Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 11 articles for you...
217
security advisorymoderateupdateOracle Linux 8 ELSA-2025-1306 Moderate: GCC-Toolset Security Updates
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-1306 http://linux.oracle.com/errata/ELSA-2025-1306.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: gcc-toolset-13-gcc-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-gcc-c++-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-gcc-gfortran-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-gcc-plugin-annobin-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-gcc-plugin-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-gcc-plugin-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libasan-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libasan-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libatomic-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libatomic-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libgccjit-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libgccjit-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libgccjit-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libgccjit-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libitm-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libitm-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-liblsan-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libquadmath-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libquadmath-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libstdc++-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libstdc++-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libstdc++-docs-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libtsan-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libubsan-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libubsan-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-offload-nvptx-13.3.1-2.2.0.1.el8_10.x86_64.rpm libasan8-13.3.1-2.2.0.1.el8_10.i686.rpm libasan8-13.3.1-2.2.0.1.el8_10.x86_64.rpm libtsan2-13.3.1-2.2.0.1.el8_10.x86_64.rpm aarch64: gcc-toolset-13-gcc-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-gcc-c++-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-gcc-gfortran-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-gcc-plugin-annobin-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-gcc-plugin-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libasan-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libatomic-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libgccjit-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libgccjit-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libitm-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-liblsan-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libstdc++-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libstdc++-docs-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libtsan-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libubsan-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm libasan8-13.3.1-2.2.0.1.el8_10.aarch64.rpm libtsan2-13.3.1-2.2.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//gcc-toolset-13-gcc-13.3.1-2.2.0.1.el8_10.src.rpm Related CVEs: CVE-2020-11023 Description of changes: [13.3.1-2.2.0.1] - Merge Oracle patches to 13.3.1-2.2. gfortran needs install-info at installation time. Orabug: 36472775 [13.3.1-2.2] - disable jQuery use, don't ship jquery.js (CVE-2020-11023, RHEL-78279) _______________________________________________ El-errata mailing list
Feb 14, 2025
Oracle
100
security advisorysecurity updateimportantSUSE: 2023:3170-1 Important: Proxy Squid Security Update
The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:3170-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.8 , suse/manager/4.3/proxy-squid:4.3.8.9.36.1 , suse/manager/4.3/proxy-squid:latest , suse/manager/4.3/proxy-squid:susemanager-4.3.8 , suse/manager/4.3/proxy-squid:susemanager-4.3.8.9.36.1 Container Release : 9.36.1 Severity : important Type : security References : 1186606 1194038 1194609 1194900 1195391 1201519 1204844 1205161 1206627 1207778 1208194 1209741 1210702 1211576 1212434 1213185 1213189 1213240 1213517 1213575 1213853 1213873 1214052 1214054 1214140 1214768 CVE-2023-36054 CVE-2023-3817 CVE-2023-39615 CVE-2023-4039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3285-1 Released: Fri Aug 11 10:30:38 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3286-1 Released: Fri Aug 11 10:32:03 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1194900 This update for util-linux fixes the following issues: - Fix blkid for floppy drives (bsc#1194900) - Fix rpmbuild %checks fail when @ in the directory path(bsc#1194038) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3363-1 Released: Fri Aug 18 14:54:16 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3397-1 Released: Wed Aug 23 18:35:56 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) - Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873 This update for systemd fixes the following issues: - Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575) - Decrease devlink priority for iso disks (bsc#1213185) - Do not ignore mount point paths longer than 255 characters(bsc#1208194) - Refuse hibernation if there's no possible way to resume (bsc#1186606) - Update 'korean' and 'arabic' keyboard layouts (bsc#1210702) - Drop some entries no longer needed by YaST (bsc#1194609) - The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741) - Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3699-1 Released: Wed Sep 20 11:02:50 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). The following package changes have been done: - libuuid1-2.37.2-150400.8.20.1 updated - libsmartcols1-2.37.2-150400.8.20.1 updated -libblkid1-2.37.2-150400.8.20.1 updated - libaudit1-3.0.6-150400.4.13.1 updated - libfdisk1-2.37.2-150400.8.20.1 updated - libgcc_s1-12.3.0+git1204-150000.1.16.1 updated - libstdc++6-12.3.0+git1204-150000.1.16.1 updated - libxml2-2-2.9.14-150400.5.22.1 updated - libsystemd0-249.16-150400.8.33.1 updated - libopenssl1_1-1.1.1l-150400.7.53.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.53.1 updated - libmount1-2.37.2-150400.8.20.1 updated - krb5-1.19.2-150400.3.6.1 updated - login_defs-4.8.1-150400.10.9.1 updated - shadow-4.8.1-150400.10.9.1 updated - sysuser-shadow-3.2-150400.3.5.3 updated - util-linux-2.37.2-150400.8.20.1 updated . SUSE Container Notification for Proxy Squid includes critical security enhancements and resolutions for various packages detected.. SUSE Manager, Proxy Squid Update, Important Security Fixes. . Severity: Important. LinuxSecurity.com Team
Sep 28, 2023
•Important
SuSE
100
security advisorymemory corruptionmoderate severitySUSE Container: 2023:1530-1 Moderate: bci/rust Security Update
The container bci/rust was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1530-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.6 , bci/rust:latest Container Release : 2.6 Severity : moderate Type : security References : 1206513 1210434 CVE-2023-29491 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) The following package changes have been done: - libz1-1.2.11-150000.3.42.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - container:sles15-image-15.0.0-27.14.59 updated . SUSE Container Notification 2023:1530-2 details enhancements for bci/python, featuring fixes for vulnerabilities.. bci/rust update, SUSE container security, bci/rust patches. . LinuxSecurity.com Team
May 11, 2023
SuSE
98
security advisoryimportantsoftware enhancementRed Hat OpenShift 4.10: RHSA-2023:1154 Important Memory Growth Issues
Red Hat OpenShift Container Platform release 4.10.54 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: OpenShift Container Platform 4.10.54 security update Advisory ID: RHSA-2023:1154-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:1154 Issue date: 2023-03-16 CVE Names: CVE-2021-4238 CVE-2022-41717 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.10.54 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.54. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2023:1153 Security Fix(es): * goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238) * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other relatedinformation, refer to the CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.10, see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/release_notes/ocp-4-10-release-notes You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. The sha values for the release are (For x86_64 architecture) The image digest is sha256:b13ee67469f7f85a1b1daf57424f3c7c02c3a188cb640dc6284742091a7e6d50 (For s390x architecture) The image digest is sha256:4c776be05c475ee885829444509258b486d79d8128e12d6d2263ab7cdef83ce8 (For ppc64le architecture) The image digest is sha256:2d4e0af6ca2afc8c10d210aa520aba602618f3fad4cb42636bddb57b1f0ce425 (For aarch64 architecture) The image digest is sha256:7cadaaf6e0f71645864963e6c47c75852ce68aff80c963dfba2ddf51c0b836c4 All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.10/html/updating_clusters/updating-cluster-cli 4. Bugs fixed (https://bugzilla.redhat.com/): 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://issues.redhat.com/): OCPBUGS-3997 - [4.10] provisioning interface on master node not getting ipv4dhcp ip address from bootstrap dhcp server on OCP IPI BareMetal install OCPBUGS-4341 - oc get dc fails when AllRequestBodies audit-profile is set in apiserver OCPBUGS-5977 - Implement LIST call chunking in openshift-sdn OCPBUGS-7657 - Editing Pipeline in the ocp console to get information error OCPBUGS-7741 - [release-4.11] fail early on missing node status envs OCPBUGS-7795 - thanos-ruler-user-workload-1 pod is getting repeatedly re-created after upgrade do 4.10.41 OCPBUGS-7815 - [release-4.10] [AWS EFS] NFS mount disconnects and becomes unavailable. OCPBUGS-7827 - set default timeouts in etcdcli OCPBUGS-7831 - PTP BC: Unexpected openshift_ptp_clock_state metric added in FREERUN state after bringing down and up a ptp slave interface OCPBUGS-7997 - PTP 4.12 Regression - CLOCK REALTIME status is locked when physical interface is down OCPBUGS-8020 - Azure Disk volume is taking time to attach/detach 6. References: https://access.redhat.com/security/cve/CVE-2021-4238 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBLe5tzjgjWX9erEAQhA4g//TGys159MdqutZY0CjUWfpF3H7rc1yLML skq9MCCDPxTRSiEelRPESiZJMS0q6kTVa9imRyh801eIVeh+pDSjdtEIpt4fgDA9 C/Bz5cXuhOcM8O64KdhDGCxz6a+eTfiKhb4QfmsdsQNp+kgGRt2L5ZDtuxru3I09 Jk3qFWCTnFPg6oyyNjvEeFo7AsOS2+pCmTg9t5RlDux0LOZOaZMprZK1YnnnjbWq /wp8aV/OHyLa2C9Y3hxc0nIWxuIpluZbNADeAj4RFGh9sXzPp132ZVcCVNB2dxNv zOD2pk7cIR0dpKQXd/hAgq01r4EPGBb8GbOD7ot3EUsyOtUPxVUoJCM3sfd0utR8 xbPvoApPOnKgyIHmGPNQRTiPgPGHBLpn2u4h14veKKu0IaP+IbZkUZgx8k8Y+/Kw RiSaWpUSR/Lmx78IGsgGwVB2GPhETbM5Iy6dCI2o3IhcsEWHYcZM9Wxz/sXrvf3H kf+DySNGqLnU60Bp3hJOJ5xov2caIRgr2VaHkUzXNVLIHh/2l6HOWNg3fVtAgg3a 97eUdGQs+fdy6o+b9acg0hc+7g69PujvKCat1uuarBFYw4A+I+aoqDMwnwmodBmG Cpe2b2rtPuY4JgLa9C8GUwTTlLAKtkUxcK8wxYnSPkNHuoS5eKy+1L2SI59j3wVV kxrlc7O6pCg=olEr -----ENDPGP SIGNATURE----- -- RHSA-announce mailing list
Mar 16, 2023
•Important
Red Hat
98
security advisoryRed Hatsecurity fixRed Hat OpenShift 4.12.4 Moderate Update: Security Fixes and Enhancements
Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.12.4 security update Advisory ID: RHSA-2023:0769-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:0769 Issue date: 2023-02-20 CVE Names: CVE-2014-3577 CVE-2021-21684 CVE-2021-41190 CVE-2021-41772 CVE-2021-44716 CVE-2021-44717 CVE-2022-0532 CVE-2022-2879 CVE-2022-2880 CVE-2022-4337 CVE-2022-4338 CVE-2022-23521 CVE-2022-41715 CVE-2022-41717 CVE-2022-41903 CVE-2022-47629 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.12.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer tothe CVE page(s) listed in the References section. 3. Solution: For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes/ocp-4-12-release-notes You can download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests can be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. The sha values for the release are: (For x86_64 architecture) The image digest is sha256:bbf1f27e5942a2f7a0f298606029d10600ba0462a09ab654f006ce14d314cb2c (For s390x architecture) The image digest is sha256:12e389281c05ba0589197af676dd460f668da162181cb8f3edb8f27101d14c39 (For ppc64le architecture) The image digest is sha256:853c1577bcb33350c0c19a535c14965bdeee4c6a471dd988f08ae241b866c8fc (For aarch64 architecture) The image digest is sha256:2a7f99c2814704b2bbb1ba4c06ce87c50384f87fb120b71d02a2f6bca8c867c6 All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/updating_clusters/updating-cluster-cli 4. Bugs fixed (https://bugzilla.redhat.com/): 2091214 - Pods are unable to start due to error "Failed to set quota limit for projid xxxxx on /var/lib/containers/storage/overlay/backingFsBlockDev: no such file or directory 2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): OCPBUGS-4778 - CNO in HyperShift reports upgradecomplete in clusteroperator prematurely OCPBUGS-6260 - Catalog, fatal error: concurrent map read and map write OCPBUGS-6637 - [4.12] Can't reach own service when egress netpol are enabled OCPBUGS-6779 - WebScale: configure-ovs.sh fails because it picks the wrong default interface OCPBUGS-6788 - [vsphere-problem-detector] fully qualified username must be used when checking permissions OCPBUGS-6807 - Platform baremetal warnings during create image when fields not defined OCPBUGS-6973 - [IPI] Baremetal ovs-configure.sh script fails to start secondary bridge br-ex1 OCPBUGS-7044 - Nodes unready in PublicAndPrivate / Private Hypershift setups behind a proxy OCPBUGS-7208 - When setting allowedRegistries urls the openshift-samples operator is degraded OCPBUGS-7227 - update sdn 4.12 branch build config OCPBUGS-7230 - [4.12] Index violation on IGMP_Group during upgrade from 4.12.0 to 4.12.1 OCPBUGS-7285 - [4.12] Hypershift failing new SCC conformance tests 6. References: https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2021-21684 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2022-0532 https://access.redhat.com/security/cve/CVE-2022-2879 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-4337 https://access.redhat.com/security/cve/CVE-2022-4338 https://access.redhat.com/security/cve/CVE-2022-23521 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-41903 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/updates/classification/#moderate 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 RedHat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/QQRNzjgjWX9erEAQgSOg//X7f2TGGu+9SGJCXbkC0rBIsdRf/aM1/H fsRNTFpc/HiiINd6kxVt1NoyoJm02AnBS5KwrvfisRqvSl6B1Rj0urzyNeY4LA0z /C5pmO+3Xxd9d5tp+5KY66pdeos9UHhhG/WDwHq7Qnn97eJZ2ZMRFxgTc57fV2GW gXBFxu3jrzJRZWTE8kTcthXpffS8/S4BaoTFhS/sjupaSoxgnHjAPqlyhuIYSTLI 0osCot2bmjI8K6Mr6jR4+HdXPkcYaBAbk1GikKETlNyout9Z/X8c9XwrWEEF4NcD zbsEwdzFI1s4l2m69EmJrRui5fwfzGg5PHu6Ok8wLzEyJTspfUit+K0V42bpz3PC J3E9yQyWv7pdvLq724tbdsHGjHpBS894zw6IAZ+7k95NjDclfHC+Zfx+OnkxlFzj Vjmk3spSMgiZh5micIdg8mhXh7k97quSNeBVmvAQTFkFUYWsKnOwcZ+CFyMC+Qmx IZGpbqnkBw4WJc9BsRY4eBRzORjSiUPnjm9Sgp83n8m2aaofWM/TBHRo9bsiq6wS xD94FcGf97KneKlBIM8e5NI9lGPn9CrSYaCVx2fm0DU2ViVJTMpiKHJbf7g1bRa7 1T4tFZpspI0JPTUMikTc4PcDh7kCcKN4iLiMMCut1VsLSgWEOOSkDRX+yWQz5bIy 39M8aVmxsyY=CaUn -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 21, 2023
Red Hat
98
security advisorycriticalauthentication bypassOpenShift 4.9.55 RHSA-2023:0574 Critical: Authentication Bypass
Red Hat OpenShift Container Platform release 4.9.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: OpenShift Container Platform 4.9.55 security update Advisory ID: RHSA-2023:0574-02 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2023:0574 Issue date: 2023-02-13 CVE Names: CVE-2021-4238 CVE-2022-41912 CVE-2023-0296 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.9.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.55. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2023:0573 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: Security Fix(es): * crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements (CVE-2022-41912) * goutils:RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be (CVE-2021-4238) * openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher (CVE-2023-0296) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/updating_clusters/updating-cluster-cli 3. Solution: See the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/release_notes/ocp-4-9-release-notes You can download the oc tool and use it to inspect release image metadata for x86_64, s390x, and ppc64le architectures. The image digests can be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. The sha values for the release are: (For x86_64 architecture) The image digest is sha256:cdf6e83f94d6a9beec65a429ebea6a8f5f80c19df49feb1a78b17981132b922b (For s390x architecture) The image digest is sha256:4784b43052f3041059e2cc586f2c3c80591ff92338817a83d3039288e1258eef (For ppc64le architecture) The image digest is sha256:5f1124780604fb8de06732bd407c24ac5d6d47df52ec74531d803bd187363bcf (For aarch64 architecture) The image digest is sha256: 2595defd3ac3d1b41acbf3284d9bf3eb73ac1f58aecffa77e82766e90ee511dc All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check foravailable updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at: https://docs.redhat.com/en/documentation/openshift_container_platform/4.9/html/updating_clusters/updating-cluster-cli 4. Bugs fixed (https://bugzilla.redhat.com/): 2105912 - OLM create-namespace.spec.ts e2e test fails always 2149181 - CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements 2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be 2161287 - CVE-2023-0296 openshift: etcd grpc-proxy vulnerable to The Birthday attack against 64-bit block cipher 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): OCPBUGS-5144 - 4.9 node-exporter daemonset does not filter nodeReadyCount with kubernetes.io/os=linux nodeSelector OCPBUGS-6086 - Cannot extract names from response with content-type: [] (accept no content-type on 204 Swift repsonses) OCPBUGS-6495 - Align javax-mail-api with Jenkins Server 2.361.1 [openshift-4.9] OCPBUGS-6711 - Fix sshd embedded version [release-4.9] 6. References: https://access.redhat.com/security/cve/CVE-2021-4238 https://access.redhat.com/security/cve/CVE-2022-41912 https://access.redhat.com/security/cve/CVE-2023-0296 https://access.redhat.com/security/updates/classification#critical 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY+nYn9zjgjWX9erEAQhjNw//VLnmlTZTqiVkVcGThanUSOhNAJX1uuNB OSFGmXrIX8t6d8e5VRI9oE1vndWGaJmbr/1tyYzACA5j03hZibXJeBFcs70qviTl 1AyCpky/fuSTeP1wK4pKjCAHchQqYzcwd+FWDFQ5hmAzoqqINzF3zyVJwCmrDKDw mn7k0K6hUaO6cTs52V/0W5EzcB1BCBa7zygzEpRxdThCPxm7fqkjYC8SKYJK8tK3 2/OikpUO6m7sx+hLzyl7hnxMF+roczxN2VSbAmaSHgb0OhNxPXoVIBRuRnKkpYTN iSdlMoo5+F1ZhTUwcH6DA2uAfrqtyafVU0nmv9lbto7LuAubin6pttJ747gH7ghp rTpTrD+Umi4q94c3Ir8jxY1gz7DiYwvqn/6bryKDAC57h6OsyN7L3z8ImjBDxOm2 pSXYTiX8PDE8JjJD4UlTXPE4yU5/Cv4J+b5zYBUCm46bmmYfBXaUtSoxsQOv+H+8 +YQNYdgSjuujiSsXpDKl1666rqOn/KBf97JojNpDNJ/BOUPyuSIQjmS+3o0cQxKQ gd111ITcAGRNQ6w66rFTVvm+VBWAU3F5khsson2nw7auLH42Uqd5E0gxbgzEWJ4e bfnwO+iN1kIwThU31SFUc+v4QsQMwItEc01zvnbMY7SLM9qnFfmCCI6Rzv/tDk64 ITbH4ytmJ5g=XZmc -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 13, 2023
•Critical
Red Hat
100
security advisorycriticalsystem integritySUSE: 2023:324-1 Important: Security Update for RMT Server Released
The container suse/rmt-server was updated. The following patches have been included in this update:. SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:324-1 Container Tags : suse/rmt-server:2.10 , suse/rmt-server:2.10-14.12 , suse/rmt-server:latest Container Release : 14.12 Severity : critical Type : security References : 1040589 1047178 1121365 1137373 1177460 1177460 1177460 1179416 1180125 1180995 1181658 1181805 1182983 1183543 1183545 1183659 1185299 1185637 1187670 1188160 1188161 1188548 1188578 1189802 1190375 1190651 1190651 1190651 1190653 1190700 1190824 1190888 1191020 1191157 1191552 1192951 1193035 1193081 1193282 1193489 1193659 1193711 1193859 1194038 1194047 1194708 1194968 1195059 1195157 1195283 1195628 1195773 1196093 1196107 1196125 1196275 1196406 1196490 1196647 1196861 1197004 1197024 1197038 1197065 1197178 1197405 1197459 1197570 1197718 1197771 1197794 1198062 1198165 1198176 1198341 1198441 1198446 1198471 1198472 1198627 1198720 1198721 1198731 1198732 1198751 1198752 1199132 1199140 1199140 1199166 1199232 1199240 1199467 1199492 1199944 1199961 1200170 1200334 1200550 1200723 1200734 1200735 1200736 1200737 1200747 1200800 1200855 1200855 1201099 1201225 1201276 1201293 1201385 1201560 1201590 1201640 1201680 1201783 1201795 1201942 1201959 1202117 1202148 1202148 1202175 1202310 1202324 1202593 1202750 1202870 1203018 1203046 1203069 1203652 1203652 1203911 1204179 1204211 1204285 1204357 1204366 1204367 1204383 1204386 1204585 1204649 1204769 1204944 1204968 1205000 1205000 1205089 1205126 1205156 1205502 1205646 1206308 1206309 1206337 1206579 1207182 1207264 1207533 1207534 1207536 1207538 CVE-2017-6512 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-3421 CVE-2021-36690 CVE-2021-41817 CVE-2021-41819 CVE-2021-46828 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1664 CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-28739 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-31254 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-34903 CVE-2022-3515 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 CVE-2022-3821 CVE-2022-40303 CVE-2022-40304 CVE-2022-42898 CVE-2022-42916 CVE-2022-4304 CVE-2022-43551 CVE-2022-43552 CVE-2022-4415 CVE-2022-4415 CVE-2022-4450 CVE-2022-46908 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions(jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommendedupdate for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions.(bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1512-1 Released: Tue May 3 16:11:28 2022 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,1193035,1198441,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066,CVE-2021-41817,CVE-2022-28739 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441). - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035). - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). - CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-31799: Fixed a command injectionvulnerability in RDoc (bsc#1190375). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 110:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) -CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2688-1 Released: Fri Aug 5 13:27:32 2022 Summary: Recommended update for rmt-server Type: recommended Severity: moderate References: 1191552 This update for rmt-server fixes the following issues: Version 2.8.0 - Forwarding information of registered systems to SCC more efficiently in batches - Syncing the systems' most recent last seen timestamps to SCC - Optional '--no-confirmation' switch to skip user confirmation when cleaning repository data - Fix 'rmt-cli systems list --csv -a' for RMTs with millions of systems (bsc#1191552) - Enable users with old versions of RMT to sync systems with SCC by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:162022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even ifsystemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers- hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- AdvisoryID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - SupportEd25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3292-1 Released: Fri Sep 16 17:06:20 2022 Summary: Security update for ruby2.5 Type: security Severity: moderate References: 1193081,CVE-2021-41819 This update for ruby2.5 fixes the following issues: - CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate References: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections(bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10(jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3588-1 Released: Fri Oct 14 10:49:12 2022 Summary: Recommended update for rmt-server Type: recommended Severity: moderate References: 1188578,1197038,1197405,1198721,1199961 This update for rmt-server fixes the following issues: - Implement `System-Token` header handling to improve unique system reporting. - Add --proxy-byos flag to rmt-cli systems command to filter BYOS systems using RMT as a proxy - Retry failed http requests automatically (bsc#1197405, bsc#1188578, bsc#1198721, bsc#1199961) - Improved rmt-client-setup-res script for CentOS8.x and RHEL/RES8.x(bsc#1197038) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version.(PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability inDpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS:Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4618-1 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this modeno subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:19-1 Released: Tue Jan 3 20:16:50 2023 Summary: Security update for rmt-server Type: security Severity: important References: 1204285,1204769,1205089,CVE-2022-31254 This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support (bsc#1205089) - Update the `last_seen_at` column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) - CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 509:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes thefollowing issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:311-1 Released: Tue Feb 7 17:36:32 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). The following package changes have been done: - filesystem-15.0-11.8.1 updated - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - glibc-2.31-150300.41.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.11.1 updated - libssh-config-0.9.6-150400.1.5 updated - libzstd1-1.5.0-150400.1.71 updated - libsepol1-3.1-150400.1.70 updated - liblz4-1-1.9.3-150400.1.7 updated - libgpg-error0-1.42-150400.1.101 updated - libcap2-2.63-150400.1.7 updated - libbz2-1-1.0.8-150400.1.122 updated - libaudit1-3.0.6-150400.2.13 updated - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.14-150400.8.19.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libcom_err2-1.46.4-150400.3.3.1 updated -libblkid1-2.37.2-150400.8.14.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libpcre1-8.45-150000.20.13.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libassuan0-2.5.5-150000.4.3.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libelf1-0.185-150400.5.3.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.22.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.22.1 updated - libdw1-0.185-150400.5.3.1 updated - libselinux1-3.1-150400.1.69 updated - libreadline7-7.0-150400.25.22 updated - patterns-base-fips-20200124-150400.18.4 updated - libsemanage1-3.1-150400.1.65 updated - bash-4.4-150400.25.22 updated - bash-sh-4.4-150400.25.22 updated - cpio-2.13-150400.1.98 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libmount1-2.37.2-150400.8.14.1 updated - krb5-1.19.2-150400.3.3.1 updated - login_defs-4.8.1-150400.10.3.1 updated - coreutils-8.32-150400.7.5 updated - libssh4-0.9.6-150400.1.5 updated - sles-release-15.4-150400.55.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - grep-3.1-150000.4.6.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - permissions-20201225-150400.5.16.1 updated - gpg2-2.2.27-150300.3.5.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - pam-1.3.0-150000.6.61.1 updated - shadow-4.8.1-150400.10.3.1 updated - sysuser-shadow-3.1-150400.1.35 updated - system-group-hardware-20170617-150400.22.33 updated - util-linux-2.37.2-150400.8.14.1 updated -aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - timezone-2022g-150000.75.18.1 updated - catatonit-0.1.7-150300.10.3.1 updated - fdupes-2.1.2-150400.1.86 updated - libruby2_5-2_5-2.5.9-150000.4.26.1 updated - libxslt1-1.1.34-150400.1.7 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - ruby2.5-stdlib-2.5.9-150000.4.26.1 updated - ruby2.5-2.5.9-150000.4.26.1 updated - rmt-server-config-2.10-150400.3.9.1 updated - rmt-server-2.10-150400.3.9.1 updated - container:sles15-image-15.0.0-27.14.34 updated . Critical security enhancement for SUSE container suse/rmt-server. Key improvements tackle system stability and exposure concerns.. suse container updates,rmt-server vulnerability fixes,SUSE security advisories,system integrity updates. . Severity: Critical. LinuxSecurity.com Team
Feb 09, 2023
•Critical
SuSE
89
security advisorysecurity issuecriticalFedora 36: git-octopus Security Advisory 2022-5ef0bd9a27 Critical
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-5ef0bd9a27 2022-07-30 01:52:05.591823 --------------------------------------------------------------------------------Name : git-octopus Product : Fedora 36 Version : 2.0 Release : 0.4.beta.3.fc36.13 URL : https://github.com/lesfurets/git-octopus Summary : Git commands for continuous delivery Description : The continuous merge workflow is meant for continuous integration/delivery and is based on feature branching. git-octopus provides git commands to implement it. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 2.0-0.4.beta.3.13 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5ef0bd9a27' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 29, 2022
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!