SUSE: 2023:611-1 suse-sles-15-sp5-chost-byos-v20230915-hvm-ssd-x86_64 Security Update
Summary
Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical Advisory ID: SUSE-SU-2023:3369-1 Released: Tue Aug 22 11:12:02 2023 Summary: Security update for python-configobj Type: security Severity: low Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3372-1 Released: Tue Aug 22 13:44:38 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3393-1 Released: Wed Aug 23 17:41:55 2023 Summary: Recommended update for dracut Type: recommended Severity: important Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low Advisory ID: SUSE-SU-2023:3447-1 Released: Mon Aug 28 10:57:05 2023 Summary: Security update for xen Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3465-1 Released: Tue Aug 29 07:30:00 2023 Summary: Recommended update for samba Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3468-1 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Type: recommended Severity: low Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3497-1 Released: Wed Aug 30 21:25:05 2023 Summary: Security update for vim Type: security Severity: important Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate
References
References : 1027519 1158763 1182142 1186606 1193412 1194609 1195391 1201519
1204844 1205161 1207778 1208194 1208574 1209741 1209998 1210070
1210419 1210702 1210740 1210797 1210996 1211256 1211257 1211461
1211576 1211757 1212368 1212434 1212684 1213120 1213185 1213212
1213229 1213231 1213240 1213500 1213557 1213575 1213582 1213607
1213616 1213673 1213826 1213873 1213940 1213951 1214006 1214025
1214071 1214081 1214082 1214083 1214107 1214108 1214109 1214140
1214248 1214290 CVE-2021-30560 CVE-2022-40982 CVE-2023-2004 CVE-2023-20569
CVE-2023-20593 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 CVE-2023-26112
CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-4016 CVE-2023-4156
This update for python-cssselect implements packages to the unrestrictied repository.
1208574,CVE-2021-30560
This update for libxslt fixes the following issues:
- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).
This update for python-instance-billing-flavor-check fixes the following issues:
- Include PAYG checker package in SLE (jsc#PED-4791)
1210070,CVE-2023-26112
This update for python-configobj fixes the following issues:
- CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070).
This update for liblognorm fixes the following issues:
- Update to liblognorm v2.0.6 (jsc#PED-4883)
1211757,1213212
This update for rsyslog fixes the following issues:
- Fix removal of imfile state files (bsc#1213212)
- Fix segfaults in modExit() of imklog.c (bsc#1211757)
1214081
This update for dracut fixes the following issues:
- Protect against broken links pointing to themselves
- Exit if resolving executable dependencies fails (bsc#1214081)
1201519,1204844
This update for audit fixes the following issues:
- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)
1214025,CVE-2023-4156
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
1027519,1212684,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593
This update for xen fixes the following issues:
- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)
1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873
This update for systemd fixes the following issues:
- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)
- Decrease devlink priority for iso disks (bsc#1213185)
- Do not ignore mount point paths longer than 255 characters (bsc#1208194)
- Refuse hibernation if there's no possible way to resume (bsc#1186606)
- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)
- Drop some entries no longer needed by YaST (bsc#1194609)
- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)
- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)
1213951
This update for supportutils-plugin-suse-public-cloud fixes the following issues:
- Update from version 1.0.7 to 1.0.8 (bsc#1213951)
- Capture CSP billing adapter config and log
- Accept upper case Amazon string in DMI table
1214248
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
1210419,CVE-2023-2004
This update for freetype2 fixes the following issues:
- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).
1213607,1213826,1213940
This update for samba fixes the following issues:
- Fix DFS not working with widelinks enabled; (bsc#1213607)
- Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940)
- net ads lookup with unspecified realm fails (bsc#1213826)
This update for python3 fixes the following issue:
- Rename sources in preparation of python3.11 (jsc#PED-68)
1182142,1193412
This update for parted fixes the following issues:
- fix null pointer dereference (bsc#1193412)
- update mkpart options in manpage (bsc#1182142)
1214290,CVE-2023-4016
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
1214071
This update for lvm2 fixes the following issues:
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 1572.
- CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996).
- CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256).
- CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257).
1158763,1210740,1213231,1213557,1213673
This update for libzypp, zypper fixes the following issues:
- Fix occasional isue with downloading very small files (bsc#1213673)
- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)
- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)
- Revised explanation of --force-resolution in man page (bsc#1213557)
- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)
1213582
This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2.
1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842
This update for docker fixes the following issues:
- Update to Docker 24.0.5-ce.
See upstream changelong online at
- Update to Docker 24.0.4-ce.
See upstream changelog online at
- Update to Docker 24.0.3-ce.
See upstream changelog online at
- Recommend docker-rootless-extras instead of Require(ing) it, given
it's an additional functionality and not inherently required for
docker to function.
- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless/)
- Update to Docker 24.0.2-ce. See upstream changelog online at
* Includes the upstreamed fix for the mount table pollution issue.
bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
being provided by this package.
- was rebuilt against current GO compiler.
1214006
This update for protobuf-c fixes the following issues:
- Add missing Provides/Obsoletes after package merge (bsc#1214006)
1209998
This update for crypto-policies fixes the following issues:
- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)
1195391,1205161,1207778,1213240,1214140
This update for sysuser-tools fixes the following issues:
- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391)
- Remove all systemd requires not supported on SLE15 (bsc#1214140)
The following package changes have been done:
- audit-3.0.6-150400.4.13.1 updated
- ca-certificates-mozilla-2.62-150200.30.1 updated
- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated
- docker-24.0.5_ce-150000.185.1 updated
- dracut-055+suse.369.gde6c81bf-150500.3.9.1 updated
- gawk-4.2.1-150000.3.3.1 updated
- libaudit1-3.0.6-150400.4.13.1 updated
- libauparse0-3.0.6-150400.4.13.1 updated
- libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated
- libfreetype6-2.10.4-150000.4.15.1 updated
- liblognorm5-2.0.6-150000.3.3.1 updated
- libparted0-3.2-150300.21.3.1 updated
- libprocps7-3.3.15-150000.7.34.1 updated
- libprotobuf-c1-1.3.2-150200.3.9.1 updated
- libsystemd0-249.16-150400.8.33.1 updated
- libudev1-249.16-150400.8.33.1 updated
- libxslt1-1.1.34-150400.3.3.1 added
- libzypp-17.31.20-150400.3.40.1 updated
- parted-3.2-150300.21.3.1 updated
- procps-3.3.15-150000.7.34.1 updated
- python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added
- python3-configobj-5.0.6-150000.3.3.1 updated
- python3-cssselect-1.0.3-150000.3.3.1 added
- python3-iniconfig-1.1.1-150000.1.11.1 updated
- python3-lxml-4.9.1-150500.1.2 added
- python3-more-itertools-8.10.0-150400.5.69 updated
- python3-ordered-set-4.0.2-150400.8.34 updated
- python3-pyOpenSSL-21.0.0-150400.7.62 updated
- rsyslog-module-relp-8.2306.0-150400.5.18.1 updated
- rsyslog-8.2306.0-150400.5.18.1 updated
- samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 updated
- supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated
- system-group-audit-3.0.6-150400.4.13.1 updated
- systemd-sysvinit-249.16-150400.8.33.1 updated
- systemd-249.16-150400.8.33.1 updated
- sysuser-shadow-3.2-150400.3.5.3 updated
- udev-249.16-150400.8.33.1 updated
- vim-data-common-9.0.1632-150500.20.3.1 updated
- vim-9.0.1632-150500.20.3.1 updated
- xen-libs-4.17.2_02-150500.3.6.1 updated
- xen-tools-domU-4.17.2_02-150500.3.6.1 updated
- zypper-1.14.63-150400.3.29.1 updated
- samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 removed
