SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20230915-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2023:612-1
Image Tags        : sles-15-sp5-chost-byos-v20230915-arm64:20230915
Image Release     : 
Severity          : critical
Type              : security
References        : 1002895 1027519 1102408 1107105 1138666 1138715 1138746 1158763
                        1167732 1176389 1177120 1179805 1182142 1182421 1182422 1184505
                        1186606 1187045 1193412 1194609 1195391 1195916 1196696 1198331
                        1200771 1201519 1202498 1202498 1204145 1204364 1204844 1205161
                        1206212 1207778 1207805 1208036 1208194 1208574 1209741 1209998
                        1210419 1210702 1210740 1210797 1210996 1211256 1211257 1211461
                        1211576 1211674 1211757 1212368 1212434 1212684 1213120 1213185
                        1213212 1213229 1213231 1213240 1213500 1213557 1213575 1213582
                        1213607 1213616 1213673 1213826 1213873 1213940 1213951 1214006
                        1214025 1214071 1214081 1214082 1214083 1214107 1214108 1214109
                        1214140 1214248 1214290 CVE-2020-25659 CVE-2020-26137 CVE-2020-29651
                        CVE-2020-29651 CVE-2021-30560 CVE-2021-33503 CVE-2022-23491 CVE-2022-40982
                        CVE-2022-42969 CVE-2023-2004 CVE-2023-20569 CVE-2023-20593 CVE-2023-23931
                        CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 CVE-2023-28840 CVE-2023-28841
                        CVE-2023-28842 CVE-2023-32681 CVE-2023-4016 CVE-2023-4156 
-----------------------------------------------------------------

The container sles-15-sp5-chost-byos-v20230915-arm64 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1037-1
Released:    Mon Apr 20 10:49:39 2020
Summary:     Recommended update for python-pytest
Type:        recommended
Severity:    low
References:  1002895,1107105,1138666,1167732

This update fixes the following issues:

New python-pytest versions are provided.

In Basesystem:

- python3-pexpect: updated to 4.8.0
- python3-py: updated to 1.8.1
- python3-zipp: shipped as dependency in version 0.6.0

In Python2:

- python2-pexpect: updated to 4.8.0
- python2-py: updated to 1.8.1

  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:1859-1
Released:    Fri Jun  4 09:02:38 2021
Summary:     Security update for python-py
Type:        security
Severity:    moderate
References:  1179805,1184505,CVE-2020-29651
This update for python-py fixes the following issues:

- CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2012-1
Released:    Fri Jun 18 09:15:13 2021
Summary:     Security update for python-urllib3
Type:        security
Severity:    important
References:  1187045,CVE-2021-33503
This update for python-urllib3 fixes the following issues:

- CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2817-1
Released:    Mon Aug 23 15:05:18 2021
Summary:     Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3
Type:        security
Severity:    moderate
References:  1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137
This patch updates the Python AWS SDK stack in SLE 15:

General:

# aws-cli

- Version updated to upstream release v1.19.9
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-boto3

- Version updated to upstream release 1.17.9
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-botocore

- Version updated to upstream release 1.20.9
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-urllib3

- Version updated to upstream release 1.25.10
  For a detailed list of all changes, please refer to the changelog file of this package.

# python-service_identity

- Added this new package to resolve runtime dependencies for other packages.
  Version: 18.1.0

# python-trustme

- Added this new package to resolve runtime dependencies for other packages.
  Version: 0.6.0

Security fixes:

# python-urllib3:
  
- CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated
  by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2355-1
Released:    Mon Jul 11 12:44:33 2022
Summary:     Recommended update for python-cryptography
Type:        recommended
Severity:    moderate
References:  1198331,CVE-2020-25659

This update for python-cryptography fixes the following issues:

python-cryptography was updated to 3.3.2.

update to 3.3.0:

* BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
  to 1024-bit (8 byte to 128 byte) initialization vectors. This
  change is to conform with an upcoming OpenSSL release that will
  no longer support sizes outside this window.
* BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
  now raise ValueError rather than UnsupportedAlgorithm when an
  unsupported cipher is used. This change is to conform with an
  upcoming OpenSSL release that will no longer distinguish
  between error types.
* BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
  field Diffie-Hellman parameters of less than 512 bits in
  length. This change is to conform with an upcoming OpenSSL
  release that no longer supports smaller sizes. These keys were
  already wildly insecure and should not have been used in any
  application outside of testing.
* Added the recover_data_from_signature() function to
  RSAPublicKey for recovering the signed data from an RSA
  signature. 

Update to 3.2.1:

Disable blinding on RSA public keys to address an error with
some versions of OpenSSL.

update to 3.2 (bsc#1178168, CVE-2020-25659):

* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
  to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
  by our API, we cannot completely mitigate this vulnerability.
* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.

update to 3.1:

* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
  :term:`U-label` parsing in various X.509 classes. This support was originally
  deprecated in version 2.1 and moved to an extra in 2.5.
* ``backend`` arguments to functions are no longer required and the
  default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
  and
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
  .
* Calling ``update`` or ``update_into`` on
  :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
  longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
  also resolves the same issue in :doc:`/fernet`.

update to 3.0:

* RSA generate_private_key() no longer accepts public_exponent values except
   65537 and 3 (the latter for legacy purposes).
* X.509 certificate parsing now enforces that the version field contains
   a valid value, rather than deferring this check until version is accessed.
* Deprecated support for Python 2
* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
   private keys: load_ssh_private_key() for loading and OpenSSH for writing.
* Added support for OpenSSH certificates to load_ssh_public_key().
* Added encrypt_at_time() and decrypt_at_time() to Fernet.
* Added support for the SubjectInformationAccess X.509 extension.
* Added support for parsing SignedCertificateTimestamps in OCSP responses.
* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
* Added support for encoding attributes in certificate signing requests via add_attribute().
* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG
   instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with serialize_key_and_certificates().

Update to 2.9:

* BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
  low usage and maintenance burden.
* BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
  Users on older version of OpenSSL will need to upgrade.
* BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
* Removed support for calling public_bytes() with no arguments, as per 
  our deprecation policy. You must now pass encoding and format.
* BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
  returns the RDNs as required by RFC 4514.
* Added support for parsing single_extensions in an OCSP response.
* NameAttribute values can now be empty strings.


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2548-1
Released:    Tue Jul 26 13:48:28 2022
Summary:     Critical update for python-cssselect
Type:        recommended
Severity:    critical
References:  
This update for python-cssselect implements packages to the unrestrictied repository.
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2831-1
Released:    Wed Aug 17 14:41:07 2022
Summary:     Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins
Type:        security
Severity:    moderate
References:  1195916,1196696,CVE-2020-29651
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:

- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)

- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s). 
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2853-1
Released:    Fri Aug 19 15:59:42 2022
Summary:     Recommended update for sle-module-legacy-release
Type:        recommended
Severity:    low
References:  1202498
This update for python-iniconfig provides the following fix:

- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released:    Tue Aug 30 15:42:16 2022
Summary:     Recommended update for python-iniconfig
Type:        recommended
Severity:    low
References:  1202498
This update for python-iniconfig provides the following fix:

- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3022-1
Released:    Mon Sep  5 15:16:02 2022
Summary:     Recommended update for python-pyOpenSSL
Type:        recommended
Severity:    moderate
References:  1200771
This update for python-pyOpenSSL fixes the following issues:

- Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056).

python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519):

- The minimum ``cryptography`` version is now 3.3.
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3985-1
Released:    Tue Nov 15 12:54:11 2022
Summary:     
	  Recommended update for python-apipkg
  
Type:        recommended
Severity:    moderate
References:  1204145

	  This update fixes for python3-apipkg the following issues:
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:139-1
Released:    Wed Jan 25 14:41:55 2023
Summary:     Security update for python-certifi
Type:        security
Severity:    important
References:  1206212,CVE-2022-23491
This update for python-certifi fixes the following issues:

- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
  certs (bsc#1206212 CVE-2022-23491)
     - TrustCor RootCert CA-1
     - TrustCor RootCert CA-2
     - TrustCor ECA-1
- Add removeTrustCor.patch

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:161-1
Released:    Thu Jan 26 18:23:16 2023
Summary:     Security update for python-py
Type:        security
Severity:    moderate
References:  1204364,CVE-2022-42969
This update for python-py fixes the following issues:

- CVE-2022-42969: Fixed an excessive resource consumption that could
  be triggered when interacting with a Subversion repository
  containing crated data (bsc#1204364).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:557-1
Released:    Tue Feb 28 09:29:15 2023
Summary:     Security update for libxslt
Type:        security
Severity:    important
References:  1208574,CVE-2021-30560
This update for libxslt fixes the following issues:

- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:722-1
Released:    Tue Mar 14 14:57:15 2023
Summary:     Security update for python-cryptography
Type:        security
Severity:    moderate
References:  1208036,CVE-2023-23931
This update for python-cryptography fixes the following issues:

  - CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2866-1
Released:    Tue Jul 18 11:09:03 2023
Summary:     Security update for python-requests
Type:        security
Severity:    moderate
References:  1211674,CVE-2023-32681
This update for python-requests fixes the following issues:

- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:2898-1
Released:    Thu Jul 20 09:15:33 2023
Summary:     Recommended update for python-instance-billing-flavor-check
Type:        feature
Severity:    critical
References:  
This update for python-instance-billing-flavor-check fixes the following issues:


- Include PAYG checker package in SLE (jsc#PED-4791) 
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3330-1
Released:    Wed Aug 16 08:59:33 2023
Summary:     Recommended update for python-pyasn1
Type:        recommended
Severity:    important
References:  1207805
This update for python-pyasn1 fixes the following issues:

- To avoid users of this package having to recompile bytecode
  files, change the mtime of any __init__.py. (bsc#1207805)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3371-1
Released:    Tue Aug 22 13:30:18 2023
Summary:     Recommended update for liblognorm
Type:        recommended
Severity:    moderate
References:  
This update for liblognorm fixes the following issues:

- Update to liblognorm v2.0.6 (jsc#PED-4883)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3372-1
Released:    Tue Aug 22 13:44:38 2023
Summary:     Recommended update for rsyslog
Type:        recommended
Severity:    moderate
References:  1211757,1213212
This update for rsyslog fixes the following issues:

- Fix removal of imfile state files (bsc#1213212)
- Fix segfaults in modExit() of imklog.c (bsc#1211757)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3393-1
Released:    Wed Aug 23 17:41:55 2023
Summary:     Recommended update for dracut
Type:        recommended
Severity:    important
References:  1214081
This update for dracut fixes the following issues:

- Protect against broken links pointing to themselves
- Exit if resolving executable dependencies fails (bsc#1214081)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3410-1
Released:    Thu Aug 24 06:56:32 2023
Summary:     Recommended update for audit
Type:        recommended
Severity:    moderate
References:  1201519,1204844
This update for audit fixes the following issues:

- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3440-1
Released:    Mon Aug 28 08:57:10 2023
Summary:     Security update for gawk
Type:        security
Severity:    low
References:  1214025,CVE-2023-4156
This update for gawk fixes the following issues:

- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3447-1
Released:    Mon Aug 28 10:57:05 2023
Summary:     Security update for xen
Type:        security
Severity:    moderate
References:  1027519,1212684,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593
This update for xen fixes the following issues:

- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3451-1
Released:    Mon Aug 28 12:15:22 2023
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873
This update for systemd fixes the following issues:

- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)
- Decrease devlink priority for iso disks (bsc#1213185)
- Do not ignore mount point paths longer than 255 characters (bsc#1208194)
- Refuse hibernation if there's no possible way to resume (bsc#1186606)
- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)
- Drop some entries no longer needed by YaST (bsc#1194609)
- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)
- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3452-1
Released:    Mon Aug 28 12:41:11 2023
Summary:     Recommended update for supportutils-plugin-suse-public-cloud
Type:        recommended
Severity:    moderate
References:  1213951
This update for supportutils-plugin-suse-public-cloud fixes the following issues:

- Update from version 1.0.7 to 1.0.8 (bsc#1213951)
  - Capture CSP billing adapter config and log
  - Accept upper case Amazon string in DMI table

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3454-1
Released:    Mon Aug 28 13:43:18 2023
Summary:     Security update for ca-certificates-mozilla
Type:        security
Severity:    important
References:  1214248
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
  Added:
  - Atos TrustedRoot Root CA ECC G2 2020
  - Atos TrustedRoot Root CA ECC TLS 2021
  - Atos TrustedRoot Root CA RSA G2 2020
  - Atos TrustedRoot Root CA RSA TLS 2021
  - BJCA Global Root CA1
  - BJCA Global Root CA2
  - LAWtrust Root CA2 (4096)
  - Sectigo Public Email Protection Root E46
  - Sectigo Public Email Protection Root R46
  - Sectigo Public Server Authentication Root E46
  - Sectigo Public Server Authentication Root R46
  - SSL.com Client ECC Root CA 2022
  - SSL.com Client RSA Root CA 2022
  - SSL.com TLS ECC Root CA 2022
  - SSL.com TLS RSA Root CA 2022
  Removed CAs:
  - Chambers of Commerce Root
  - E-Tugra Certification Authority
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  - Hongkong Post Root CA 1

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3461-1
Released:    Mon Aug 28 17:25:09 2023
Summary:     Security update for freetype2
Type:        security
Severity:    moderate
References:  1210419,CVE-2023-2004
This update for freetype2 fixes the following issues:

- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3465-1
Released:    Tue Aug 29 07:30:00 2023
Summary:     Recommended update for samba
Type:        recommended
Severity:    moderate
References:  1213607,1213826,1213940
This update for samba fixes the following issues:

- Fix DFS not working with widelinks enabled; (bsc#1213607)
- Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940)
- net ads lookup with unspecified realm fails (bsc#1213826)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3468-1
Released:    Tue Aug 29 09:22:18 2023
Summary:     Recommended update for python3
Type:        recommended
Severity:    low
References:  
This update for python3 fixes the following issue:

- Rename sources in preparation of python3.11 (jsc#PED-68)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3470-1
Released:    Tue Aug 29 10:49:33 2023
Summary:     Recommended update for parted
Type:        recommended
Severity:    low
References:  1182142,1193412
This update for parted fixes the following issues:

- fix null pointer dereference (bsc#1193412)
- update mkpart options in manpage (bsc#1182142)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3472-1
Released:    Tue Aug 29 10:55:16 2023
Summary:     Security update for procps
Type:        security
Severity:    low
References:  1214290,CVE-2023-4016
This update for procps fixes the following issues:

  - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3485-1
Released:    Tue Aug 29 14:20:56 2023
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1214071
This update for lvm2 fixes the following issues:

- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3497-1
Released:    Wed Aug 30 21:25:05 2023
Summary:     Security update for vim
Type:        security
Severity:    important
References:  1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610
This update for vim fixes the following issues:

Updated to version 9.0 with patch level 1572.

- CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996).
- CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256).
- CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3514-1
Released:    Fri Sep  1 15:48:52 2023
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1158763,1210740,1213231,1213557,1213673
This update for libzypp, zypper fixes the following issues:

- Fix occasional isue with downloading very small files (bsc#1213673)
- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)
- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)
- Revised explanation of --force-resolution in man page (bsc#1213557)
- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3521-1
Released:    Tue Sep  5 08:56:45 2023
Summary:     Recommended update for python-iniconfig
Type:        recommended
Severity:    moderate
References:  1213582

This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. 

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3536-1
Released:    Tue Sep  5 15:00:27 2023
Summary:     Security update for docker
Type:        security
Severity:    moderate
References:  1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842
This update for docker fixes the following issues:

- Update to Docker 24.0.5-ce.

  See upstream changelong online at
   bsc#1213229 

- Update to Docker 24.0.4-ce.

  See upstream changelog online at
  . bsc#1213500

- Update to Docker 24.0.3-ce.

  See upstream changelog online at
  . bsc#1213120

- Recommend docker-rootless-extras instead of Require(ing) it, given
  it's an additional functionality and not inherently required for
  docker to function.

- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless/)

- Update to Docker 24.0.2-ce. See upstream changelog online at
  . bsc#1212368

  * Includes the upstreamed fix for the mount table pollution issue.
    bsc#1210797

- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
  being provided by this package.

- was rebuilt against current GO compiler.


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3543-1
Released:    Wed Sep  6 08:27:22 2023
Summary:     Recommended update for protobuf-c
Type:        recommended
Severity:    moderate
References:  1214006
This update for protobuf-c fixes the following issues:

- Add missing Provides/Obsoletes after package merge (bsc#1214006)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3577-1
Released:    Mon Sep 11 15:04:01 2023
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    low
References:  1209998
This update for crypto-policies fixes the following issues:

- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3611-1
Released:    Fri Sep 15 09:28:36 2023
Summary:     Recommended update for sysuser-tools
Type:        recommended
Severity:    moderate
References:  1195391,1205161,1207778,1213240,1214140
This update for sysuser-tools fixes the following issues:

- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391) 
- Remove all systemd requires not supported on SLE15 (bsc#1214140)


The following package changes have been done:

- audit-3.0.6-150400.4.13.1 updated
- ca-certificates-mozilla-2.62-150200.30.1 updated
- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated
- docker-24.0.5_ce-150000.185.1 updated
- dracut-055+suse.369.gde6c81bf-150500.3.9.1 updated
- gawk-4.2.1-150000.3.3.1 updated
- libaudit1-3.0.6-150400.4.13.1 updated
- libauparse0-3.0.6-150400.4.13.1 updated
- libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated
- libfreetype6-2.10.4-150000.4.15.1 updated
- liblognorm5-2.0.6-150000.3.3.1 updated
- libparted0-3.2-150300.21.3.1 updated
- libprocps7-3.3.15-150000.7.34.1 updated
- libprotobuf-c1-1.3.2-150200.3.9.1 updated
- libsystemd0-249.16-150400.8.33.1 updated
- libudev1-249.16-150400.8.33.1 updated
- libxslt1-1.1.34-150400.3.3.1 added
- libzypp-17.31.20-150400.3.40.1 updated
- parted-3.2-150300.21.3.1 updated
- procps-3.3.15-150000.7.34.1 updated
- python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added
- python3-apipkg-2.1.0-150500.1.1 added
- python3-asn1crypto-0.24.0-3.2.1 added
- python3-certifi-2018.1.18-150000.3.3.1 added
- python3-cffi-1.13.2-3.2.5 added
- python3-chardet-3.0.4-3.23 added
- python3-cryptography-3.3.2-150400.16.6.1 added
- python3-cssselect-1.0.3-150000.3.3.1 added
- python3-idna-2.6-1.20 added
- python3-iniconfig-1.1.1-150000.1.11.1 added
- python3-lxml-4.9.1-150500.1.2 added
- python3-ordered-set-4.0.2-150400.8.34 updated
- python3-pyOpenSSL-21.0.0-150400.7.62 added
- python3-pyasn1-0.4.2-150000.3.5.1 added
- python3-pycparser-2.17-3.2.1 added
- python3-py-1.10.0-150100.5.12.1 added
- python3-requests-2.24.0-150300.3.3.1 added
- python3-urllib3-1.25.10-4.3.1 added
- rsyslog-module-relp-8.2306.0-150400.5.18.1 updated
- rsyslog-8.2306.0-150400.5.18.1 updated
- samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 updated
- supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated
- system-group-audit-3.0.6-150400.4.13.1 updated
- systemd-sysvinit-249.16-150400.8.33.1 updated
- systemd-249.16-150400.8.33.1 updated
- sysuser-shadow-3.2-150400.3.5.3 updated
- udev-249.16-150400.8.33.1 updated
- vim-data-common-9.0.1632-150500.20.3.1 updated
- vim-9.0.1632-150500.20.3.1 updated
- xen-libs-4.17.2_02-150500.3.6.1 updated
- zypper-1.14.63-150400.3.29.1 updated
- samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 removed

SUSE: 2023:612-1 sles-15-sp5-chost-byos-v20230915-arm64 Security Update

September 18, 2023
The container sles-15-sp5-chost-byos-v20230915-arm64 was updated

Summary

Advisory ID: SUSE-RU-2020:1037-1 Released: Mon Apr 20 10:49:39 2020 Summary: Recommended update for python-pytest Type: recommended Severity: low Advisory ID: SUSE-SU-2021:1859-1 Released: Fri Jun 4 09:02:38 2021 Summary: Security update for python-py Type: security Severity: moderate Advisory ID: SUSE-SU-2021:2012-1 Released: Fri Jun 18 09:15:13 2021 Summary: Security update for python-urllib3 Type: security Severity: important Advisory ID: SUSE-SU-2021:2817-1 Released: Mon Aug 23 15:05:18 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2355-1 Released: Mon Jul 11 12:44:33 2022 Summary: Recommended update for python-cryptography Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:07 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2853-1 Released: Fri Aug 19 15:59:42 2022 Summary: Recommended update for sle-module-legacy-release Type: recommended Severity: low Advisory ID: SUSE-RU-2022:2943-1 Released: Tue Aug 30 15:42:16 2022 Summary: Recommended update for python-iniconfig Type: recommended Severity: low Advisory ID: SUSE-RU-2022:3022-1 Released: Mon Sep 5 15:16:02 2022 Summary: Recommended update for python-pyOpenSSL Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate Advisory ID: SUSE-SU-2023:557-1 Released: Tue Feb 28 09:29:15 2023 Summary: Security update for libxslt Type: security Severity: important Advisory ID: SUSE-SU-2023:722-1 Released: Tue Mar 14 14:57:15 2023 Summary: Security update for python-cryptography Type: security Severity: moderate Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3372-1 Released: Tue Aug 22 13:44:38 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3393-1 Released: Wed Aug 23 17:41:55 2023 Summary: Recommended update for dracut Type: recommended Severity: important Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low Advisory ID: SUSE-SU-2023:3447-1 Released: Mon Aug 28 10:57:05 2023 Summary: Security update for xen Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3451-1 Released: Mon Aug 28 12:15:22 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3465-1 Released: Tue Aug 29 07:30:00 2023 Summary: Recommended update for samba Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3468-1 Released: Tue Aug 29 09:22:18 2023 Summary: Recommended update for python3 Type: recommended Severity: low Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low Advisory ID: SUSE-RU-2023:3485-1 Released: Tue Aug 29 14:20:56 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3497-1 Released: Wed Aug 30 21:25:05 2023 Summary: Security update for vim Type: security Severity: important Advisory ID: SUSE-RU-2023:3514-1 Released: Fri Sep 1 15:48:52 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:3577-1 Released: Mon Sep 11 15:04:01 2023 Summary: Recommended update for crypto-policies Type: recommended Severity: low Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate

References

References : 1002895 1027519 1102408 1107105 1138666 1138715 1138746 1158763

1167732 1176389 1177120 1179805 1182142 1182421 1182422 1184505

1186606 1187045 1193412 1194609 1195391 1195916 1196696 1198331

1200771 1201519 1202498 1202498 1204145 1204364 1204844 1205161

1206212 1207778 1207805 1208036 1208194 1208574 1209741 1209998

1210419 1210702 1210740 1210797 1210996 1211256 1211257 1211461

1211576 1211674 1211757 1212368 1212434 1212684 1213120 1213185

1213212 1213229 1213231 1213240 1213500 1213557 1213575 1213582

1213607 1213616 1213673 1213826 1213873 1213940 1213951 1214006

1214025 1214071 1214081 1214082 1214083 1214107 1214108 1214109

1214140 1214248 1214290 CVE-2020-25659 CVE-2020-26137 CVE-2020-29651

CVE-2020-29651 CVE-2021-30560 CVE-2021-33503 CVE-2022-23491 CVE-2022-40982

CVE-2022-42969 CVE-2023-2004 CVE-2023-20569 CVE-2023-20593 CVE-2023-23931

CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 CVE-2023-28840 CVE-2023-28841

CVE-2023-28842 CVE-2023-32681 CVE-2023-4016 CVE-2023-4156

1002895,1107105,1138666,1167732

This update fixes the following issues:

New python-pytest versions are provided.

In Basesystem:

- python3-pexpect: updated to 4.8.0

- python3-py: updated to 1.8.1

- python3-zipp: shipped as dependency in version 0.6.0

In Python2:

- python2-pexpect: updated to 4.8.0

- python2-py: updated to 1.8.1

1179805,1184505,CVE-2020-29651

This update for python-py fixes the following issues:

- CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505).

1187045,CVE-2021-33503

This update for python-urllib3 fixes the following issues:

- CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045)

1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137

This patch updates the Python AWS SDK stack in SLE 15:

General:

# aws-cli

- Version updated to upstream release v1.19.9

For a detailed list of all changes, please refer to the changelog file of this package.

# python-boto3

- Version updated to upstream release 1.17.9

For a detailed list of all changes, please refer to the changelog file of this package.

# python-botocore

- Version updated to upstream release 1.20.9

For a detailed list of all changes, please refer to the changelog file of this package.

# python-urllib3

- Version updated to upstream release 1.25.10

For a detailed list of all changes, please refer to the changelog file of this package.

# python-service_identity

- Added this new package to resolve runtime dependencies for other packages.

Version: 18.1.0

# python-trustme

- Added this new package to resolve runtime dependencies for other packages.

Version: 0.6.0

Security fixes:

# python-urllib3:

- CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated

by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)

1198331,CVE-2020-25659

This update for python-cryptography fixes the following issues:

python-cryptography was updated to 3.3.2.

update to 3.3.0:

* BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit

to 1024-bit (8 byte to 128 byte) initialization vectors. This

change is to conform with an upcoming OpenSSL release that will

no longer support sizes outside this window.

* BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we

now raise ValueError rather than UnsupportedAlgorithm when an

unsupported cipher is used. This change is to conform with an

upcoming OpenSSL release that will no longer distinguish

between error types.

* BACKWARDS INCOMPATIBLE: We no longer allow loading of finite

field Diffie-Hellman parameters of less than 512 bits in

length. This change is to conform with an upcoming OpenSSL

release that no longer supports smaller sizes. These keys were

already wildly insecure and should not have been used in any

application outside of testing.

* Added the recover_data_from_signature() function to

RSAPublicKey for recovering the signed data from an RSA

signature.

Update to 3.2.1:

Disable blinding on RSA public keys to address an error with

some versions of OpenSSL.

update to 3.2 (bsc#1178168, CVE-2020-25659):

* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,

to protect against Bleichenbacher vulnerabilities. Due to limitations imposed

by our API, we cannot completely mitigate this vulnerability.

* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.

update to 3.1:

* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based

:term:`U-label` parsing in various X.509 classes. This support was originally

deprecated in version 2.1 and moved to an extra in 2.5.

* ``backend`` arguments to functions are no longer required and the

default backend will automatically be selected if no ``backend`` is provided.

* Added initial support for parsing certificates from PKCS7 files with

:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`

and

:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`

.

* Calling ``update`` or ``update_into`` on

:class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``

longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This

also resolves the same issue in :doc:`/fernet`.

update to 3.0:

* RSA generate_private_key() no longer accepts public_exponent values except

65537 and 3 (the latter for legacy purposes).

* X.509 certificate parsing now enforces that the version field contains

a valid value, rather than deferring this check until version is accessed.

* Deprecated support for Python 2

* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa

private keys: load_ssh_private_key() for loading and OpenSSH for writing.

* Added support for OpenSSH certificates to load_ssh_public_key().

* Added encrypt_at_time() and decrypt_at_time() to Fernet.

* Added support for the SubjectInformationAccess X.509 extension.

* Added support for parsing SignedCertificateTimestamps in OCSP responses.

* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().

* Added support for encoding attributes in certificate signing requests via add_attribute().

* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG

instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.

* Added initial support for creating PKCS12 files with serialize_key_and_certificates().

Update to 2.9:

* BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to

low usage and maintenance burden.

* BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.

Users on older version of OpenSSL will need to upgrade.

* BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.

* Removed support for calling public_bytes() with no arguments, as per

our deprecation policy. You must now pass encoding and format.

* BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()

returns the RDNs as required by RFC 4514.

* Added support for parsing single_extensions in an OCSP response.

* NameAttribute values can now be empty strings.

This update for python-cssselect implements packages to the unrestrictied repository.

1195916,1196696,CVE-2020-29651

This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:

- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)

- Remove redundant python3 dependency from Requires

- Update regular expression to fix python shebang

- Style is enforced upstream and triggers unnecessary build version requirements

- Allow specifying fs_id in cloudwatch log group name

- Includes fix for stunnel path

- Added hardening to systemd service(s).

- Raise minimal pytest version

- Fix typo in the ansi2html Requires

- Cleanup with spec-cleaner

- Make sure the tests are really executed

- Remove useless devel dependency

- Multiprocessing support in Python 3.8 was broken, but is now fixed

- Bumpy the URL to point to github rather than to docs

1202498

This update for python-iniconfig provides the following fix:

- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)

1202498

This update for python-iniconfig provides the following fix:

- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)

1200771

This update for python-pyOpenSSL fixes the following issues:

- Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056).

python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519):

- The minimum ``cryptography`` version is now 3.3.

- Raise an error when an invalid ALPN value is set.

- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``

- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.

1204145

This update fixes for python3-apipkg the following issues:

1206212,CVE-2022-23491

This update for python-certifi fixes the following issues:

- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle

certs (bsc#1206212 CVE-2022-23491)

- TrustCor RootCert CA-1

- TrustCor RootCert CA-2

- TrustCor ECA-1

- Add removeTrustCor.patch

1204364,CVE-2022-42969

This update for python-py fixes the following issues:

- CVE-2022-42969: Fixed an excessive resource consumption that could

be triggered when interacting with a Subversion repository

containing crated data (bsc#1204364).

1208574,CVE-2021-30560

This update for libxslt fixes the following issues:

- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).

1208036,CVE-2023-23931

This update for python-cryptography fixes the following issues:

- CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036).

1211674,CVE-2023-32681

This update for python-requests fixes the following issues:

- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).

This update for python-instance-billing-flavor-check fixes the following issues:

- Include PAYG checker package in SLE (jsc#PED-4791)

1207805

This update for python-pyasn1 fixes the following issues:

- To avoid users of this package having to recompile bytecode

files, change the mtime of any __init__.py. (bsc#1207805)

This update for liblognorm fixes the following issues:

- Update to liblognorm v2.0.6 (jsc#PED-4883)

1211757,1213212

This update for rsyslog fixes the following issues:

- Fix removal of imfile state files (bsc#1213212)

- Fix segfaults in modExit() of imklog.c (bsc#1211757)

1214081

This update for dracut fixes the following issues:

- Protect against broken links pointing to themselves

- Exit if resolving executable dependencies fails (bsc#1214081)

1201519,1204844

This update for audit fixes the following issues:

- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)

- Fix rules not loaded when restarting auditd.service (bsc#1204844)

1214025,CVE-2023-4156

This update for gawk fixes the following issues:

- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)

1027519,1212684,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593

This update for xen fixes the following issues:

- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)

- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)

- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)

1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873

This update for systemd fixes the following issues:

- Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)

- Decrease devlink priority for iso disks (bsc#1213185)

- Do not ignore mount point paths longer than 255 characters (bsc#1208194)

- Refuse hibernation if there's no possible way to resume (bsc#1186606)

- Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)

- Drop some entries no longer needed by YaST (bsc#1194609)

- The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)

- Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)

1213951

This update for supportutils-plugin-suse-public-cloud fixes the following issues:

- Update from version 1.0.7 to 1.0.8 (bsc#1213951)

- Capture CSP billing adapter config and log

- Accept upper case Amazon string in DMI table

1214248

This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)

Added:

- Atos TrustedRoot Root CA ECC G2 2020

- Atos TrustedRoot Root CA ECC TLS 2021

- Atos TrustedRoot Root CA RSA G2 2020

- Atos TrustedRoot Root CA RSA TLS 2021

- BJCA Global Root CA1

- BJCA Global Root CA2

- LAWtrust Root CA2 (4096)

- Sectigo Public Email Protection Root E46

- Sectigo Public Email Protection Root R46

- Sectigo Public Server Authentication Root E46

- Sectigo Public Server Authentication Root R46

- SSL.com Client ECC Root CA 2022

- SSL.com Client RSA Root CA 2022

- SSL.com TLS ECC Root CA 2022

- SSL.com TLS RSA Root CA 2022

Removed CAs:

- Chambers of Commerce Root

- E-Tugra Certification Authority

- E-Tugra Global Root CA ECC v3

- E-Tugra Global Root CA RSA v3

- Hongkong Post Root CA 1

1210419,CVE-2023-2004

This update for freetype2 fixes the following issues:

- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).

1213607,1213826,1213940

This update for samba fixes the following issues:

- Fix DFS not working with widelinks enabled; (bsc#1213607)

- Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940)

- net ads lookup with unspecified realm fails (bsc#1213826)

This update for python3 fixes the following issue:

- Rename sources in preparation of python3.11 (jsc#PED-68)

1182142,1193412

This update for parted fixes the following issues:

- fix null pointer dereference (bsc#1193412)

- update mkpart options in manpage (bsc#1182142)

1214290,CVE-2023-4016

This update for procps fixes the following issues:

- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).

1214071

This update for lvm2 fixes the following issues:

- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)

1210996,1211256,1211257,1211461,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610

This update for vim fixes the following issues:

Updated to version 9.0 with patch level 1572.

- CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996).

- CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256).

- CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257).

1158763,1210740,1213231,1213557,1213673

This update for libzypp, zypper fixes the following issues:

- Fix occasional isue with downloading very small files (bsc#1213673)

- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)

- Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)

- Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)

- Revised explanation of --force-resolution in man page (bsc#1213557)

- Print summary hint if policies were violated due to --force-resolution (bsc#1213557)

1213582

This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2.

1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842

This update for docker fixes the following issues:

- Update to Docker 24.0.5-ce.

See upstream changelong online at

bsc#1213229

- Update to Docker 24.0.4-ce.

See upstream changelog online at

. bsc#1213500

- Update to Docker 24.0.3-ce.

See upstream changelog online at

. bsc#1213120

- Recommend docker-rootless-extras instead of Require(ing) it, given

it's an additional functionality and not inherently required for

docker to function.

- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless/)

- Update to Docker 24.0.2-ce. See upstream changelog online at

. bsc#1212368

* Includes the upstreamed fix for the mount table pollution issue.

bsc#1210797

- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as

being provided by this package.

- was rebuilt against current GO compiler.

1214006

This update for protobuf-c fixes the following issues:

- Add missing Provides/Obsoletes after package merge (bsc#1214006)

1209998

This update for crypto-policies fixes the following issues:

- Update update-crypto-policies(8) man pages and README.SUSE to mention the supported back-end policies. (bsc#1209998)

1195391,1205161,1207778,1213240,1214140

This update for sysuser-tools fixes the following issues:

- Update to version 3.2

- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)

- Add 'quilt setup' friendly hint to %sysusers_requires usage

- Use append so if a pre file already exists it isn't overridden

- Invoke bash for bash scripts (bsc#1195391)

- Remove all systemd requires not supported on SLE15 (bsc#1214140)

The following package changes have been done:

- audit-3.0.6-150400.4.13.1 updated

- ca-certificates-mozilla-2.62-150200.30.1 updated

- crypto-policies-20210917.c9d86d1-150400.3.3.1 updated

- docker-24.0.5_ce-150000.185.1 updated

- dracut-055+suse.369.gde6c81bf-150500.3.9.1 updated

- gawk-4.2.1-150000.3.3.1 updated

- libaudit1-3.0.6-150400.4.13.1 updated

- libauparse0-3.0.6-150400.4.13.1 updated

- libdevmapper1_03-2.03.16_1.02.185-150500.7.6.1 updated

- libfreetype6-2.10.4-150000.4.15.1 updated

- liblognorm5-2.0.6-150000.3.3.1 updated

- libparted0-3.2-150300.21.3.1 updated

- libprocps7-3.3.15-150000.7.34.1 updated

- libprotobuf-c1-1.3.2-150200.3.9.1 updated

- libsystemd0-249.16-150400.8.33.1 updated

- libudev1-249.16-150400.8.33.1 updated

- libxslt1-1.1.34-150400.3.3.1 added

- libzypp-17.31.20-150400.3.40.1 updated

- parted-3.2-150300.21.3.1 updated

- procps-3.3.15-150000.7.34.1 updated

- python-instance-billing-flavor-check-0.0.2-150000.1.3.1 added

- python3-apipkg-2.1.0-150500.1.1 added

- python3-asn1crypto-0.24.0-3.2.1 added

- python3-certifi-2018.1.18-150000.3.3.1 added

- python3-cffi-1.13.2-3.2.5 added

- python3-chardet-3.0.4-3.23 added

- python3-cryptography-3.3.2-150400.16.6.1 added

- python3-cssselect-1.0.3-150000.3.3.1 added

- python3-idna-2.6-1.20 added

- python3-iniconfig-1.1.1-150000.1.11.1 added

- python3-lxml-4.9.1-150500.1.2 added

- python3-ordered-set-4.0.2-150400.8.34 updated

- python3-pyOpenSSL-21.0.0-150400.7.62 added

- python3-pyasn1-0.4.2-150000.3.5.1 added

- python3-pycparser-2.17-3.2.1 added

- python3-py-1.10.0-150100.5.12.1 added

- python3-requests-2.24.0-150300.3.3.1 added

- python3-urllib3-1.25.10-4.3.1 added

- rsyslog-module-relp-8.2306.0-150400.5.18.1 updated

- rsyslog-8.2306.0-150400.5.18.1 updated

- samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 updated

- supportutils-plugin-suse-public-cloud-1.0.8-150000.3.17.1 updated

- system-group-audit-3.0.6-150400.4.13.1 updated

- systemd-sysvinit-249.16-150400.8.33.1 updated

- systemd-249.16-150400.8.33.1 updated

- sysuser-shadow-3.2-150400.3.5.3 updated

- udev-249.16-150400.8.33.1 updated

- vim-data-common-9.0.1632-150500.20.3.1 updated

- vim-9.0.1632-150500.20.3.1 updated

- xen-libs-4.17.2_02-150500.3.6.1 updated

- zypper-1.14.63-150400.3.29.1 updated

- samba-libs-4.17.9+git.367.dae41ffdd1f-150500.3.5.1 removed

Severity
Image Advisory ID : SUSE-IU-2023:612-1
Image Tags : sles-15-sp5-chost-byos-v20230915-arm64:20230915
Image Release :
Severity : critical
Type : security

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo