nm, objdump)
    have a new command line option which controls how unicode characters are
    handled.  By default they are treated as normal for the tool.  Using
    --unicode=locale will display them according to the current locale.
    Using --unicode=hex will display them as hex byte values, whilst
    --unicode=escape will display them as escape sequences.  In addition
    using --unicode=highlight will display them as unicode escape sequences
    highlighted in red (if supported by the output device).
  * readelf -r dumps RELR relative relocations now.
  * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
    added to objcopy in order to enable UEFI development using binutils.
  * ar: Add --thin for creating thin archives. -T is a deprecated alias without
    diagnostics. In many ar implementations -T has a different meaning, as
    specified by X/Open System Interface.
  * Add support for AArch64 system registers that were missing in previous
    releases.
  * Add support for the LoongArch instruction set.
  * Add a command-line option, -muse-unaligned-vector-move, for x86 target
    to encode aligned vector move as unaligned vector move.
  * Add support for Cortex-R52+ for Arm.
  * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
  * Add support for Cortex-A710 for Arm.
  * Add support for Scalable Matrix Extension (SME) for AArch64.
  * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
    assembler what to when it encoutners multibyte characters in the input.  The
    default is to allow them.  Setting the option to 'warn' will generate a
    warning message whenever any multibyte character is encountered.  Using the
    option to 'warn-sym-only' will make the assembler generate a warning whenever a
    symbol is defined containing multibyte characters.  (References to undefined
    symbols will not generate warnings).
  * Outputs of .ds.x directive and .tfloat directive with hex input from
    x86 assembler have been reduced from 12 bytes to 10 bytes to match the
    output of .tfloat directive.
  * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
    'armv9.3-a' for -march in AArch64 GAS.
  * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
    'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
  * Add support for Intel AVX512_FP16 instructions.
  * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
    linker to pack relative relocations in the DT_RELR section.
  * Add support for the LoongArch architecture.
  * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
    linker to control canonical function pointers and copy relocation.
  * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
    bytes.
- Explicitly enable --enable-warn-execstack=yes and	--enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237).
- Add back fix for bsc#1191473, which got lost in the update to 2.38.
- Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712).
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4160-1
Released:    Tue Nov 22 10:10:37 2022
Summary:     Recommended update for nfsidmap
Type:        recommended
Severity:    moderate
References:  1200901
This update for nfsidmap fixes the following issues:

- Various bugfixes and improvemes from upstream In particular, fixed
  a crash that can happen when a 'static' mapping is configured.
  (bsc#1200901)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4198-1
Released:    Wed Nov 23 13:15:04 2022
Summary:     Recommended update for rpm
Type:        recommended
Severity:    moderate
References:  1202750
This update for rpm fixes the following issues:

- Strip critical bit in signature subpackage parsing
- No longer deadlock DNF after pubkey import (bsc#1202750)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4256-1
Released:    Mon Nov 28 12:36:32 2022
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.

The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

	https://gcc.gnu.org/gcc-12/changes.html


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4270-1
Released:    Tue Nov 29 13:20:45 2022
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1198523,1199074,1203216
This update for lvm2 fixes the following issues:

- Design changes to avoid kernel panic (bsc#1198523)
- Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074)
- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4281-1
Released:    Tue Nov 29 15:46:10 2022
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454
This update for python3 fixes the following issues:

- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)

The following non-security bug was fixed:

- Fixed a crash in the garbage collection (bsc#1188607).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4391-1
Released:    Fri Dec  9 08:02:23 2022
Summary:     Recommended update for libxslt
Type:        recommended
Severity:    low
References:  1203669
This update for libxslt fixes the following issues:

- Fix broken license symlink for libxslt-tools (bsc#1203669)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4470-1
Released:    Wed Dec 14 06:05:48 2022
Summary:     Recommended update for sudo
Type:        recommended
Severity:    important
References:  1197998
This update for sudo fixes the following issues:

- Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update
  (bsc#1197998)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4499-1
Released:    Thu Dec 15 10:48:49 2022
Summary:     Recommended update for openssh
Type:        recommended
Severity:    moderate
References:  1179465
This update for openssh fixes the following issues:

- Make ssh connections update their dbus environment (bsc#1179465):
  * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4628-1
Released:    Wed Dec 28 09:23:13 2022
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1206337,CVE-2022-46908
This update for sqlite3 fixes the following issues:

- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, 
  when relying on --safe for execution of an untrusted CLI script (bsc#1206337).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4630-1
Released:    Wed Dec 28 09:25:18 2022
Summary:     Security update for systemd
Type:        security
Severity:    important
References:  1200723,1203857,1204423,1205000,CVE-2022-4415
This update for systemd fixes the following issues:

- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).

Bug fixes:

- Support by-path devlink for multipath nvme block devices (bsc#1200723).
- Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857).
- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4633-1
Released:    Wed Dec 28 09:32:15 2022
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1206309,CVE-2022-43552
This update for curl fixes the following issues:

- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:25-1
Released:    Thu Jan  5 09:51:41 2023
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  1177460
This update for timezone fixes the following issues:

Version update from 2022f to 2022g (bsc#1177460):

- In the Mexican state of Chihuahua:
  * The border strip near the US will change to agree with nearby US locations on 2022-11-30.
  * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules,
    like El Paso, TX.
  * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX.
  * A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
- Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving
  time becomes standard time.
- Changes for pre-1996 northern Canada
- Update to past DST transition in Colombia (1993), Singapore (1981)
- 'timegm' is now supported by default

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:37-1
Released:    Fri Jan  6 15:35:49 2023
Summary:     Security update for ca-certificates-mozilla
Type:        security
Severity:    important
References:  1206212,1206622
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
  Removed CAs:
  - Global Chambersign Root
  - EC-ACC
  - Network Solutions Certificate Authority
  - Staat der Nederlanden EV Root CA
  - SwissSign Platinum CA - G2
  Added CAs:
  - DIGITALSIGN GLOBAL ROOT ECDSA CA
  - DIGITALSIGN GLOBAL ROOT RSA CA
  - Security Communication ECC RootCA1
  - Security Communication RootCA3
  Changed trust:
  - TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
  and it is not clear how many certs were issued for SSL middleware by TrustCor:
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:48-1
Released:    Mon Jan  9 10:37:54 2023
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1199467
This update for libtirpc fixes the following issues:

- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:56-1
Released:    Mon Jan  9 11:13:43 2023
Summary:     Security update for libksba
Type:        security
Severity:    moderate
References:  1206579,CVE-2022-47629
This update for libksba fixes the following issues:

- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
  signature parser (bsc#1206579).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:115-1
Released:    Fri Jan 20 10:23:51 2023
Summary:     Security update for sudo
Type:        security
Severity:    important
References:  1207082,CVE-2023-22809
This update for sudo fixes the following issues:

- CVE-2023-22809: Fixed an arbitrary file write issue that could be
  exploited by users with sudoedit permissions (bsc#1207082).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:139-1
Released:    Wed Jan 25 14:41:55 2023
Summary:     Security update for python-certifi
Type:        security
Severity:    important
References:  1206212,CVE-2022-23491
This update for python-certifi fixes the following issues:

- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
  certs (bsc#1206212 CVE-2022-23491)
     - TrustCor RootCert CA-1
     - TrustCor RootCert CA-2
     - TrustCor ECA-1
- Add removeTrustCor.patch

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:157-1
Released:    Thu Jan 26 15:54:43 2023
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1194038,1205646
This update for util-linux fixes the following issues:

- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt
  does not exist.
- Fix tests not passing when '@' character is in build path: 
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:161-1
Released:    Thu Jan 26 18:23:16 2023
Summary:     Security update for python-py
Type:        security
Severity:    moderate
References:  1204364,CVE-2022-42969
This update for python-py fixes the following issues:

- CVE-2022-42969: Fixed an excessive resource consumption that could
  be triggered when interacting with a Subversion repository
  containing crated data (bsc#1204364).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:174-1
Released:    Thu Jan 26 20:52:38 2023
Summary:     Security update for glib2
Type:        security
Severity:    low
References:  1183533,CVE-2021-28153
This update for glib2 fixes the following issues:

- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:176-1
Released:    Thu Jan 26 20:56:20 2023
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1206738
This update for permissions fixes the following issues:

Update to version 20181225:

* Backport postfix permissions to SLE 15 SP2 (bsc#1206738)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:181-1
Released:    Thu Jan 26 21:55:43 2023
Summary:     Recommended update for procps
Type:        recommended
Severity:    low
References:  1206412
This update for procps fixes the following issues:

- Improve memory handling/usage (bsc#1206412) 
- Make sure that correct library version is installed (bsc#1206412)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:188-1
Released:    Fri Jan 27 12:07:19 2023
Summary:     Recommended update for zlib
Type:        recommended
Severity:    important
References:  1203652
This update for zlib fixes the following issues:

- Follow up fix for bug bsc#1203652 due to libxml2 issues

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:198-1
Released:    Fri Jan 27 14:26:54 2023
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1205126,CVE-2022-42898
This update for krb5 fixes the following issues:

- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:223-1
Released:    Wed Feb  1 09:36:03 2023
Summary:     Security update for python-setuptools
Type:        security
Severity:    moderate
References:  1206667,CVE-2022-40897
This update for python-setuptools fixes the following issues:

- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered
  by fetching a malicious HTML document (bsc#1206667).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:310-1
Released:    Tue Feb  7 17:35:34 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286
This update for openssl-1_1 fixes the following issues:

- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
- FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:549-1
Released:    Mon Feb 27 17:35:07 2023
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1205244,1208443,CVE-2022-45061
This update for python3 fixes the following issues:

  - CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244).

  Bugfixes:

  - Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443).



The following package changes have been done:

- binutils-2.39-150100.7.40.1 updated
- ca-certificates-mozilla-2.60-150200.27.1 updated
- dbus-1-1.12.2-150100.8.14.1 updated
- device-mapper-2.03.05_1.02.163-150200.8.49.1 updated
- glib2-tools-2.62.6-150200.3.10.1 updated
- krb5-1.19.2-150300.10.1 updated
- libblkid1-2.36.2-150300.4.32.1 updated
- libctf-nobfd0-2.39-150100.7.40.1 updated
- libctf0-2.39-150100.7.40.1 updated
- libcurl4-7.66.0-150200.4.45.1 updated
- libdbus-1-3-1.12.2-150100.8.14.1 updated
- libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 updated
- libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated
- libexpat1-2.2.5-150000.3.25.1 updated
- libfdisk1-2.36.2-150300.4.32.1 updated
- libgcc_s1-12.2.1+git416-150000.1.5.1 updated
- libgio-2_0-0-2.62.6-150200.3.10.1 updated
- libglib-2_0-0-2.62.6-150200.3.10.1 updated
- libgmodule-2_0-0-2.62.6-150200.3.10.1 updated
- libgobject-2_0-0-2.62.6-150200.3.10.1 updated
- libgpg-error0-1.42-150300.9.3.1 updated
- libksba8-1.3.5-150000.4.6.1 updated
- liblvm2cmd2_03-2.03.05-150200.8.49.1 updated
- libmount1-2.36.2-150300.4.32.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated
- libopenssl1_1-1.1.1d-150200.11.57.1 updated
- libprocps7-3.3.15-150000.7.28.1 updated
- libprotobuf-lite20-3.9.2-150200.4.19.2 updated
- libpython3_6m1_0-3.6.15-150300.10.40.1 updated
- libsmartcols1-2.36.2-150300.4.32.1 updated
- libsqlite3-0-3.39.3-150000.3.20.1 updated
- libstdc++6-12.2.1+git416-150000.1.5.1 updated
- libsystemd0-246.16-150300.7.57.1 updated
- libtasn1-6-4.13-150000.4.8.1 updated
- libtasn1-4.13-150000.4.8.1 updated
- libtirpc-netconfig-1.2.6-150300.3.17.1 updated
- libtirpc3-1.2.6-150300.3.17.1 updated
- libudev1-246.16-150300.7.57.1 updated
- libuuid1-2.36.2-150300.4.32.1 updated
- libxml2-2-2.9.7-150000.3.51.1 updated
- libxslt1-1.1.32-150000.3.11.1 updated
- libz1-1.2.11-150000.3.39.1 updated
- lvm2-2.03.05-150200.8.49.1 updated
- nfs-client-2.1.1-150100.10.27.1 updated
- nfs-kernel-server-2.1.1-150100.10.27.1 updated
- nfsidmap-0.26-150000.3.7.1 updated
- openssh-clients-8.4p1-150300.3.15.4 updated
- openssh-common-8.4p1-150300.3.15.4 updated
- openssh-fips-8.4p1-150300.3.15.4 updated
- openssh-server-8.4p1-150300.3.15.4 updated
- openssh-8.4p1-150300.3.15.4 updated
- openssl-1_1-1.1.1d-150200.11.57.1 updated
- pam-1.3.0-150000.6.61.1 updated
- permissions-20181225-150200.23.23.1 updated
- procps-3.3.15-150000.7.28.1 updated
- python3-Mako-1.0.7-150000.3.3.1 updated
- python3-apipkg-1.4-150000.3.4.1 updated
- python3-base-3.6.15-150300.10.40.1 updated
- python3-certifi-2018.1.18-150000.3.3.1 updated
- python3-cryptography-2.9.2-150200.13.1 updated
- python3-curses-3.6.15-150300.10.40.1 updated
- python3-iniconfig-1.1.1-150000.1.9.1 updated
- python3-py-1.10.0-150100.5.12.1 updated
- python3-rsa-3.4.2-150000.3.7.1 updated
- python3-setuptools-40.5.0-150100.6.6.1 updated
- python3-waitress-1.4.3-150000.3.6.1 updated
- python3-3.6.15-150300.10.40.1 updated
- rpm-ndb-4.14.3-150300.52.1 updated
- sudo-1.9.5p2-150300.3.19.1 updated
- systemd-246.16-150300.7.57.1 updated
- timezone-2022g-150000.75.18.1 updated
- udev-246.16-150300.7.57.1 updated
- update-alternatives-1.19.0.4-150000.4.4.1 updated
- util-linux-systemd-2.36.2-150300.4.32.1 updated
- util-linux-2.36.2-150300.4.32.1 updated
- container:sles15-image-15.0.0-17.20.107 updated

SUSE: 2023:500-1 ses/7.1/ceph/ceph Security Update

March 1, 2023
The container ses/7.1/ceph/ceph was updated

Summary

Advisory ID: SUSE-SU-2022:3731-1 Released: Tue Oct 25 17:10:20 2022 Summary: Security update for python-waitress Type: security Severity: important Advisory ID: SUSE-SU-2022:3766-1 Released: Wed Oct 26 11:38:01 2022 Summary: Security update for buildah Type: security Severity: important Advisory ID: SUSE-SU-2022:3773-1 Released: Wed Oct 26 12:19:29 2022 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-RU-2022:3776-1 Released: Wed Oct 26 14:06:43 2022 Summary: Recommended update for permissions Type: recommended Severity: important Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical Advisory ID: SUSE-SU-2022:3805-1 Released: Thu Oct 27 17:19:46 2022 Summary: Security update for dbus-1 Type: security Severity: important Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-RU-2022:3901-1 Released: Tue Nov 8 10:50:06 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3912-1 Released: Tue Nov 8 13:38:11 2022 Summary: Security update for expat Type: security Severity: important Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important Advisory ID: SUSE-SU-2022:3932-1 Released: Thu Nov 10 11:55:12 2022 Summary: Security update for python-rsa Type: security Severity: moderate Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important Advisory ID: SUSE-RU-2022:3973-1 Released: Mon Nov 14 15:38:25 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3979-1 Released: Tue Nov 15 11:05:22 2022 Summary: Security update for python-Mako Type: security Severity: moderate Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:4044-1 Released: Thu Nov 17 09:07:24 2022 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important Advisory ID: SUSE-SU-2022:4056-1 Released: Thu Nov 17 15:38:08 2022 Summary: Security update for systemd Type: security Severity: moderate Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important Advisory ID: SUSE-SU-2022:4077-1 Released: Fri Nov 18 15:05:28 2022 Summary: Security update for sudo Type: security Severity: important Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low Advisory ID: SUSE-SU-2022:4146-1 Released: Mon Nov 21 09:56:12 2022 Summary: Security update for binutils Type: security Severity: moderate Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important Advisory ID: SUSE-RU-2022:4391-1 Released: Fri Dec 9 08:02:23 2022 Summary: Recommended update for libxslt Type: recommended Severity: low Advisory ID: SUSE-RU-2022:4470-1 Released: Wed Dec 14 06:05:48 2022 Summary: Recommended update for sudo Type: recommended Severity: important Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate Advisory ID: SUSE-SU-2023:115-1 Released: Fri Jan 20 10:23:51 2023 Summary: Security update for sudo Type: security Severity: important Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important Advisory ID: SUSE-SU-2023:198-1 Released: Fri Jan 27 14:26:54 2023 Summary: Security update for krb5 Type: security Severity: important Advisory ID: SUSE-SU-2023:223-1 Released: Wed Feb 1 09:36:03 2023 Summary: Security update for python-setuptools Type: security Severity: moderate Advisory ID: SUSE-SU-2023:310-1 Released: Tue Feb 7 17:35:34 2023 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-SU-2023:549-1 Released: Mon Feb 27 17:35:07 2023 Summary: Security update for python3 Type: security Severity: moderate

References

References : 1087072 1101820 1121365 1142579 1149792 1167864 1176785 1177083

1177460 1177460 1178676 1179465 1180995 1181961 1183533 1185597

1185712 1188374 1188607 1190818 1191473 1192439 1193929 1194038

1194530 1194783 1197255 1197592 1197998 1198237 1198472 1198523

1199074 1199467 1199856 1199944 1200723 1200901 1201959 1201978

1202324 1202627 1202750 1202812 1202816 1202966 1202967 1202969

1203046 1203125 1203201 1203216 1203246 1203652 1203652 1203669

1203681 1203857 1203911 1204111 1204112 1204113 1204137 1204145

1204179 1204211 1204256 1204364 1204366 1204367 1204383 1204423

1204577 1204649 1204690 1204708 1204968 1204986 1205000 1205126

1205156 1205244 1205646 1206212 1206212 1206309 1206337 1206412

1206579 1206622 1206667 1206738 1207082 1207533 1207534 1207536

1207538 1208443 CVE-2016-3709 CVE-2018-10903 CVE-2019-1010204

CVE-2019-18348 CVE-2020-10696 CVE-2020-10735 CVE-2020-25658 CVE-2020-8492

CVE-2021-20206 CVE-2021-22569 CVE-2021-28153 CVE-2021-3530 CVE-2021-3648

CVE-2021-3826 CVE-2021-45078 CVE-2021-46195 CVE-2021-46848 CVE-2022-1664

CVE-2022-1941 CVE-2022-23491 CVE-2022-24761 CVE-2022-27943 CVE-2022-2990

CVE-2022-3171 CVE-2022-32221 CVE-2022-37454 CVE-2022-38126 CVE-2022-38127

CVE-2022-3821 CVE-2022-38533 CVE-2022-40023 CVE-2022-40303 CVE-2022-40304

CVE-2022-40897 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42898

CVE-2022-42969 CVE-2022-4304 CVE-2022-43552 CVE-2022-43680 CVE-2022-43995

CVE-2022-4415 CVE-2022-4450 CVE-2022-45061 CVE-2022-46908 CVE-2022-47629

CVE-2023-0215 CVE-2023-0286 CVE-2023-22809

1197255,CVE-2022-24761

This update for python-waitress fixes the following issues:

- CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling. (bsc#1197255)

1167864,1181961,1202812,CVE-2020-10696,CVE-2021-20206,CVE-2022-2990

This update for buildah fixes the following issues:

- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).

- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).

- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812

Buildah was updated to version 1.27.1:

* run: add container gid to additional groups

- Add fix for CVE-2022-2990 / bsc#1202812

Update to version 1.27.0:

* Don't try to call runLabelStdioPipes if spec.Linux is not set

* build: support filtering cache by duration using --cache-ttl

* build: support building from commit when using git repo as build context

* build: clean up git repos correctly when using subdirs

* integration tests: quote '?' in shell scripts

* test: manifest inspect should have OCIv1 annotation

* vendor: bump to c/[email protected]

* Failure to determine a file or directory should print an error

* refactor: remove unused CommitOptions from generateBuildOutput

* stage_executor: generate output for cases with no commit

* stage_executor, commit: output only if last stage in build

* Use errors.Is() instead of os.Is{Not,}Exist

* Minor test tweak for podman-remote compatibility

* Cirrus: Use the latest imgts container

* imagebuildah: complain about the right Dockerfile

* tests: don't try to wrap `nil` errors

* cmd/buildah.commitCmd: don't shadow 'err'

* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig

* Fix a copy/paste error message

* Fix a typo in an error message

* build,cache: support pulling/pushing cache layers to/from remote sources

* Update vendor of containers/(common, storage, image)

* Rename chroot/run.go to chroot/run_linux.go

* Don't bother telling codespell to skip files that don't exist

* Set user namespace defaults correctly for the library

* imagebuildah: optimize cache hits for COPY and ADD instructions

* Cirrus: Update VM images w/ updated bats

* docs, run: show SELinux label flag for cache and bind mounts

* imagebuildah, build: remove undefined concurrent writes

* bump github.com/opencontainers/runtime-tools

* Add FreeBSD support for 'buildah info'

* Vendor in latest containers/(storage, common, image)

* Add freebsd cross build targets

* Make the jail package build on 32bit platforms

* Cirrus: Ensure the build-push VM image is labeled

* GHA: Fix dynamic script filename

* Vendor in containers/(common, storage, image)

* Run codespell

* Remove import of github.com/pkg/errors

* Avoid using cgo in pkg/jail

* Rename footypes to fooTypes for naming consistency

* Move cleanupTempVolumes and cleanupRunMounts to run_common.go

* Make the various run mounts work for FreeBSD

* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go

* Move runSetupRunMounts to run_common.go

* Move cleanableDestinationListFromMounts to run_common.go

* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD

* Move setupMounts and runSetupBuiltinVolumes to run_common.go

* Tidy up - runMakeStdioPipe can't be shared with linux

* Move runAcceptTerminal to run_common.go

* Move stdio copying utilities to run_common.go

* Move runUsingRuntime and runCollectOutput to run_common.go

* Move fileCloser, waitForSync and contains to run_common.go

* Move checkAndOverrideIsolationOptions to run_common.go

* Move DefaultNamespaceOptions to run_common.go

* Move getNetworkInterface to run_common.go

* Move configureEnvironment to run_common.go

* Don't crash in configureUIDGID if Process.Capabilities is nil

* Move configureUIDGID to run_common.go

* Move runLookupPath to run_common.go

* Move setupTerminal to run_common.go

* Move etc file generation utilities to run_common.go

* Add run support for FreeBSD

* Add a simple FreeBSD jail library

* Add FreeBSD support to pkg/chrootuser

* Sync call signature for RunUsingChroot with chroot/run.go

* test: verify feature to resolve basename with args

* vendor: bump openshift/imagebuilder to [email protected]

* GHA: Remove required reserved-name use

* buildah: set XDG_RUNTIME_DIR before setting default runroot

* imagebuildah: honor build output even if build container is not commited

* chroot: honor DefaultErrnoRet

* [CI:DOCS] improve pull-policy documentation

* tests: retrofit test since --file does not supports dir

* Switch to golang native error wrapping

* BuildDockerfiles: error out if path to containerfile is a directory

* define.downloadToDirectory: fail early if bad HTTP response

* GHA: Allow re-use of Cirrus-Cron fail-mail workflow

* add: fail on bad http response instead of writing to container

* [CI:DOCS] Update buildahimage comment

* lint: inspectable is never nil

* vendor: c/common to [email protected]

* build: support OCI hooks for ephemeral build containers

* [CI:BUILD] Install latest buildah instead of compiling

* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]

* Make sure cpp is installed in buildah images

* demo: use unshare for rootless invocations

* buildah.spec.rpkg: initial addition

* build: fix test for subid 4

* build, userns: add support for --userns=auto

* Fix building upstream buildah image

* Remove redundant buildahimages-are-sane validation

* Docs: Update multi-arch buildah images readme

* Cirrus: Migrate multiarch build off github actions

* retrofit-tests: we skip unused stages so use stages

* stage_executor: dont rely on stage while looking for additional-context

* buildkit, multistage: skip computing unwanted stages

* More test cleanup

* copier: work around freebsd bug for 'mkdir /'

* Replace $BUILDAH_BINARY with buildah() function

* Fix up buildah images

* Make util and copier build on FreeBSD

* Vendor in latest github.com/sirupsen/logrus

* Makefile: allow building without .git

* run_unix: don't return an error from getNetworkInterface

* run_unix: return a valid DefaultNamespaceOptions

* Update vendor of containers/storage

* chroot: use ActKillThread instead of ActKill

* use resolvconf package from c/common/libnetwork

* update c/common to latest main

* copier: add `NoOverwriteNonDirDir` option

* Sort buildoptions and move cli/build functions to internal

* Fix TODO: de-spaghettify run mounts

* Move options parsing out of build.go and into pkg/cli

* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps

* build, multiarch: support splitting build logs for --platform

* [CI:BUILD] WIP Cleanup Image Dockerfiles

* cli remove stutter

* docker-parity: ignore sanity check if baseImage history is null

* build, commit: allow disabling image history with --omit-history

* Fix use generic/ambiguous DEBUG name

* Cirrus: use Ubuntu 22.04 LTS

* Fix codespell errors

* Remove util.StringInSlice because it is defined in containers/common

* buildah: add support for renaming a device in rootless setups

* squash: never use build cache when computing last step of last stage

* Update vendor of containers/(common, storage, image)

* buildkit: supports additionalBuildContext in builds via --build-context

* buildah source pull/push: show progress bar

* run: allow resuing secret twice in different RUN steps

* test helpers: default to being rootless-aware

* Add --cpp-flag flag to buildah build

* build: accept branch and subdirectory when context is git repo

* Vendor in latest containers/common

* vendor: update c/storage and c/image

* Fix gentoo install docs

* copier: move NSS load to new process

* Add test for prevention of reusing encrypted layers

* Make `buildah build --label foo` create an empty 'foo' label again

Update to version 1.26.4:

* build, multiarch: support splitting build logs for --platform

* copier: add `NoOverwriteNonDirDir` option

* docker-parity: ignore sanity check if baseImage history is null

* build, commit: allow disabling image history with --omit-history

* buildkit: supports additionalBuildContext in builds via --build-context

* Add --cpp-flag flag to buildah build

Update to version 1.26.3:

* define.downloadToDirectory: fail early if bad HTTP response

* add: fail on bad http response instead of writing to container

* squash: never use build cache when computing last step of last stage

* run: allow resuing secret twice in different RUN steps

* integration tests: update expected error messages

* integration tests: quote '?' in shell scripts

* Use errors.Is() to check for storage errors

* lint: inspectable is never nil

* chroot: use ActKillThread instead of ActKill

* chroot: honor DefaultErrnoRet

* Set user namespace defaults correctly for the library

* contrib/rpm/buildah.spec: fix `rpm` parser warnings

Drop requires on apparmor pattern, should be moved elsewhere

for systems which want AppArmor instead of SELinux.

- Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file

is required to build.

Update to version 1.26.2:

* buildah: add support for renaming a device in rootless setups

Update to version 1.26.1:

* Make `buildah build --label foo` create an empty 'foo' label again

* imagebuildah,build: move deepcopy of args before we spawn goroutine

* Vendor in containers/storage v1.40.2

* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated

* help output: get more consistent about option usage text

* Handle OS version and features flags

* buildah build: --annotation and --label should remove values

* buildah build: add a --env

* buildah: deep copy options.Args before performing concurrent build/stage

* test: inline platform and builtinargs behaviour

* vendor: bump imagebuilder to master/009dbc6

* build: automatically set correct TARGETPLATFORM where expected

* Vendor in containers/(common, storage, image)

* imagebuildah, executor: process arg variables while populating baseMap

* buildkit: add support for custom build output with --output

* Cirrus: Update CI VMs to F36

* fix staticcheck linter warning for deprecated function

* Fix docs build on FreeBSD

* copier.unwrapError(): update for Go 1.16

* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit

* copier.Put(): write to read-only directories

* Ed's periodic test cleanup

* using consistent lowercase 'invalid' word in returned err msg

* use etchosts package from c/common

* run: set actual hostname in /etc/hostname to match docker parity

* Update vendor of containers/(common,storage,image)

* manifest-create: allow creating manifest list from local image

* Update vendor of storage,common,image

* Initialize network backend before first pull

* oci spec: change special mount points for namespaces

* tests/helpers.bash: assert handle corner cases correctly

* buildah: actually use containers.conf settings

* integration tests: learn to start a dummy registry

* Fix error check to work on Podman

* buildah build should accept at most one arg

* tests: reduce concurrency for flaky bud-multiple-platform-no-run

* vendor in latest containers/common,image,storage

* manifest-add: allow override arch,variant while adding image

* Remove a stray `\` from .containerenv

* Vendor in latest opencontainers/selinux v1.10.1

* build, commit: allow removing default identity labels

* Create shorter names for containers based on image IDs

* test: skip rootless on cgroupv2 in root env

* fix hang when oci runtime fails

* Set permissions for GitHub actions

* copier test: use correct UID/GID in test archives

* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM

1204383,CVE-2022-32221

This update for curl fixes the following issues:

- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).

1203911,1204137

This update for permissions fixes the following issues:

- Revert changes that replaced ping capabilities with ICMP_PROTO sockets. Older SUSE Linux Enterprise versions don't

properly support ICMP_PROTO sockets feature yet (bsc#1204137)

- Fix regression introduced by backport of security fix (bsc#1203911)

1204690,CVE-2021-46848

This update for libtasn1 fixes the following issues:

- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)

1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012

This update for dbus-1 fixes the following issues:

- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).

- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).

- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).

Bugfixes:

- Disable asserts (bsc#1087072).

1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304

This update for libxml2 fixes the following issues:

- CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978).

- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).

- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).

1180995,1203046

This update for openssl-1_1 fixes the following issues:

- Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode (bsc#1180995)

- Fix memory leaks (bsc#1203046)

1192439

This update for openssh fixes the following issue:

- Prevent empty messages from being sent. (bsc#1192439)

This update for pam fixes the following issue:

- Update pam_motd to the most current version. (PED-1712)

1204708,CVE-2022-43680

This update for expat fixes the following issues:

- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).

1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171

This update for protobuf fixes the following issues:

- CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530).

- CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681)

- CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256)

1178676,CVE-2020-25658

This update for python-rsa fixes the following issues:

- CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676).

1203652

This update for zlib fixes the following issues:

- Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652)

1201959,1204211

This update for util-linux fixes the following issues:

- Fix file conflict during upgrade (bsc#1204211)

- libuuid improvements (bsc#1201959, PED-1150):

libuuid: Fix range when parsing UUIDs.

Improve cache handling for short running applications-increment the cache size over runtime.

Implement continuous clock handling for time based UUIDs.

Check clock value from clock file to provide seamless libuuid.

1203246,CVE-2022-40023

This update for python-Mako fixes the following issues:

- CVE-2022-40023: Fixed regular expression Denial of Service when using the Lexer class to parse (bsc#1203246).

1204145

This update fixes for python3-apipkg the following issues:

1199856,1202627

This update for nfs-utils fixes the following issues:

- Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627)

- Ensure sysctl setting work (bsc#1199856)

1101820,1149792,1176785,1177083,CVE-2018-10903

This update for python-cryptography, python-cryptography-vectors fixes the following issues:

- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)

- Refresh patches for new version

- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)

- update to 2.9.2

* 2.9.2 - 2020-04-22

- Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.

* 2.9.1 - 2020-04-21

- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.

* 2.9 - 2020-04-02

- BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to

low usage and maintenance burden.

- BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.

Users on older version of OpenSSL will need to upgrade.

- BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.

- Removed support for calling public_bytes() with no arguments, as per

our deprecation policy. You must now pass encoding and format.

- BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()

returns the RDNs as required by RFC 4514.

- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.

- Added support for parsing single_extensions in an OCSP response.

- NameAttribute values can now be empty strings.

- Add openSSL_111d.patch to make this version of the package

compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.

- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in

finalize_with_tag API

- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)

- Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)

- update to 2.9.2:

* updated vectors for the cryptography 2.9.2 testing

1204179,1204968,CVE-2022-3821

This update for systemd fixes the following issues:

- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).

- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2

* 8a70235d8a core: Add trigger limit for path units

* 93e544f3a0 core/mount: also add default before dependency for automount mount units

* 5916a7748c logind: fix crash in logind on user-specified message string

- Document udev naming scheme (bsc#1204179).

1177460,1202324,1204649,1205156

This update for timezone fixes the following issues:

Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):

- Mexico will no longer observe DST except near the US border

- Chihuahua moves to year-round -06 on 2022-10-30

- Fiji no longer observes DST

- In vanguard form, GMT is now a Zone and Etc/GMT a link

- zic now supports links to links, and vanguard form uses this

- Simplify four Ontario zones

- Fix a Y2438 bug when reading TZif data

- Enable 64-bit time_t on 32-bit glibc platforms

- Omit large-file support when no longer needed

- Jordan and Syria switch from +02/+03 with DST to year-round +03

- Palestine transitions are now Saturdays at 02:00

- Simplify three Ukraine zones into one

- Improve tzselect on intercontinental Zones

- Chile's DST is delayed by a week in September 2022 (bsc#1202324)

- Iran no longer observes DST after 2022

- Rename Europe/Kiev to Europe/Kyiv

- New `zic -R` command option

- Vanguard form now uses %z

1190818,1203201,1204986,CVE-2022-43995

This update for sudo fixes the following issues:

- CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986).

- Fix wrong information output in the error message (bsc#1190818).

- Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).

1199944,CVE-2022-1664

This update for dpkg fixes the following issues:

- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).

1142579,1185597,1185712,1188374,1191473,1193929,1194783,1197592,1198237,1202816,1202966,1202967,1202969,CVE-2019-1010204,CVE-2021-3530,CVE-2021-3648,CVE-2021-3826,CVE-2021-45078,CVE-2021-46195,CVE-2022-27943,CVE-2022-38126,CVE-2022-38127,CVE-2022-38533

This update for binutils fixes the following issues:

The following security bugs were fixed:

- CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcpp_file.h (bsc#1142579).

- CVE-2021-3530: Fixed stack-based buffer overflow in demangle_path() in rust-demangle.c (bsc#1185597).

- CVE-2021-3648: Fixed infinite loop while demangling rust symbols (bsc#1188374).

- CVE-2021-3826: Fixed heap/stack buffer overflow in the dlang_lname function in d-demangle.c (bsc#1202969).

- CVE-2021-45078: Fixed out-of-bounds write in stab_xcoff_builtin_type() in stabs.c (bsc#1193929).

- CVE-2021-46195: Fixed uncontrolled recursion in libiberty/rust-demangle.c (bsc#1194783).

- CVE-2022-27943: Fixed stack exhaustion in demangle_const in (bsc#1197592).

- CVE-2022-38126: Fixed assertion fail in the display_debug_names() function in binutils/dwarf.c (bsc#1202966).

- CVE-2022-38127: Fixed NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c (bsc#1202967).

- CVE-2022-38533: Fixed heap out-of-bounds read in bfd_getl32 (bsc#1202816).

The following non-security bugs were fixed:

- SLE toolchain update of binutils, update to 2.39 from 2.37.

- Update to 2.39:

* The ELF linker will now generate a warning message if the stack is made

executable. Similarly it will warn if the output binary contains a

segment with all three of the read, write and execute permission

bits set. These warnings are intended to help developers identify

programs which might be vulnerable to attack via these executable

memory regions.

The warnings are enabled by default but can be disabled via a command

line option. It is also possible to build a linker with the warnings

disabled, should that be necessary.

* The ELF linker now supports a --package-metadata option that allows

embedding a JSON payload in accordance to the Package Metadata

specification.

* In linker scripts it is now possible to use TYPE= in an output

section description to set the section type value.

* The objdump program now supports coloured/colored syntax

highlighting of its disassembler output for some architectures.

(Currently: AVR, RiscV, s390, x86, x86_64).

* The nm program now supports a --no-weak/-W option to make it ignore

weak symbols.

* The readelf and objdump programs now support a -wE option to prevent

them from attempting to access debuginfod servers when following

links.

* The objcopy program's --weaken, --weaken-symbol, and

--weaken-symbols options now works with unique symbols as well.

- Update to 2.38:

* elfedit: Add --output-abiversion option to update ABIVERSION.

* Add support for the LoongArch instruction set.

* Tools which display symbols or strings (readelf, strings, nm, objdump)

have a new command line option which controls how unicode characters are

handled. By default they are treated as normal for the tool. Using

--unicode=locale will display them according to the current locale.

Using --unicode=hex will display them as hex byte values, whilst

--unicode=escape will display them as escape sequences. In addition

using --unicode=highlight will display them as unicode escape sequences

highlighted in red (if supported by the output device).

* readelf -r dumps RELR relative relocations now.

* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been

added to objcopy in order to enable UEFI development using binutils.

* ar: Add --thin for creating thin archives. -T is a deprecated alias without

diagnostics. In many ar implementations -T has a different meaning, as

specified by X/Open System Interface.

* Add support for AArch64 system registers that were missing in previous

releases.

* Add support for the LoongArch instruction set.

* Add a command-line option, -muse-unaligned-vector-move, for x86 target

to encode aligned vector move as unaligned vector move.

* Add support for Cortex-R52+ for Arm.

* Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.

* Add support for Cortex-A710 for Arm.

* Add support for Scalable Matrix Extension (SME) for AArch64.

* The --multibyte-handling=[allow|warn|warn-sym-only] option tells the

assembler what to when it encoutners multibyte characters in the input. The

default is to allow them. Setting the option to 'warn' will generate a

warning message whenever any multibyte character is encountered. Using the

option to 'warn-sym-only' will make the assembler generate a warning whenever a

symbol is defined containing multibyte characters. (References to undefined

symbols will not generate warnings).

* Outputs of .ds.x directive and .tfloat directive with hex input from

x86 assembler have been reduced from 12 bytes to 10 bytes to match the

output of .tfloat directive.

* Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and

'armv9.3-a' for -march in AArch64 GAS.

* Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',

'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.

* Add support for Intel AVX512_FP16 instructions.

* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF

linker to pack relative relocations in the DT_RELR section.

* Add support for the LoongArch architecture.

* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF

linker to control canonical function pointers and copy relocation.

* Add --max-cache-size=SIZE to set the the maximum cache size to SIZE

bytes.

- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.

- Add gprofng subpackage.

- Include recognition of 'z16' name for 'arch14' on s390. (bsc#1198237).

- Add back fix for bsc#1191473, which got lost in the update to 2.38.

- Install symlinks for all target specific tools on arm-eabi-none (bsc#1185712).

- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)

1200901

This update for nfsidmap fixes the following issues:

- Various bugfixes and improvemes from upstream In particular, fixed

a crash that can happen when a 'static' mapping is configured.

(bsc#1200901)

1202750

This update for rpm fixes the following issues:

- Strip critical bit in signature subpackage parsing

- No longer deadlock DNF after pubkey import (bsc#1202750)

This update for gcc12 fixes the following issues:

This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15

versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux

Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.

The Go, D and Ada language compiler parts are available unsupported via the

PackageHub repositories.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.

- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

https://gcc.gnu.org/gcc-12/changes.html

1198523,1199074,1203216

This update for lvm2 fixes the following issues:

- Design changes to avoid kernel panic (bsc#1198523)

- Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074)

- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)

1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454

This update for python3 fixes the following issues:

- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)

- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)

The following non-security bug was fixed:

- Fixed a crash in the garbage collection (bsc#1188607).

1203669

This update for libxslt fixes the following issues:

- Fix broken license symlink for libxslt-tools (bsc#1203669)

1197998

This update for sudo fixes the following issues:

- Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update

(bsc#1197998)

1179465

This update for openssh fixes the following issues:

- Make ssh connections update their dbus environment (bsc#1179465):

* Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish

1206337,CVE-2022-46908

This update for sqlite3 fixes the following issues:

- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,

when relying on --safe for execution of an untrusted CLI script (bsc#1206337).

1200723,1203857,1204423,1205000,CVE-2022-4415

This update for systemd fixes the following issues:

- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).

Bug fixes:

- Support by-path devlink for multipath nvme block devices (bsc#1200723).

- Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857).

- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).

1206309,CVE-2022-43552

This update for curl fixes the following issues:

- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).

1177460

This update for timezone fixes the following issues:

Version update from 2022f to 2022g (bsc#1177460):

- In the Mexican state of Chihuahua:

* The border strip near the US will change to agree with nearby US locations on 2022-11-30.

* The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules,

like El Paso, TX.

* The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX.

* A new Zone America/Ciudad_Juarez splits from America/Ojinaga.

- Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving

time becomes standard time.

- Changes for pre-1996 northern Canada

- Update to past DST transition in Colombia (1993), Singapore (1981)

- 'timegm' is now supported by default

1206212,1206622

This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)

Removed CAs:

- Global Chambersign Root

- EC-ACC

- Network Solutions Certificate Authority

- Staat der Nederlanden EV Root CA

- SwissSign Platinum CA - G2

Added CAs:

- DIGITALSIGN GLOBAL ROOT ECDSA CA

- DIGITALSIGN GLOBAL ROOT RSA CA

- Security Communication ECC RootCA1

- Security Communication RootCA3

Changed trust:

- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)

- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'

and it is not clear how many certs were issued for SSL middleware by TrustCor:

- TrustCor RootCert CA-1

- TrustCor RootCert CA-2

- TrustCor ECA-1

1199467

This update for libtirpc fixes the following issues:

- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)

1206579,CVE-2022-47629

This update for libksba fixes the following issues:

- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL

signature parser (bsc#1206579).

1207082,CVE-2023-22809

This update for sudo fixes the following issues:

- CVE-2023-22809: Fixed an arbitrary file write issue that could be

exploited by users with sudoedit permissions (bsc#1207082).

1206212,CVE-2022-23491

This update for python-certifi fixes the following issues:

- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle

certs (bsc#1206212 CVE-2022-23491)

- TrustCor RootCert CA-1

- TrustCor RootCert CA-2

- TrustCor ECA-1

- Add removeTrustCor.patch

1194038,1205646

This update for util-linux fixes the following issues:

- libuuid continuous clock handling for time based UUIDs:

Prevent use of the new libuuid ABI by uuidd %post before update

of libuuid1 (bsc#1205646).

- Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt

does not exist.

- Fix tests not passing when '@' character is in build path:

Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).

1204364,CVE-2022-42969

This update for python-py fixes the following issues:

- CVE-2022-42969: Fixed an excessive resource consumption that could

be triggered when interacting with a Subversion repository

containing crated data (bsc#1204364).

1183533,CVE-2021-28153

This update for glib2 fixes the following issues:

- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).

1206738

This update for permissions fixes the following issues:

Update to version 20181225:

* Backport postfix permissions to SLE 15 SP2 (bsc#1206738)

1206412

This update for procps fixes the following issues:

- Improve memory handling/usage (bsc#1206412)

- Make sure that correct library version is installed (bsc#1206412)

1203652

This update for zlib fixes the following issues:

- Follow up fix for bug bsc#1203652 due to libxml2 issues

1205126,CVE-2022-42898

This update for krb5 fixes the following issues:

- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

1206667,CVE-2022-40897

This update for python-setuptools fixes the following issues:

- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered

by fetching a malicious HTML document (bsc#1206667).

1121365,1198472,1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286

This update for openssl-1_1 fixes the following issues:

- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).

- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).

- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).

- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).

- FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472)

1205244,1208443,CVE-2022-45061

This update for python3 fixes the following issues:

- CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244).

Bugfixes:

- Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443).

The following package changes have been done:

- binutils-2.39-150100.7.40.1 updated

- ca-certificates-mozilla-2.60-150200.27.1 updated

- dbus-1-1.12.2-150100.8.14.1 updated

- device-mapper-2.03.05_1.02.163-150200.8.49.1 updated

- glib2-tools-2.62.6-150200.3.10.1 updated

- krb5-1.19.2-150300.10.1 updated

- libblkid1-2.36.2-150300.4.32.1 updated

- libctf-nobfd0-2.39-150100.7.40.1 updated

- libctf0-2.39-150100.7.40.1 updated

- libcurl4-7.66.0-150200.4.45.1 updated

- libdbus-1-3-1.12.2-150100.8.14.1 updated

- libdevmapper-event1_03-2.03.05_1.02.163-150200.8.49.1 updated

- libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated

- libexpat1-2.2.5-150000.3.25.1 updated

- libfdisk1-2.36.2-150300.4.32.1 updated

- libgcc_s1-12.2.1+git416-150000.1.5.1 updated

- libgio-2_0-0-2.62.6-150200.3.10.1 updated

- libglib-2_0-0-2.62.6-150200.3.10.1 updated

- libgmodule-2_0-0-2.62.6-150200.3.10.1 updated

- libgobject-2_0-0-2.62.6-150200.3.10.1 updated

- libgpg-error0-1.42-150300.9.3.1 updated

- libksba8-1.3.5-150000.4.6.1 updated

- liblvm2cmd2_03-2.03.05-150200.8.49.1 updated

- libmount1-2.36.2-150300.4.32.1 updated

- libopenssl1_1-hmac-1.1.1d-150200.11.57.1 updated

- libopenssl1_1-1.1.1d-150200.11.57.1 updated

- libprocps7-3.3.15-150000.7.28.1 updated

- libprotobuf-lite20-3.9.2-150200.4.19.2 updated

- libpython3_6m1_0-3.6.15-150300.10.40.1 updated

- libsmartcols1-2.36.2-150300.4.32.1 updated

- libsqlite3-0-3.39.3-150000.3.20.1 updated

- libstdc++6-12.2.1+git416-150000.1.5.1 updated

- libsystemd0-246.16-150300.7.57.1 updated

- libtasn1-6-4.13-150000.4.8.1 updated

- libtasn1-4.13-150000.4.8.1 updated

- libtirpc-netconfig-1.2.6-150300.3.17.1 updated

- libtirpc3-1.2.6-150300.3.17.1 updated

- libudev1-246.16-150300.7.57.1 updated

- libuuid1-2.36.2-150300.4.32.1 updated

- libxml2-2-2.9.7-150000.3.51.1 updated

- libxslt1-1.1.32-150000.3.11.1 updated

- libz1-1.2.11-150000.3.39.1 updated

- lvm2-2.03.05-150200.8.49.1 updated

- nfs-client-2.1.1-150100.10.27.1 updated

- nfs-kernel-server-2.1.1-150100.10.27.1 updated

- nfsidmap-0.26-150000.3.7.1 updated

- openssh-clients-8.4p1-150300.3.15.4 updated

- openssh-common-8.4p1-150300.3.15.4 updated

- openssh-fips-8.4p1-150300.3.15.4 updated

- openssh-server-8.4p1-150300.3.15.4 updated

- openssh-8.4p1-150300.3.15.4 updated

- openssl-1_1-1.1.1d-150200.11.57.1 updated

- pam-1.3.0-150000.6.61.1 updated

- permissions-20181225-150200.23.23.1 updated

- procps-3.3.15-150000.7.28.1 updated

- python3-Mako-1.0.7-150000.3.3.1 updated

- python3-apipkg-1.4-150000.3.4.1 updated

- python3-base-3.6.15-150300.10.40.1 updated

- python3-certifi-2018.1.18-150000.3.3.1 updated

- python3-cryptography-2.9.2-150200.13.1 updated

- python3-curses-3.6.15-150300.10.40.1 updated

- python3-iniconfig-1.1.1-150000.1.9.1 updated

- python3-py-1.10.0-150100.5.12.1 updated

- python3-rsa-3.4.2-150000.3.7.1 updated

- python3-setuptools-40.5.0-150100.6.6.1 updated

- python3-waitress-1.4.3-150000.3.6.1 updated

- python3-3.6.15-150300.10.40.1 updated

- rpm-ndb-4.14.3-150300.52.1 updated

- sudo-1.9.5p2-150300.3.19.1 updated

- systemd-246.16-150300.7.57.1 updated

- timezone-2022g-150000.75.18.1 updated

- udev-246.16-150300.7.57.1 updated

- update-alternatives-1.19.0.4-150000.4.4.1 updated

- util-linux-systemd-2.36.2-150300.4.32.1 updated

- util-linux-2.36.2-150300.4.32.1 updated

- container:sles15-image-15.0.0-17.20.107 updated

Severity
Container Advisory ID : SUSE-CU-2023:500-1
Container Tags : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.408 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific
Container Release : 3.2.408
Severity : critical
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.