SUSE Container Update Advisory: ses/7.1/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:154-1
Container Tags        : ses/7.1/ceph/ceph:16.2.13.66 , ses/7.1/ceph/ceph:16.2.13.66.4.9.1 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific
Container Release     : 4.9.1
Severity              : important
Type                  : security
References            : 1029961 1041742 1107342 1111622 1158830 1170175 1176785 1184753
                        1196647 1199282 1200962 1201384 1203760 1205767 1206080 1206480
                        1206480 1206556 1206684 1206684 1206798 1207853 1208037 1208038
                        1208040 1208409 1209122 1209275 1209642 1210297 1210335 1210557
                        1210557 1210660 1210733 1211427 1211427 1211829 1212101 1212101
                        1212422 1212819 1212910 1213458 1213854 1213915 1213915 1214052
                        1214052 1214292 1214395 1214460 1214460 1214565 1214567 1214579
                        1214580 1214604 1214611 1214619 1214620 1214623 1214624 1214625
                        1214692 1214788 1214806 1215007 1215215 1215286 1215314 1215427
                        1215434 1215496 1215713 1215889 1215891 1215968 1215979 1216091
                        1216123 1216129 1216174 1216377 1216378 1216664 1216862 1216922
                        1216987 1217212 1217472 1217573 1217592 1217695 1217696 1217950
                        1218014 CVE-2020-19726 CVE-2021-32256 CVE-2022-35205 CVE-2022-35206
                        CVE-2022-4285 CVE-2022-44840 CVE-2022-45703 CVE-2022-47673 CVE-2022-47695
                        CVE-2022-47696 CVE-2022-48063 CVE-2022-48064 CVE-2022-48065 CVE-2023-0687
                        CVE-2023-1579 CVE-2023-1829 CVE-2023-1972 CVE-2023-2137 CVE-2023-2222
                        CVE-2023-23559 CVE-2023-25585 CVE-2023-25587 CVE-2023-25588 CVE-2023-35945
                        CVE-2023-38546 CVE-2023-40217 CVE-2023-4039 CVE-2023-4039 CVE-2023-43804
                        CVE-2023-44487 CVE-2023-45322 CVE-2023-45803 CVE-2023-45853 CVE-2023-46218
                        CVE-2023-4641 CVE-2023-4813 CVE-2023-48795 CVE-2023-49083 CVE-2023-50495
                        CVE-2023-5678 
-----------------------------------------------------------------

The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3814-1
Released:    Wed Sep 27 18:08:17 2023
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1211829,1212819,1212910
This update for glibc fixes the following issues:

- nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)
- Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)
- elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)
- elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)
- ld.so: Always use MAP_COPY to map the first segment (BZ #30452)
- add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3825-1
Released:    Wed Sep 27 18:48:53 2023
Summary:     Security update for binutils
Type:        security
Severity:    important
References:  1200962,1206080,1206556,1208037,1208038,1208040,1208409,1209642,1210297,1210733,1213458,1214565,1214567,1214579,1214580,1214604,1214611,1214619,1214620,1214623,1214624,1214625,CVE-2020-19726,CVE-2021-32256,CVE-2022-35205,CVE-2022-35206,CVE-2022-4285,CVE-2022-44840,CVE-2022-45703,CVE-2022-47673,CVE-2022-47695,CVE-2022-47696,CVE-2022-48063,CVE-2022-48064,CVE-2022-48065,CVE-2023-0687,CVE-2023-1579,CVE-2023-1972,CVE-2023-2222,CVE-2023-25585,CVE-2023-25587,CVE-2023-25588
This update for binutils fixes the following issues:

Update to version 2.41 [jsc#PED-5778]:

* The MIPS port now supports the Sony Interactive Entertainment Allegrex
  processor, used with the PlayStation Portable, which implements the MIPS
  II ISA along with a single-precision FPU and a few implementation-specific
  integer instructions.
* Objdump's --private option can now be used on PE format files to display the
  fields in the file header and section headers.
* New versioned release of libsframe: libsframe.so.1.  This release introduces
  versioned symbols with version node name LIBSFRAME_1.0.  This release also
  updates the ABI in an incompatible way: this includes removal of
  sframe_get_funcdesc_with_addr API, change in the behavior of
  sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs.
* SFrame Version 2 is now the default (and only) format version supported by
  gas, ld, readelf and objdump.
* Add command-line option, --strip-section-headers, to objcopy and strip to
  remove ELF section header from ELF file.
* The RISC-V port now supports the following new standard extensions:

  - Zicond (conditional zero instructions)
  - Zfa (additional floating-point instructions)
  - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng,
    Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions)

* The RISC-V port now supports the following vendor-defined extensions:
  - XVentanaCondOps
* Add support for Intel FRED, LKGS and AMX-COMPLEX instructions.
* A new .insn directive is recognized by x86 gas.
* Add SME2 support to the AArch64 port.
* The linker now accepts a command line option of --remap-inputs
  = to relace any input file that matches  with
  .  In addition the option --remap-inputs-file= can be used to
  specify a file containing any number of these remapping directives.
* The linker command line option --print-map-locals can be used to include
  local symbols in a linker map.  (ELF targets only).
* For most ELF based targets, if the --enable-linker-version option is used
  then the version of the linker will be inserted as a string into the .comment
  section.
* The linker script syntax has a new command for output sections: ASCIZ 'string'
  This will insert a zero-terminated string at the current location.
* Add command-line option, -z nosectionheader, to omit ELF section
  header.

- Contains fixes for these non-CVEs (not security bugs per upstreams
  SECURITY.md):
  * bsc#1209642 aka CVE-2023-1579 aka PR29988
  * bsc#1210297 aka CVE-2023-1972 aka PR30285
  * bsc#1210733 aka CVE-2023-2222 aka PR29936
  * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc)
  * bsc#1214565 aka CVE-2020-19726 aka PR26240
  * bsc#1214567 aka CVE-2022-35206 aka PR29290
  * bsc#1214579 aka CVE-2022-35205 aka PR29289
  * bsc#1214580 aka CVE-2022-44840 aka PR29732
  * bsc#1214604 aka CVE-2022-45703 aka PR29799
  * bsc#1214611 aka CVE-2022-48065 aka PR29925
  * bsc#1214619 aka CVE-2022-48064 aka PR29922
  * bsc#1214620 aka CVE-2022-48063 aka PR29924
  * bsc#1214623 aka CVE-2022-47696 aka PR29677
  * bsc#1214624 aka CVE-2022-47695 aka PR29846
  * bsc#1214625 aka CVE-2022-47673 aka PR29876

- This only existed only for a very short while in SLE-15, as the main
  variant in devel:gcc subsumed this in binutils-revert-rela.diff.
  Hence:

- Document fixed CVEs:

  * bsc#1208037 aka CVE-2023-25588 aka PR29677
  * bsc#1208038 aka CVE-2023-25587 aka PR29846
  * bsc#1208040 aka CVE-2023-25585 aka PR29892
  * bsc#1208409 aka CVE-2023-0687 aka PR29444

- Enable bpf-none cross target and add bpf-none to the multitarget
  set of supported targets.
- Disable packed-relative-relocs for old codestreams.  They generate
  buggy relocations when binutils-revert-rela.diff is active.
  [bsc#1206556]
- Disable ZSTD debug section compress by default.
- Enable zstd compression algorithm (instead of zlib)
  for debug info sections by default.
- Pack libgprofng only for supported platforms.
- Move libgprofng-related libraries to the proper locations (packages).
- Add --without=bootstrap for skipping of bootstrap (faster testing
  of the package).

- Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515]

Update to version 2.40:

* Objdump has a new command line option --show-all-symbols which will make it
  display all symbols that match a given address when disassembling.  (Normally
  only the first symbol that matches an address is shown).
* Add --enable-colored-disassembly configure time option to enable colored
  disassembly output by default, if the output device is a terminal.  Note,
  this configure option is disabled by default.
* DCO signed contributions are now accepted.
* objcopy --decompress-debug-sections now supports zstd compressed debug
  sections.  The new option --compress-debug-sections=zstd compresses debug
  sections with zstd.
* addr2line and objdump --dwarf now support zstd compressed debug sections.
* The dlltool program now accepts --deterministic-libraries and
  --non-deterministic-libraries as command line options to control whether or
  not it generates deterministic output libraries.  If neither of these options
  are used the default is whatever was set when the binutils were configured.
* readelf and objdump now have a newly added option --sframe which dumps the
  SFrame section.
* Add support for Intel RAO-INT instructions.
* Add support for Intel AVX-NE-CONVERT instructions.
* Add support for Intel MSRLIST instructions.
* Add support for Intel WRMSRNS instructions.
* Add support for Intel CMPccXADD instructions.
* Add support for Intel AVX-VNNI-INT8 instructions.
* Add support for Intel AVX-IFMA instructions.
* Add support for Intel PREFETCHI instructions.
* Add support for Intel AMX-FP16 instructions.
* gas now supports --compress-debug-sections=zstd to compress
  debug sections with zstd.
* Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
  that selects the default compression algorithm
  for --enable-compressed-debug-sections.
* Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs,
  XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx,
  XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head
  ISA manual, which are implemented in the Allwinner D1.
* Add support for the RISC-V Zawrs extension, version 1.0-rc4.
* Add support for Cortex-X1C for Arm.
* New command line option --gsframe to generate SFrame unwind information
  on x86_64 and aarch64 targets.
* The linker has a new command line option to suppress the generation of any
  warning or error messages.  This can be useful when there is a need to create
  a known non-working binary.  The option is -w or --no-warnings.
* ld now supports zstd compressed debug sections.  The new option
  --compress-debug-sections=zstd compresses debug sections with zstd.
* Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
  that selects the default compression algorithm
  for --enable-compressed-debug-sections.
* Remove support for -z bndplt (MPX prefix instructions).

- Includes fixes for these CVEs:

  * bsc#1206080 aka CVE-2022-4285 aka PR29699

- Enable by default: --enable-colored-disassembly.
- fix build on x86_64_vX platforms 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3828-1
Released:    Wed Sep 27 19:07:38 2023
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1214692,CVE-2023-40217
This update for python3 fixes the following issues:

- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3997-1
Released:    Fri Oct  6 14:13:56 2023
Summary:     Security update for nghttp2
Type:        security
Severity:    important
References:  1215713,CVE-2023-35945
This update for nghttp2 fixes the following issues:

- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4006-1
Released:    Mon Oct  9 08:35:50 2023
Summary:     Recommended update for zypper
Type:        recommended
Severity:    moderate
References:  1213854,1214292,1214395,1215007
This update for zypper fixes the following issues:

- Fix name of the bash completion script (bsc#1215007)
- Update notes about failing signature checks (bsc#1214395)
- Improve the SIGINT handler to be signal safe (bsc#1214292)
- Update to version 1.14.64
- Changed location of bash completion script (bsc#1213854).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4027-1
Released:    Tue Oct 10 13:59:02 2023
Summary:     Security update for shadow
Type:        security
Severity:    low
References:  1214806,CVE-2023-4641
This update for shadow fixes the following issues:

- CVE-2023-4641: Fixed potential password leak (bsc#1214806).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4045-1
Released:    Wed Oct 11 09:10:43 2023
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1215889,CVE-2023-38546
This update for curl fixes the following issues:

- CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4052-1
Released:    Wed Oct 11 14:11:55 2023
Summary:     Recommended update for babeltrace
Type:        recommended
Severity:    moderate
References:  1209275

This update ships missing babeltrace-devel to the Basesystem module
to allow building gdb source rpms. (bsc#1209275)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4108-1
Released:    Wed Oct 18 11:51:12 2023
Summary:     Security update for python-urllib3
Type:        security
Severity:    moderate
References:  1215968,CVE-2023-43804
This update for python-urllib3 fixes the following issues:

- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
  the user manually set the corresponding header (bsc#1215968).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4110-1
Released:    Wed Oct 18 12:35:26 2023
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1215286,1215891,CVE-2023-4813
This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)

Also a regression from a previous update was fixed:

- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4154-1
Released:    Fri Oct 20 19:33:25 2023
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1107342,1215434
This update for aaa_base fixes the following issues:

- Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4158-1
Released:    Mon Oct 23 09:52:06 2023
Summary:     Security update for suse-module-tools
Type:        security
Severity:    important
References:  1205767,1207853,1210335,CVE-2023-1829,CVE-2023-23559
This update for suse-module-tools fixes the following issues:

- Updated to version 15.3.17:

  - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
    module (bsc#1210335).
  - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
    (bsc#1205767, jsc#PED-5731).

- Updated to version 15.3.16:

  - Fixed a build issue for s390x (bsc#1207853).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4162-1
Released:    Mon Oct 23 15:33:03 2023
Summary:     Security update for gcc13
Type:        security
Severity:    important
References:  1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039
This update for gcc13 fixes the following issues:

This update ship the GCC 13.2 compiler suite and its base libraries.

The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.

The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.

To use gcc13 compilers use:

- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.

For a full changelog with all new GCC13 features, check out

        https://gcc.gnu.org/gcc-13/changes.html


Detailed changes:


* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
  length stack allocations.  (bsc#1214052)

- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]

- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
  building with LTO.  [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
  can be installed standalone.  [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
  the benefit of the former one is that the linker jobs are not
  holding tokens of the make's jobserver.
- Add cross-bpf packages.  See https://gcc.gnu.org/wiki/BPFBackEnd
  for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
  specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0. 
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
  package.  Make libstdc++6 recommend timezone to get a fully
  working std::chrono.  Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing.  [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there. 
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
  as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
  SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
  PRU architecture is used for real-time MCUs embedded into TI
  armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
  armv7l in order to build both host applications and PRU firmware
  during the same build.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4200-1
Released:    Wed Oct 25 12:04:29 2023
Summary:     Security update for nghttp2
Type:        security
Severity:    important
References:  1216123,1216174,CVE-2023-44487
This update for nghttp2 fixes the following issues:

- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4217-1
Released:    Thu Oct 26 12:20:27 2023
Summary:     Security update for zlib
Type:        security
Severity:    moderate
References:  1216378,CVE-2023-45853
This update for zlib fixes the following issues:

- CVE-2023-45853: Fixed an integer overflow that would lead to a
  buffer overflow in the minizip subcomponent (bsc#1216378).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4226-1
Released:    Fri Oct 27 11:14:10 2023
Summary:     Recommended update for openssl-1_1
Type:        recommended
Severity:    moderate
References:  1215215
This update for openssl-1_1 fixes the following issues:

- Displays 'fips' in the version string (bsc#1215215)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4310-1
Released:    Tue Oct 31 14:10:47 2023
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1196647
This Update for libtirpc to 1.3.4, fixing the following issues:
    
Update to 1.3.4 (bsc#1199467)

 * binddynport.c honor ip_local_reserved_ports
   - replaces: binddynport-honor-ip_local_reserved_ports.patch
 * gss-api: expose gss major/minor error in authgss_refresh()
 * rpcb_clnt.c: Eliminate double frees in delete_cache()
 * rpcb_clnt.c: memory leak in destroy_addr
 * portmapper: allow TCP-only portmapper
 * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
 * clnt_raw.c: fix a possible null pointer dereference
 * bindresvport.c: fix a potential resource leakage

Update to 1.3.3:

* Fix DoS vulnerability in libtirpc
  - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
* _rpc_dtablesize: use portable system call
* libtirpc: Fix use-after-free accessing the error number
* Fix potential memory leak of parms.r_addr
  - replaces 0001-fix-parms.r_addr-memory-leak.patch
* rpcb_clnt.c add mechanism to try v2 protocol first
  - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
* Eliminate deadlocks in connects with an MT environment
* clnt_dg_freeres() uncleared set active state may deadlock
* thread safe clnt destruction
* SUNRPC: mutexed access blacklist_read state variable
* SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c

Update to 1.3.2:

* Replace the final SunRPC licenses with BSD licenses
* blacklist: Add a few more well known ports
* libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS

Update to 1.3.1:

* Remove AUTH_DES interfaces from auth_des.h
  The unsupported  AUTH_DES authentication has be
  compiled out since commit d918e41d889 (Wed Oct 9 2019)
  replaced by API routines that return errors.
* svc_dg: Free xp_netid during destroy
* Fix memory management issues of fd locks
* libtirpc: replace array with list for per-fd locks
* __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
* __rpc_dtbsize: rlim_cur instead of rlim_max
* pkg-config: use the correct replacements for libdir/includedir

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4458-1
Released:    Thu Nov 16 14:38:48 2023
Summary:     Security update for gcc13
Type:        security
Severity:    important
References:  1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039
This update for gcc13 fixes the following issues:

This update ship the GCC 13.2 compiler suite and its base libraries.

The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.

The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.

To use gcc13 compilers use:

- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.

For a full changelog with all new GCC13 features, check out

        https://gcc.gnu.org/gcc-13/changes.html


Detailed changes:


* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
  length stack allocations.  (bsc#1214052)

- Work around third party app crash during C++ standard library initialization.  [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]

- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
  building with LTO.  [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
  can be installed standalone.  [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
  the benefit of the former one is that the linker jobs are not
  holding tokens of the make's jobserver.
- Add cross-bpf packages.  See https://gcc.gnu.org/wiki/BPFBackEnd
  for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
  specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0. 
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
  package.  Make libstdc++6 recommend timezone to get a fully
  working std::chrono.  Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing.  [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there. 
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
  as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
  SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
  PRU architecture is used for real-time MCUs embedded into TI
  armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
  armv7l in order to build both host applications and PRU firmware
  during the same build.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4464-1
Released:    Thu Nov 16 17:56:12 2023
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1216129,CVE-2023-45322
This update for libxml2 fixes the following issues:

- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4467-1
Released:    Thu Nov 16 17:57:51 2023
Summary:     Security update for python-urllib3
Type:        security
Severity:    moderate
References:  1216377,CVE-2023-45803
This update for python-urllib3 fixes the following issues:

- CVE-2023-45803: Fix a request body leak that could occur when
  receiving a 303 HTTP response (bsc#1216377).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4519-1
Released:    Tue Nov 21 17:39:58 2023
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1216922,CVE-2023-5678
This update for openssl-1_1 fixes the following issues:

- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4535-1
Released:    Thu Nov 23 08:17:40 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1041742,1203760,1212422,1215979,1216091
This update for libzypp, zypper fixes the following issues:

- Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091)
- Fix comment typo on zypp.conf (bsc#1215979)
- Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742)
- Make sure the old target is deleted before a new one is created (bsc#1203760)
- Return 104 also if info suggests near matches
- Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422)
- commit: Insert a headline to separate output of different rpm scripts (bsc#1041742)

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:4583-1
Released:    Mon Nov 27 10:16:11 2023
Summary:     Feature update for python-psutil
Type:        feature
Severity:    moderate
References:  1111622,1170175,1176785,1184753,1199282
This update for python-psutil, python-requests fixes the following issues:

- update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043)
- Fix tests: setuptools changed the builddir library path and does not find the
  module from it. Use the installed platlib instead and exclude psutil.tests only later.
- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS

- Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192)
- Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622).


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4615-1
Released:    Wed Nov 29 20:33:38 2023
Summary:     Recommended update for icu
Type:        recommended
Severity:    moderate
References:  1217472

This update of icu fixes the following issue:

- missing 32bit libraries in SLES 15 SP3 were added, required by xerces-c 32bit.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4619-1
Released:    Thu Nov 30 10:13:52 2023
Summary:     Security update for sqlite3
Type:        security
Severity:    important
References:  1210660,CVE-2023-2137
This update for sqlite3 fixes the following issues:

- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4644-1
Released:    Tue Dec  5 13:46:14 2023
Summary:     Recommended update for psmisc
Type:        recommended
Severity:    moderate
References:  
This update for psmisc fixes the following issues:

- Fix version number when building the package

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4699-1
Released:    Mon Dec 11 07:02:10 2023
Summary:     Recommended update for gpg2
Type:        recommended
Severity:    moderate
References:  1217212
This update for gpg2 fixes the following issues:

- `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4713-1
Released:    Mon Dec 11 13:23:12 2023
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1217573,CVE-2023-46218
This update for curl fixes the following issues:

- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4723-1
Released:    Tue Dec 12 09:57:51 2023
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1216862
This update for libtirpc fixes the following issue:

- fix sed parsing in specfile (bsc#1216862)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4890-1
Released:    Mon Dec 18 13:00:52 2023
Summary:     Recommended update for python-websocket-client
Type:        recommended
Severity:    moderate
References:  1215314
This update for python-websocket-client fixes the following issues:

- Re-enable Python 3.6 to fix pip3 install (bsc#1215314)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4891-1
Released:    Mon Dec 18 16:31:49 2023
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1201384,1218014,CVE-2023-50495
This update for ncurses fixes the following issues:

- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4902-1
Released:    Tue Dec 19 13:09:42 2023
Summary:     Security update for openssh
Type:        security
Severity:    important
References:  1214788,1217950,CVE-2023-48795
This update for openssh fixes the following issues:

- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).

the following non-security bug was fixed:

- Fix the 'no route to host' error when connecting via ProxyJump

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4921-1
Released:    Wed Dec 20 09:51:31 2023
Summary:     Security update for python-cryptography
Type:        security
Severity:    moderate
References:  1217592,CVE-2023-49083
This update for python-cryptography fixes the following issues:

- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4963-1
Released:    Fri Dec 22 14:37:08 2023
Summary:     Recommended update for curl
Type:        recommended
Severity:    important
References:  1216987
This update for curl fixes the following issues:

- libssh: Implement SFTP packet size limit (bsc#1216987)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:11-1
Released:    Tue Jan  2 13:24:52 2024
Summary:     Recommended update for procps
Type:        recommended
Severity:    moderate
References:  1029961,1158830,1206798,1209122
This update for procps fixes the following issues:

- Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)

- For support up to 2048 CPU as well (bsc#1185417)
- Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)
- Get the first CPU summary correct (bsc#1121753)
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
  the pwait tool and its manual page will be build
- Do not truncate output of w with option -n
- Prefer logind over utmp (jsc#PED-3144)
- Don't install translated man pages for non-installed binaries
  (uptime, kill).
- Fix directory for Ukrainian man pages translations.
- Move localized man pages to lang package.

- Update to procps-ng-3.3.17

  * library: Incremented to 8:3:0
    (no removals or additions, internal changes only)
  * all: properly handle utf8 cmdline translations
  * kill: Pass int to signalled process
  * pgrep: Pass int to signalled process
  * pgrep: Check sanity of SG_ARG_MAX
  * pgrep: Add older than selection
  * pidof: Quiet mode
  * pidof: show worker threads
  * ps.1: Mention stime alias
  * ps: check also match on truncated 16 char comm names
  * ps: Add exe output option
  * ps: A lot more sorting available
  * pwait: New command waits for a process
  * sysctl: Match systemd directory order
  * sysctl: Document directory order
  * top: ensure config file backward compatibility
  * top: add command line 'e' for symmetry with 'E'
  * top: add '4' toggle for two abreast cpu display
  * top: add '!' toggle for combining multiple cpus
  * top: fix potential SEGV involving -p switch
  * vmstat: Wide mode gives wider proc columns
  * watch: Add environment variable for interval
  * watch: Add no linewrap option
  * watch: Support more colors
  * free,uptime,slabtop: complain about extra ops

- Package translations in procps-lang.

- Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.

- Enable pidof by default

- Update to procps-ng-3.3.16

  * library: Increment to 8:2:0

    No removals or functions
    Internal changes only, so revision is incremented.
    Previous version should have been 8:1:0 not 8:0:1

  * docs: Use correct symbols for -h option in free.1
  * docs: ps.1 now warns about command name length
  * docs: install translated man pages
  * pgrep: Match on runstate
  * snice: Fix matching on pid
  * top: can now exploit 256-color terminals
  * top: preserves 'other filters' in configuration file
  * top: can now collapse/expand forest view children
  * top: parent %CPU time includes collapsed children
  * top: improve xterm support for vim navigation keys
  * top: avoid segmentation fault at program termination
  * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:50-1
Released:    Mon Jan  8 03:18:56 2024
Summary:     Recommended update for python-instance-billing-flavor-check
Type:        recommended
Severity:    moderate
References:  1217695,1217696
This update for python-instance-billing-flavor-check fixes the following issues:

-  Run the command as sudo only (bsc#1217696, bsc#1217695)
-  Handle exception for Python 3.4 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:62-1
Released:    Mon Jan  8 11:44:47 2024
Summary:     Recommended update for libxcrypt
Type:        recommended
Severity:    moderate
References:  1215496
This update for libxcrypt fixes the following issues:

- fix variable name for datamember [bsc#1215496]
- added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:82-1
Released:    Thu Jan 11 09:21:29 2024
Summary:     Recommended update for ceph
Type:        recommended
Severity:    moderate
References:  
This update for ceph fixes the following issues:

- Fix build versioning to resolve installation conflicts (no source code changes)


The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated
- babeltrace-1.5.8-150300.3.2.1 updated
- binutils-2.41-150100.7.46.1 updated
- ceph-base-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-common-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-grafana-dashboards-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-mds-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-mgr-cephadm-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-mgr-dashboard-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-mgr-modules-core-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-mgr-rook-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-mgr-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-mon-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-osd-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-prometheus-alerts-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-radosgw-16.2.13.66+g54799ee0666-150300.9.1 updated
- cephadm-16.2.13.66+g54799ee0666-150300.9.1 updated
- ceph-16.2.13.66+g54799ee0666-150300.9.1 updated
- glibc-locale-base-2.31-150300.63.1 updated
- glibc-2.31-150300.63.1 updated
- gpg2-2.2.27-150300.3.8.1 updated
- libcephfs2-16.2.13.66+g54799ee0666-150300.9.1 updated
- libcephsqlite-16.2.13.66+g54799ee0666-150300.9.1 updated
- libcrypt1-4.4.15-150300.4.7.1 updated
- libctf-nobfd0-2.41-150100.7.46.1 updated
- libctf0-2.41-150100.7.46.1 updated
- libcurl4-7.66.0-150200.4.66.1 updated
- libgcc_s1-13.2.1+git7813-150000.1.6.1 updated
- libicu-suse65_1-65.1-150200.4.10.1 updated
- libicu65_1-ledata-65.1-150200.4.10.1 updated
- libncurses6-6.1-150000.5.20.1 updated
- libnghttp2-14-1.40.0-150200.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.82.1 updated
- libopenssl1_1-1.1.1d-150200.11.82.1 updated
- libprocps8-3.3.17-150000.7.37.1 added
- libpython3_6m1_0-3.6.15-150300.10.51.1 updated
- librados2-16.2.13.66+g54799ee0666-150300.9.1 updated
- librbd1-16.2.13.66+g54799ee0666-150300.9.1 updated
- librgw2-16.2.13.66+g54799ee0666-150300.9.1 updated
- libsolv-tools-0.7.27-150200.23.2 updated
- libsqlite3-0-3.44.0-150000.3.23.1 updated
- libstdc++6-13.2.1+git7813-150000.1.6.1 updated
- libtirpc-netconfig-1.3.4-150300.3.23.1 updated
- libtirpc3-1.3.4-150300.3.23.1 updated
- libxml2-2-2.9.7-150000.3.63.1 updated
- libz1-1.2.11-150000.3.48.1 updated
- libzypp-17.31.27-150200.84.1 updated
- login_defs-4.8.1-150300.4.12.1 updated
- ncurses-utils-6.1-150000.5.20.1 updated
- openssh-clients-8.4p1-150300.3.27.1 updated
- openssh-common-8.4p1-150300.3.27.1 updated
- openssh-fips-8.4p1-150300.3.27.1 updated
- openssh-server-8.4p1-150300.3.27.1 updated
- openssh-8.4p1-150300.3.27.1 updated
- openssl-1_1-1.1.1d-150200.11.82.1 updated
- procps-3.3.17-150000.7.37.1 updated
- psmisc-23.0-150000.6.25.1 updated
- python3-base-3.6.15-150300.10.51.1 updated
- python3-ceph-argparse-16.2.13.66+g54799ee0666-150300.9.1 updated
- python3-ceph-common-16.2.13.66+g54799ee0666-150300.9.1 updated
- python3-cephfs-16.2.13.66+g54799ee0666-150300.9.1 updated
- python3-cryptography-3.3.2-150200.22.1 updated
- python3-cssselect-1.0.3-150000.3.5.1 updated
- python3-curses-3.6.15-150300.10.51.1 updated
- python3-lxml-4.7.1-150200.3.12.1 updated
- python3-rados-16.2.13.66+g54799ee0666-150300.9.1 updated
- python3-rbd-16.2.13.66+g54799ee0666-150300.9.1 updated
- python3-requests-2.25.1-150300.3.6.1 updated
- python3-rgw-16.2.13.66+g54799ee0666-150300.9.1 updated
- python3-urllib3-1.25.10-150300.4.9.1 updated
- python3-websocket-client-1.3.2-150100.6.10.5 updated
- python3-3.6.15-150300.10.51.1 updated
- rbd-mirror-16.2.13.66+g54799ee0666-150300.9.1 updated
- shadow-4.8.1-150300.4.12.1 updated
- suse-module-tools-15.3.17-150300.3.22.1 updated
- terminfo-base-6.1-150000.5.20.1 updated
- zypper-1.14.68-150200.70.2 updated
- container:sles15-image-15.0.0-17.20.236 updated
- libprocps7-3.3.15-150000.7.34.1 removed

SUSE: 2024:154-1 ses/7.1/ceph/ceph Security Update

January 12, 2024
The container ses/7.1/ceph/ceph was updated

Summary

Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3825-1 Released: Wed Sep 27 18:48:53 2023 Summary: Security update for binutils Type: security Severity: important Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important Advisory ID: SUSE-RU-2023:4006-1 Released: Mon Oct 9 08:35:50 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:4027-1 Released: Tue Oct 10 13:59:02 2023 Summary: Security update for shadow Type: security Severity: low Advisory ID: SUSE-SU-2023:4045-1 Released: Wed Oct 11 09:10:43 2023 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2023:4052-1 Released: Wed Oct 11 14:11:55 2023 Summary: Recommended update for babeltrace Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:4158-1 Released: Mon Oct 23 09:52:06 2023 Summary: Security update for suse-module-tools Type: security Severity: important Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate Advisory ID: SUSE-RU-2023:4226-1 Released: Fri Oct 27 11:14:10 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-RU-2023:4535-1 Released: Thu Nov 23 08:17:40 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate Advisory ID: SUSE-RU-2023:4615-1 Released: Wed Nov 29 20:33:38 2023 Summary: Recommended update for icu Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important Advisory ID: SUSE-RU-2023:4644-1 Released: Tue Dec 5 13:46:14 2023 Summary: Recommended update for psmisc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:4890-1 Released: Mon Dec 18 13:00:52 2023 Summary: Recommended update for python-websocket-client Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-SU-2023:4902-1 Released: Tue Dec 19 13:09:42 2023 Summary: Security update for openssh Type: security Severity: important Advisory ID: SUSE-SU-2023:4921-1 Released: Wed Dec 20 09:51:31 2023 Summary: Security update for python-cryptography Type: security Severity: moderate Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate Advisory ID: SUSE-RU-2024:50-1 Released: Mon Jan 8 03:18:56 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate Advisory ID: SUSE-RU-2024:82-1 Released: Thu Jan 11 09:21:29 2024 Summary: Recommended update for ceph Type: recommended Severity: moderate

References

References : 1029961 1041742 1107342 1111622 1158830 1170175 1176785 1184753

1196647 1199282 1200962 1201384 1203760 1205767 1206080 1206480

1206480 1206556 1206684 1206684 1206798 1207853 1208037 1208038

1208040 1208409 1209122 1209275 1209642 1210297 1210335 1210557

1210557 1210660 1210733 1211427 1211427 1211829 1212101 1212101

1212422 1212819 1212910 1213458 1213854 1213915 1213915 1214052

1214052 1214292 1214395 1214460 1214460 1214565 1214567 1214579

1214580 1214604 1214611 1214619 1214620 1214623 1214624 1214625

1214692 1214788 1214806 1215007 1215215 1215286 1215314 1215427

1215434 1215496 1215713 1215889 1215891 1215968 1215979 1216091

1216123 1216129 1216174 1216377 1216378 1216664 1216862 1216922

1216987 1217212 1217472 1217573 1217592 1217695 1217696 1217950

1218014 CVE-2020-19726 CVE-2021-32256 CVE-2022-35205 CVE-2022-35206

CVE-2022-4285 CVE-2022-44840 CVE-2022-45703 CVE-2022-47673 CVE-2022-47695

CVE-2022-47696 CVE-2022-48063 CVE-2022-48064 CVE-2022-48065 CVE-2023-0687

CVE-2023-1579 CVE-2023-1829 CVE-2023-1972 CVE-2023-2137 CVE-2023-2222

CVE-2023-23559 CVE-2023-25585 CVE-2023-25587 CVE-2023-25588 CVE-2023-35945

CVE-2023-38546 CVE-2023-40217 CVE-2023-4039 CVE-2023-4039 CVE-2023-43804

CVE-2023-44487 CVE-2023-45322 CVE-2023-45803 CVE-2023-45853 CVE-2023-46218

CVE-2023-4641 CVE-2023-4813 CVE-2023-48795 CVE-2023-49083 CVE-2023-50495

CVE-2023-5678

1211829,1212819,1212910

This update for glibc fixes the following issues:

- nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)

- Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)

- elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)

- elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)

- ld.so: Always use MAP_COPY to map the first segment (BZ #30452)

- add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)

1200962,1206080,1206556,1208037,1208038,1208040,1208409,1209642,1210297,1210733,1213458,1214565,1214567,1214579,1214580,1214604,1214611,1214619,1214620,1214623,1214624,1214625,CVE-2020-19726,CVE-2021-32256,CVE-2022-35205,CVE-2022-35206,CVE-2022-4285,CVE-2022-44840,CVE-2022-45703,CVE-2022-47673,CVE-2022-47695,CVE-2022-47696,CVE-2022-48063,CVE-2022-48064,CVE-2022-48065,CVE-2023-0687,CVE-2023-1579,CVE-2023-1972,CVE-2023-2222,CVE-2023-25585,CVE-2023-25587,CVE-2023-25588

This update for binutils fixes the following issues:

Update to version 2.41 [jsc#PED-5778]:

* The MIPS port now supports the Sony Interactive Entertainment Allegrex

processor, used with the PlayStation Portable, which implements the MIPS

II ISA along with a single-precision FPU and a few implementation-specific

integer instructions.

* Objdump's --private option can now be used on PE format files to display the

fields in the file header and section headers.

* New versioned release of libsframe: libsframe.so.1. This release introduces

versioned symbols with version node name LIBSFRAME_1.0. This release also

updates the ABI in an incompatible way: this includes removal of

sframe_get_funcdesc_with_addr API, change in the behavior of

sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs.

* SFrame Version 2 is now the default (and only) format version supported by

gas, ld, readelf and objdump.

* Add command-line option, --strip-section-headers, to objcopy and strip to

remove ELF section header from ELF file.

* The RISC-V port now supports the following new standard extensions:

- Zicond (conditional zero instructions)

- Zfa (additional floating-point instructions)

- Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng,

Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions)

* The RISC-V port now supports the following vendor-defined extensions:

- XVentanaCondOps

* Add support for Intel FRED, LKGS and AMX-COMPLEX instructions.

* A new .insn directive is recognized by x86 gas.

* Add SME2 support to the AArch64 port.

* The linker now accepts a command line option of --remap-inputs

= to relace any input file that matches with

. In addition the option --remap-inputs-file= can be used to

specify a file containing any number of these remapping directives.

* The linker command line option --print-map-locals can be used to include

local symbols in a linker map. (ELF targets only).

* For most ELF based targets, if the --enable-linker-version option is used

then the version of the linker will be inserted as a string into the .comment

section.

* The linker script syntax has a new command for output sections: ASCIZ 'string'

This will insert a zero-terminated string at the current location.

* Add command-line option, -z nosectionheader, to omit ELF section

header.

- Contains fixes for these non-CVEs (not security bugs per upstreams

SECURITY.md):

* bsc#1209642 aka CVE-2023-1579 aka PR29988

* bsc#1210297 aka CVE-2023-1972 aka PR30285

* bsc#1210733 aka CVE-2023-2222 aka PR29936

* bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc)

* bsc#1214565 aka CVE-2020-19726 aka PR26240

* bsc#1214567 aka CVE-2022-35206 aka PR29290

* bsc#1214579 aka CVE-2022-35205 aka PR29289

* bsc#1214580 aka CVE-2022-44840 aka PR29732

* bsc#1214604 aka CVE-2022-45703 aka PR29799

* bsc#1214611 aka CVE-2022-48065 aka PR29925

* bsc#1214619 aka CVE-2022-48064 aka PR29922

* bsc#1214620 aka CVE-2022-48063 aka PR29924

* bsc#1214623 aka CVE-2022-47696 aka PR29677

* bsc#1214624 aka CVE-2022-47695 aka PR29846

* bsc#1214625 aka CVE-2022-47673 aka PR29876

- This only existed only for a very short while in SLE-15, as the main

variant in devel:gcc subsumed this in binutils-revert-rela.diff.

Hence:

- Document fixed CVEs:

* bsc#1208037 aka CVE-2023-25588 aka PR29677

* bsc#1208038 aka CVE-2023-25587 aka PR29846

* bsc#1208040 aka CVE-2023-25585 aka PR29892

* bsc#1208409 aka CVE-2023-0687 aka PR29444

- Enable bpf-none cross target and add bpf-none to the multitarget

set of supported targets.

- Disable packed-relative-relocs for old codestreams. They generate

buggy relocations when binutils-revert-rela.diff is active.

[bsc#1206556]

- Disable ZSTD debug section compress by default.

- Enable zstd compression algorithm (instead of zlib)

for debug info sections by default.

- Pack libgprofng only for supported platforms.

- Move libgprofng-related libraries to the proper locations (packages).

- Add --without=bootstrap for skipping of bootstrap (faster testing

of the package).

- Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515]

Update to version 2.40:

* Objdump has a new command line option --show-all-symbols which will make it

display all symbols that match a given address when disassembling. (Normally

only the first symbol that matches an address is shown).

* Add --enable-colored-disassembly configure time option to enable colored

disassembly output by default, if the output device is a terminal. Note,

this configure option is disabled by default.

* DCO signed contributions are now accepted.

* objcopy --decompress-debug-sections now supports zstd compressed debug

sections. The new option --compress-debug-sections=zstd compresses debug

sections with zstd.

* addr2line and objdump --dwarf now support zstd compressed debug sections.

* The dlltool program now accepts --deterministic-libraries and

--non-deterministic-libraries as command line options to control whether or

not it generates deterministic output libraries. If neither of these options

are used the default is whatever was set when the binutils were configured.

* readelf and objdump now have a newly added option --sframe which dumps the

SFrame section.

* Add support for Intel RAO-INT instructions.

* Add support for Intel AVX-NE-CONVERT instructions.

* Add support for Intel MSRLIST instructions.

* Add support for Intel WRMSRNS instructions.

* Add support for Intel CMPccXADD instructions.

* Add support for Intel AVX-VNNI-INT8 instructions.

* Add support for Intel AVX-IFMA instructions.

* Add support for Intel PREFETCHI instructions.

* Add support for Intel AMX-FP16 instructions.

* gas now supports --compress-debug-sections=zstd to compress

debug sections with zstd.

* Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}

that selects the default compression algorithm

for --enable-compressed-debug-sections.

* Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs,

XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx,

XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head

ISA manual, which are implemented in the Allwinner D1.

* Add support for the RISC-V Zawrs extension, version 1.0-rc4.

* Add support for Cortex-X1C for Arm.

* New command line option --gsframe to generate SFrame unwind information

on x86_64 and aarch64 targets.

* The linker has a new command line option to suppress the generation of any

warning or error messages. This can be useful when there is a need to create

a known non-working binary. The option is -w or --no-warnings.

* ld now supports zstd compressed debug sections. The new option

--compress-debug-sections=zstd compresses debug sections with zstd.

* Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}

that selects the default compression algorithm

for --enable-compressed-debug-sections.

* Remove support for -z bndplt (MPX prefix instructions).

- Includes fixes for these CVEs:

* bsc#1206080 aka CVE-2022-4285 aka PR29699

- Enable by default: --enable-colored-disassembly.

- fix build on x86_64_vX platforms

1214692,CVE-2023-40217

This update for python3 fixes the following issues:

- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).

1215713,CVE-2023-35945

This update for nghttp2 fixes the following issues:

- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).

1213854,1214292,1214395,1215007

This update for zypper fixes the following issues:

- Fix name of the bash completion script (bsc#1215007)

- Update notes about failing signature checks (bsc#1214395)

- Improve the SIGINT handler to be signal safe (bsc#1214292)

- Update to version 1.14.64

- Changed location of bash completion script (bsc#1213854).

1214806,CVE-2023-4641

This update for shadow fixes the following issues:

- CVE-2023-4641: Fixed potential password leak (bsc#1214806).

1215889,CVE-2023-38546

This update for curl fixes the following issues:

- CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889).

1209275

This update ships missing babeltrace-devel to the Basesystem module

to allow building gdb source rpms. (bsc#1209275)

1215968,CVE-2023-43804

This update for python-urllib3 fixes the following issues:

- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if

the user manually set the corresponding header (bsc#1215968).

1215286,1215891,CVE-2023-4813

This update for glibc fixes the following issues:

Security issue fixed:

- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)

Also a regression from a previous update was fixed:

- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)

1107342,1215434

This update for aaa_base fixes the following issues:

- Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342)

1205767,1207853,1210335,CVE-2023-1829,CVE-2023-23559

This update for suse-module-tools fixes the following issues:

- Updated to version 15.3.17:

- CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier

module (bsc#1210335).

- CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules

(bsc#1205767, jsc#PED-5731).

- Updated to version 15.3.16:

- Fixed a build issue for s390x (bsc#1207853).

1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039

This update for gcc13 fixes the following issues:

This update ship the GCC 13.2 compiler suite and its base libraries.

The compiler base libraries are provided for all SUSE Linux Enterprise 15

versions and replace the same named GCC 12 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux

Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.

The Go, D, Ada and Modula 2 language compiler parts are available

unsupported via the PackageHub repositories.

To use gcc13 compilers use:

- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.

- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.

For a full changelog with all new GCC13 features, check out

https://gcc.gnu.org/gcc-13/changes.html

Detailed changes:

* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable

length stack allocations. (bsc#1214052)

- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]

- Also handle -static-pie in the default-PIE specs

- Fixed missed optimization in Skia resulting in Firefox crashes when

building with LTO. [bsc#1212101]

- Make libstdc++6-devel packages own their directories since they

can be installed standalone. [bsc#1211427]

- Add new x86-related intrinsics (amxcomplexintrin.h).

- RISC-V: Add support for inlining subword atomic operations

- Use --enable-link-serialization rather that --enable-link-mutex,

the benefit of the former one is that the linker jobs are not

holding tokens of the make's jobserver.

- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd

for the general state of BPF with GCC.

- Add bootstrap conditional to allow --without=bootstrap to be

specified to speed up local builds for testing.

- Bump included newlib to version 4.3.0.

- Also package libhwasan_preinit.o on aarch64.

- Configure external timezone database provided by the timezone

package. Make libstdc++6 recommend timezone to get a fully

working std::chrono. Install timezone when running the testsuite.

- Package libhwasan_preinit.o on x86_64.

- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]

- Enable PRU flavour for gcc13

- update floatn fixinclude pickup to check each header separately (bsc#1206480)

- Redo floatn fixinclude pick-up to simply keep what is there.

- Bump libgo SONAME to libgo22.

- Do not package libhwasan for biarch (32-bit architecture)

as the extension depends on 64-bit pointers.

- Adjust floatn fixincludes guard to work with SLE12 and earlier

SLE15.

- Depend on at least LLVM 13 for GCN cross compiler.

- Update embedded newlib to version 4.2.0

- Allow cross-pru-gcc12-bootstrap for armv7l architecture.

PRU architecture is used for real-time MCUs embedded into TI

armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for

armv7l in order to build both host applications and PRU firmware

during the same build.

1216123,1216174,CVE-2023-44487

This update for nghttp2 fixes the following issues:

- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)

1216378,CVE-2023-45853

This update for zlib fixes the following issues:

- CVE-2023-45853: Fixed an integer overflow that would lead to a

buffer overflow in the minizip subcomponent (bsc#1216378).

1215215

This update for openssl-1_1 fixes the following issues:

- Displays 'fips' in the version string (bsc#1215215)

1196647

This Update for libtirpc to 1.3.4, fixing the following issues:

Update to 1.3.4 (bsc#1199467)

* binddynport.c honor ip_local_reserved_ports

- replaces: binddynport-honor-ip_local_reserved_ports.patch

* gss-api: expose gss major/minor error in authgss_refresh()

* rpcb_clnt.c: Eliminate double frees in delete_cache()

* rpcb_clnt.c: memory leak in destroy_addr

* portmapper: allow TCP-only portmapper

* getnetconfigent: avoid potential DoS issue by removing unnecessary sleep

* clnt_raw.c: fix a possible null pointer dereference

* bindresvport.c: fix a potential resource leakage

Update to 1.3.3:

* Fix DoS vulnerability in libtirpc

- replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch

* _rpc_dtablesize: use portable system call

* libtirpc: Fix use-after-free accessing the error number

* Fix potential memory leak of parms.r_addr

- replaces 0001-fix-parms.r_addr-memory-leak.patch

* rpcb_clnt.c add mechanism to try v2 protocol first

- preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch

* Eliminate deadlocks in connects with an MT environment

* clnt_dg_freeres() uncleared set active state may deadlock

* thread safe clnt destruction

* SUNRPC: mutexed access blacklist_read state variable

* SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c

Update to 1.3.2:

* Replace the final SunRPC licenses with BSD licenses

* blacklist: Add a few more well known ports

* libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS

Update to 1.3.1:

* Remove AUTH_DES interfaces from auth_des.h

The unsupported AUTH_DES authentication has be

compiled out since commit d918e41d889 (Wed Oct 9 2019)

replaced by API routines that return errors.

* svc_dg: Free xp_netid during destroy

* Fix memory management issues of fd locks

* libtirpc: replace array with list for per-fd locks

* __svc_vc_dodestroy: fix double free of xp_ltaddr.buf

* __rpc_dtbsize: rlim_cur instead of rlim_max

* pkg-config: use the correct replacements for libdir/includedir

1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039

This update for gcc13 fixes the following issues:

This update ship the GCC 13.2 compiler suite and its base libraries.

The compiler base libraries are provided for all SUSE Linux Enterprise 15

versions and replace the same named GCC 12 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux

Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.

The Go, D, Ada and Modula 2 language compiler parts are available

unsupported via the PackageHub repositories.

To use gcc13 compilers use:

- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.

- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.

For a full changelog with all new GCC13 features, check out

https://gcc.gnu.org/gcc-13/changes.html

Detailed changes:

* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable

length stack allocations. (bsc#1214052)

- Work around third party app crash during C++ standard library initialization. [bsc#1216664]

- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)

- Bump included newlib to version 4.3.0.

- Update to GCC trunk head (r13-5254-g05b9868b182bb9)

- Redo floatn fixinclude pick-up to simply keep what is there.

- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]

- Also handle -static-pie in the default-PIE specs

- Fixed missed optimization in Skia resulting in Firefox crashes when

building with LTO. [bsc#1212101]

- Make libstdc++6-devel packages own their directories since they

can be installed standalone. [bsc#1211427]

- Add new x86-related intrinsics (amxcomplexintrin.h).

- RISC-V: Add support for inlining subword atomic operations

- Use --enable-link-serialization rather that --enable-link-mutex,

the benefit of the former one is that the linker jobs are not

holding tokens of the make's jobserver.

- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd

for the general state of BPF with GCC.

- Add bootstrap conditional to allow --without=bootstrap to be

specified to speed up local builds for testing.

- Bump included newlib to version 4.3.0.

- Also package libhwasan_preinit.o on aarch64.

- Configure external timezone database provided by the timezone

package. Make libstdc++6 recommend timezone to get a fully

working std::chrono. Install timezone when running the testsuite.

- Package libhwasan_preinit.o on x86_64.

- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]

- Enable PRU flavour for gcc13

- update floatn fixinclude pickup to check each header separately (bsc#1206480)

- Redo floatn fixinclude pick-up to simply keep what is there.

- Bump libgo SONAME to libgo22.

- Do not package libhwasan for biarch (32-bit architecture)

as the extension depends on 64-bit pointers.

- Adjust floatn fixincludes guard to work with SLE12 and earlier

SLE15.

- Depend on at least LLVM 13 for GCN cross compiler.

- Update embedded newlib to version 4.2.0

- Allow cross-pru-gcc12-bootstrap for armv7l architecture.

PRU architecture is used for real-time MCUs embedded into TI

armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for

armv7l in order to build both host applications and PRU firmware

during the same build.

1216129,CVE-2023-45322

This update for libxml2 fixes the following issues:

- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).

1216377,CVE-2023-45803

This update for python-urllib3 fixes the following issues:

- CVE-2023-45803: Fix a request body leak that could occur when

receiving a 303 HTTP response (bsc#1216377).

1216922,CVE-2023-5678

This update for openssl-1_1 fixes the following issues:

- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).

1041742,1203760,1212422,1215979,1216091

This update for libzypp, zypper fixes the following issues:

- Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091)

- Fix comment typo on zypp.conf (bsc#1215979)

- Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742)

- Make sure the old target is deleted before a new one is created (bsc#1203760)

- Return 104 also if info suggests near matches

- Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422)

- commit: Insert a headline to separate output of different rpm scripts (bsc#1041742)

1111622,1170175,1176785,1184753,1199282

This update for python-psutil, python-requests fixes the following issues:

- update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043)

- Fix tests: setuptools changed the builddir library path and does not find the

module from it. Use the installed platlib instead and exclude psutil.tests only later.

- remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS

- Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192)

- Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622).

1217472

This update of icu fixes the following issue:

- missing 32bit libraries in SLES 15 SP3 were added, required by xerces-c 32bit.

1210660,CVE-2023-2137

This update for sqlite3 fixes the following issues:

- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).

This update for psmisc fixes the following issues:

- Fix version number when building the package

1217212

This update for gpg2 fixes the following issues:

- `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212)

1217573,CVE-2023-46218

This update for curl fixes the following issues:

- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).

1216862

This update for libtirpc fixes the following issue:

- fix sed parsing in specfile (bsc#1216862)

1215314

This update for python-websocket-client fixes the following issues:

- Re-enable Python 3.6 to fix pip3 install (bsc#1215314)

1201384,1218014,CVE-2023-50495

This update for ncurses fixes the following issues:

- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)

- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)

1214788,1217950,CVE-2023-48795

This update for openssh fixes the following issues:

- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).

the following non-security bug was fixed:

- Fix the 'no route to host' error when connecting via ProxyJump

1217592,CVE-2023-49083

This update for python-cryptography fixes the following issues:

- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).

1216987

This update for curl fixes the following issues:

- libssh: Implement SFTP packet size limit (bsc#1216987)

1029961,1158830,1206798,1209122

This update for procps fixes the following issues:

- Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)

- For support up to 2048 CPU as well (bsc#1185417)

- Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)

- Get the first CPU summary correct (bsc#1121753)

- Enable pidof for SLE-15 as this is provided by sysvinit-tools

- Use a check on syscall __NR_pidfd_open to decide if

the pwait tool and its manual page will be build

- Do not truncate output of w with option -n

- Prefer logind over utmp (jsc#PED-3144)

- Don't install translated man pages for non-installed binaries

(uptime, kill).

- Fix directory for Ukrainian man pages translations.

- Move localized man pages to lang package.

- Update to procps-ng-3.3.17

* library: Incremented to 8:3:0

(no removals or additions, internal changes only)

* all: properly handle utf8 cmdline translations

* kill: Pass int to signalled process

* pgrep: Pass int to signalled process

* pgrep: Check sanity of SG_ARG_MAX

* pgrep: Add older than selection

* pidof: Quiet mode

* pidof: show worker threads

* ps.1: Mention stime alias

* ps: check also match on truncated 16 char comm names

* ps: Add exe output option

* ps: A lot more sorting available

* pwait: New command waits for a process

* sysctl: Match systemd directory order

* sysctl: Document directory order

* top: ensure config file backward compatibility

* top: add command line 'e' for symmetry with 'E'

* top: add '4' toggle for two abreast cpu display

* top: add '!' toggle for combining multiple cpus

* top: fix potential SEGV involving -p switch

* vmstat: Wide mode gives wider proc columns

* watch: Add environment variable for interval

* watch: Add no linewrap option

* watch: Support more colors

* free,uptime,slabtop: complain about extra ops

- Package translations in procps-lang.

- Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.

- Enable pidof by default

- Update to procps-ng-3.3.16

* library: Increment to 8:2:0

No removals or functions

Internal changes only, so revision is incremented.

Previous version should have been 8:1:0 not 8:0:1

* docs: Use correct symbols for -h option in free.1

* docs: ps.1 now warns about command name length

* docs: install translated man pages

* pgrep: Match on runstate

* snice: Fix matching on pid

* top: can now exploit 256-color terminals

* top: preserves 'other filters' in configuration file

* top: can now collapse/expand forest view children

* top: parent %CPU time includes collapsed children

* top: improve xterm support for vim navigation keys

* top: avoid segmentation fault at program termination

* 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830)

1217695,1217696

This update for python-instance-billing-flavor-check fixes the following issues:

- Run the command as sudo only (bsc#1217696, bsc#1217695)

- Handle exception for Python 3.4

1215496

This update for libxcrypt fixes the following issues:

- fix variable name for datamember [bsc#1215496]

- added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2

This update for ceph fixes the following issues:

- Fix build versioning to resolve installation conflicts (no source code changes)

The following package changes have been done:

- aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 updated

- babeltrace-1.5.8-150300.3.2.1 updated

- binutils-2.41-150100.7.46.1 updated

- ceph-base-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-common-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-grafana-dashboards-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-mds-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-mgr-cephadm-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-mgr-dashboard-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-mgr-modules-core-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-mgr-rook-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-mgr-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-mon-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-osd-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-prometheus-alerts-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-radosgw-16.2.13.66+g54799ee0666-150300.9.1 updated

- cephadm-16.2.13.66+g54799ee0666-150300.9.1 updated

- ceph-16.2.13.66+g54799ee0666-150300.9.1 updated

- glibc-locale-base-2.31-150300.63.1 updated

- glibc-2.31-150300.63.1 updated

- gpg2-2.2.27-150300.3.8.1 updated

- libcephfs2-16.2.13.66+g54799ee0666-150300.9.1 updated

- libcephsqlite-16.2.13.66+g54799ee0666-150300.9.1 updated

- libcrypt1-4.4.15-150300.4.7.1 updated

- libctf-nobfd0-2.41-150100.7.46.1 updated

- libctf0-2.41-150100.7.46.1 updated

- libcurl4-7.66.0-150200.4.66.1 updated

- libgcc_s1-13.2.1+git7813-150000.1.6.1 updated

- libicu-suse65_1-65.1-150200.4.10.1 updated

- libicu65_1-ledata-65.1-150200.4.10.1 updated

- libncurses6-6.1-150000.5.20.1 updated

- libnghttp2-14-1.40.0-150200.12.1 updated

- libopenssl1_1-hmac-1.1.1d-150200.11.82.1 updated

- libopenssl1_1-1.1.1d-150200.11.82.1 updated

- libprocps8-3.3.17-150000.7.37.1 added

- libpython3_6m1_0-3.6.15-150300.10.51.1 updated

- librados2-16.2.13.66+g54799ee0666-150300.9.1 updated

- librbd1-16.2.13.66+g54799ee0666-150300.9.1 updated

- librgw2-16.2.13.66+g54799ee0666-150300.9.1 updated

- libsolv-tools-0.7.27-150200.23.2 updated

- libsqlite3-0-3.44.0-150000.3.23.1 updated

- libstdc++6-13.2.1+git7813-150000.1.6.1 updated

- libtirpc-netconfig-1.3.4-150300.3.23.1 updated

- libtirpc3-1.3.4-150300.3.23.1 updated

- libxml2-2-2.9.7-150000.3.63.1 updated

- libz1-1.2.11-150000.3.48.1 updated

- libzypp-17.31.27-150200.84.1 updated

- login_defs-4.8.1-150300.4.12.1 updated

- ncurses-utils-6.1-150000.5.20.1 updated

- openssh-clients-8.4p1-150300.3.27.1 updated

- openssh-common-8.4p1-150300.3.27.1 updated

- openssh-fips-8.4p1-150300.3.27.1 updated

- openssh-server-8.4p1-150300.3.27.1 updated

- openssh-8.4p1-150300.3.27.1 updated

- openssl-1_1-1.1.1d-150200.11.82.1 updated

- procps-3.3.17-150000.7.37.1 updated

- psmisc-23.0-150000.6.25.1 updated

- python3-base-3.6.15-150300.10.51.1 updated

- python3-ceph-argparse-16.2.13.66+g54799ee0666-150300.9.1 updated

- python3-ceph-common-16.2.13.66+g54799ee0666-150300.9.1 updated

- python3-cephfs-16.2.13.66+g54799ee0666-150300.9.1 updated

- python3-cryptography-3.3.2-150200.22.1 updated

- python3-cssselect-1.0.3-150000.3.5.1 updated

- python3-curses-3.6.15-150300.10.51.1 updated

- python3-lxml-4.7.1-150200.3.12.1 updated

- python3-rados-16.2.13.66+g54799ee0666-150300.9.1 updated

- python3-rbd-16.2.13.66+g54799ee0666-150300.9.1 updated

- python3-requests-2.25.1-150300.3.6.1 updated

- python3-rgw-16.2.13.66+g54799ee0666-150300.9.1 updated

- python3-urllib3-1.25.10-150300.4.9.1 updated

- python3-websocket-client-1.3.2-150100.6.10.5 updated

- python3-3.6.15-150300.10.51.1 updated

- rbd-mirror-16.2.13.66+g54799ee0666-150300.9.1 updated

- shadow-4.8.1-150300.4.12.1 updated

- suse-module-tools-15.3.17-150300.3.22.1 updated

- terminfo-base-6.1-150000.5.20.1 updated

- zypper-1.14.68-150200.70.2 updated

- container:sles15-image-15.0.0-17.20.236 updated

- libprocps7-3.3.15-150000.7.34.1 removed

Severity
Container Advisory ID : SUSE-CU-2024:154-1
Container Tags : ses/7.1/ceph/ceph:16.2.13.66 , ses/7.1/ceph/ceph:16.2.13.66.4.9.1 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific
Container Release : 4.9.1
Severity : important
Type : security

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo