Download
| Alert*
oval:org.secpod.oval:def:89047187
This update for shibboleth-sp fixes the following issues: - Template generation allows external parameters to override placeholders oval:org.secpod.oval:def:89047539 This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues oval:org.secpod.oval:def:89047505 This update for virglrenderer fixes the following issues: - CVE-2022-0175: Fixed missing initialization of res-greater than ptr . oval:org.secpod.oval:def:89047355 This update of dpdk fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues oval:org.secpod.oval:def:89047112 This update for libtpms fixes the following issues: - CVE-2021-3746: Fixed out-of-bounds access via specially crafted TPM 2 command packets . oval:org.secpod.oval:def:89047071 This update for ovmf fixes the following issues: - Fixed a possible buffer overflow in IScsiDxe oval:org.secpod.oval:def:89047428 This update for stunnel fixes the following issues: Update to 5.62 including new features and bugfixes: * Security bugfixes - The 'redirect' option was fixed to properly handle unauthenticated requests . - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service . * Ne ... oval:org.secpod.oval:def:89046149 SUSE Linux Enterprise Server 15 SP3 is installed oval:org.secpod.oval:def:89047166 This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles . oval:org.secpod.oval:def:89047114 This update for redis fixes the following issues: redis was updated to 6.0.13: * CVE-2021-29477: Integer overflow in STRALGO LCS command * CVE-2021-29478: Integer overflow in COPY command for large intsets * Cluster: Skip unnecessary check which may prevent failure detection * Fix performance regr ... oval:org.secpod.oval:def:89047297 This update for ibutils fixes the following issues: - Hardening: Link ibis executable with -pie . oval:org.secpod.oval:def:89047170 This update for umoci fixes the following issues: Update to v0.4.7 . - CVE-2021-29136: Fixed overwriting of host files via malicious layer . oval:org.secpod.oval:def:89047144 This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. - Fix undefined behaviour in "ComplexUnitsConverter::applyRounder" - Update to release 69.1 - For Norwegian, "no" is back to being the canonical code, with "nb" treated as equivalent. Thi ... oval:org.secpod.oval:def:89047347 This update of s390-tools fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues oval:org.secpod.oval:def:89047578 This update of fwupdate fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues oval:org.secpod.oval:def:89047334 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes Maintaince issues fixed: - Fixed zstd detection - Added ndb rofs support - Fixed deadlock when multiple rpm processes try tp acquire the database lock oval:org.secpod.oval:def:89047077 This update for libvirt fixes the following issues: - lxc: controller: Fix container launch on cgroup v1. - supportconfig: Use systemctl command "is-active" instead of "is-enabled" when checking if libvirtd is active. - qemu: Do not report error in the logs when processing monitor IO. - spec: Fix ... oval:org.secpod.oval:def:89047274 This is a security test update for SUSE:SLE-15-SP3:Update oval:org.secpod.oval:def:89047412 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary . oval:org.secpod.oval:def:89047605 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. New options added : - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. oval:org.secpod.oval:def:89047615 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE . oval:org.secpod.oval:def:89047003 This update for clamav fixes the following issues: clamav was updated to 0.103.7 * Upgrade the vendored UnRAR library to version 6.1.7. * Fix logical signature Intermediates feature. * Relax constraints on slightly malformed zip archives that contain overlapping file entries. oval:org.secpod.oval:def:89047268 This update for bluez fixes the following issues: - CVE-2021-3588: Fixed a missing bounds checks inside cli_feat_read_cb function in src/gatt-database.c oval:org.secpod.oval:def:89048110 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOB ... oval:org.secpod.oval:def:89047496 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks . libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code - support parsing of Debian"s ... oval:org.secpod.oval:def:89047462 This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries . Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' . oval:org.secpod.oval:def:89047193 This update for gcc7 fixes the following issues: - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instructions when using - ... oval:org.secpod.oval:def:89047161 This update for libesmtp fixes the following issues: - CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c . oval:org.secpod.oval:def:89047300 This update for p7zip fixes the following issues:Fixed a NULL pointer dereference in NCompress:CCopyCoder:Code oval:org.secpod.oval:def:89047143 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW . - Add $HOME/.local/bin to PATH, if it exists . - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform . - Support xz compressed kernel oval:org.secpod.oval:def:89047327 This update for clamav fixes the following issues: - Update to 0.103.4 . - Update to 0.103.3 . oval:org.secpod.oval:def:89047320 This update for wireshark fixes the following issues: Update wireshark to 3.4.6. Including a fix for: - DVB-S2-BB dissector infinite loop . oval:org.secpod.oval:def:89047081 This update for OpenIPMI fixes the following issues: - Fixed an issue where OpenIPMI was creating non-position independent binaries . oval:org.secpod.oval:def:89047074 This update for librsvg fixes the following issues: - librsvg was updated to 2.46.5: * Update dependent crates that had security vulnerabilities: smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2021-25900 oval:org.secpod.oval:def:89047075 This update for dtc fixes the following issues: - make all packaged binaries PIE-executables . oval:org.secpod.oval:def:89047298 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries oval:org.secpod.oval:def:89047241 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets oval:org.secpod.oval:def:89047265 This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard oval:org.secpod.oval:def:89047257 This update for ipvsadm fixes the following issues: - Hardening: link as position independent executable . oval:org.secpod.oval:def:89047206 This update for giflib fixes the following issues: - Enable Position Independent Code and inherit CFLAGS from the build system . oval:org.secpod.oval:def:89047224 This update for java-11-openjdk fixes the following issues: java-11-openjdk was upgraded to include January 2021 CPU - Enable Sheandoah GC for x86_64 oval:org.secpod.oval:def:89047222 This update for fwupdate fixes the following issues: - Add SBAT section to EFI images oval:org.secpod.oval:def:89047369 This update for perl-DBD-SQLite fixes the following issues: - updated to 1.66 - Use external sqlite3 library rather than internal code oval:org.secpod.oval:def:89047202 This update for subversion fixes the following issues: - CVE-2020-17525: A null-pointer-dereference has been found in mod_authz_svn that results in a remote unauthenticated Denial-of-Service in some server configurations . oval:org.secpod.oval:def:89047267 This update for libjpeg-turbo fixes the following issues: - CVE-2020-17541: Fixed a stack-based buffer overflow in the "transform" component . oval:org.secpod.oval:def:89048547 This update of dpdk fixes the following issues: * rebuild the package with the new secure boot key . oval:org.secpod.oval:def:89048597 This update of grub2 fixes the following issues: * rebuild the package with the new secure boot key . oval:org.secpod.oval:def:89048617 This update of oracleasm fixes the following issues: * rebuild the package with the new secure boot key . oval:org.secpod.oval:def:89048621 This update for conmon fixes the following issues: * rebuild against supported go 1.19 * no functional changes. oval:org.secpod.oval:def:89047425 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue . - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap . - CVE-2019-6285: Fixed remote DOS via a cra ... oval:org.secpod.oval:def:89047174 This update for cryptctl fixes the following issues: Update to version 2.4: - CVE-2019-18906: Client side password hashing was equivalent to clear text password storage - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organization - in RPC s ... oval:org.secpod.oval:def:89047433 This update for libyang fixes the following issues: - CVE-2021-28905: Fixed a reachable assertion which could be exploited by an attacker to cause a denial of service . oval:org.secpod.oval:def:89047500 This update for python-Flask-Security-Too fixes the following issues: - CVE-2021-21241: Fixed an issue where GET requests lacking CSRF protection to certain endpoints could return the user"s authentication token . oval:org.secpod.oval:def:89047365 This update for libyang fixes the following issues: - CVE-2021-28906: Fixed missing check in read_yin_leaf that can lead to DoS - CVE-2021-28904: Fixed missing check in ext_get_plugin that lead to DoS . - CVE-2021-28903: Fixed stack overflow in lyxml_parse_mem . - CVE-2021-28902: Fixed missing chec ... oval:org.secpod.oval:def:89047349 This update for libarchive fixes the following issues: - CVE-2021-23177: Fixed symlink ACL extraction that modifies ACLs of the target system . oval:org.secpod.oval:def:89047419 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths . oval:org.secpod.oval:def:89047493 This update for libjpeg-turbo fixes the following issues: - CVE-2020-35538: Fixed null pointer dereference in jcopy_sample_rows function . oval:org.secpod.oval:def:89047673 This update for jasper fixes the following issues: - CVE-2022-2963: Fixed memory leaks in function cmdopts_parse . oval:org.secpod.oval:def:89047792 This update for python-waitress fixes the following issues: - CVE-2022-24761: Fixed a bug to avoid inconsistent interpretation of HTTP requests leading to request smuggling oval:org.secpod.oval:def:89047438 This update for jasper fixes the following issues: - CVE-2021-27845: Fixed divide-by-zery issue in cp_create . oval:org.secpod.oval:def:89047576 This update for ldns fixes the following issues: - CVE-2020-19860: Fixed heap-based out of bounds read when verifying a zone file . - CVE-2020-19861: Fixed heap-based out of bounds read in ldns_nsec3_salt_data . oval:org.secpod.oval:def:89047367 This update for dpdk fixes the following issues: Security: - CVE-2021-3839: Fixed a memory corruption issue during vhost-user communication . - CVE-2022-0669: Fixed a denial of service that could be triggered by a vhost-user master . Bugfixes: - kni: allow configuring thread granularity . - Fixed re ... oval:org.secpod.oval:def:89047575 This update for virglrenderer fixes the following issues: - CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data . oval:org.secpod.oval:def:89047395 This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API . oval:org.secpod.oval:def:89048835 This update of container-suseconnect fixes the following issues: * rebuild the package with the go 19.9 secure release . oval:org.secpod.oval:def:89048871 This update of runc fixes the following issues: * rebuild the package with the go 19.9 secure release . oval:org.secpod.oval:def:89048855 This update of conmon fixes the following issues: * rebuild the package with the go 19.9 secure release . oval:org.secpod.oval:def:89048831 This update of helm fixes the following issues: * rebuild the package with the go 19.9 secure release . oval:org.secpod.oval:def:89048889 This update of kubernetes1.18 fixes the following issues: * rebuild the package with the go 1.19 security release . oval:org.secpod.oval:def:89048838 This update of skopeo fixes the following issues: * rebuild the package with the go 19.9 secure release . oval:org.secpod.oval:def:89048879 This update of geoipupdate fixes the following issues: * rebuild the package with the go 1.19 security release . oval:org.secpod.oval:def:89048771 This update of s390-tools fixes the following issues: * rebuild the package with the new secure boot key . oval:org.secpod.oval:def:89048721 This update for gradle fixes the following issues: * CVE-2021-29428: Fixed a local privilege escalation through system temporary directory oval:org.secpod.oval:def:89048806 This update for indent fixes the following issues: * Fixed multiple memory safety issues . oval:org.secpod.oval:def:89048810 This update for netty, netty-tcnative fixes the following issues: netty: * Security fixes included in this version update from 4.1.75 to 4.1.90: * CVE-2022-24823: Local Information Disclosure Vulnerability in Netty on Unix- Like systems due temporary files for Java 6 and lower in io.netty:netty- cod ... oval:org.secpod.oval:def:89048872 This update for containerd fixes the following issues: * Rebuild containerd with a current version of go to catch up on bugfixes and security fixes oval:org.secpod.oval:def:89048756 This update of fwupd fixes the following issues: * rebuild the package with the new secure boot key . oval:org.secpod.oval:def:89048896 This update for kubernetes1.23 fixes the following issues: * add kubernetes1.18-client-common as conflicts with kubernetes-client-bash- completion * Split individual completions into separate packages Update to version 1.23.17: * releng: Update images, dependencies and version to Go 1.19.6 * Update ... oval:org.secpod.oval:def:89047386 This update for cryptsetup fixes the following issues: - CVE-2021-4122: Fixed possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery . oval:org.secpod.oval:def:89047122 This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed recursion issue in block and any productions . oval:org.secpod.oval:def:89047290 This update for dnsmasq fixes the following issues: Update to version 2.86 - CVE-2021-3448: fixed outgoing port used when --server is used with an interface name. - CVE-2020-14312: Set --local-service by default . - Open inotify socket only when used . oval:org.secpod.oval:def:89048185 This update for bluez fixes the following issues: - CVE-2022-39176: Fixed a memory safety issue that could allow physically proximate attackers to obtain sensitive information . - CVE-2022-39177: Fixed a memory safety issue that could allow physically proximate attackers to cause a denial of service ... oval:org.secpod.oval:def:89047532 This update for udisks2 fixes the following issues: - CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers . - Fixed vulnerability that allowed mounting ext4 devices over existing entries in fstab . oval:org.secpod.oval:def:89047225 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow UPDATE: This update was buggy and could lead to hangs, so it has been retracted. There will be a follow up update. oval:org.secpod.oval:def:89047472 This update for apache2-mod_auth_mellon fixes the following issues: - CVE-2021-3639: Fixed open Redirect vulnerability in logout URLs oval:org.secpod.oval:def:89048624 This update for xstream fixes the following issues: * CVE-2022-40151: Fixed stackoverflow in XML serialization . * CVE-2022-41966: Fixed denial of service via uncontrolled recursion during deserialization . * Upgrade to 1.4.20. oval:org.secpod.oval:def:89047698 This update for clone-master-clean-up fixes the following issues: - CVE-2021-32000: Fixed some potentially dangerous file system operations . Bugfixes: - Fixed clone-master-clean-up failing to remove btrfs snapshots . oval:org.secpod.oval:def:89047099 This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root . oval:org.secpod.oval:def:89047463 This update for pgadmin4 fixes the following issues: - CVE-2022-0959: Fixed an unrestricted file upload . oval:org.secpod.oval:def:89047095 This update for ghostscript fixes the following issues: Security issue fixed: - CVE-2021-3781: Fixed a trivial -dSAFER bypass command injection Also a hardening fix was added: - Link as position independent executable oval:org.secpod.oval:def:89048910 This update of cni-plugins fixes the following issues: * rebuild the package with the go 1.19 security release . oval:org.secpod.oval:def:89048911 This update of cni fixes the following issues: * rebuild the package with the go 1.19 security release . oval:org.secpod.oval:def:89049572 This update for supportutils fixes the following issues: Security fixes: * CVE-2022-45154: Removed iSCSI passwords . Other Fixes: * Changes in version 3.1.26 * powerpc plugin to collect the slots and active memory * A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 * support ... oval:org.secpod.oval:def:89048985 This update for salt fixes the following issues: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for salt * ... oval:org.secpod.oval:def:89049059 This update of kubernetes1.18 fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89048977 This update for salt fixes the following issues: salt: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for s ... oval:org.secpod.oval:def:89049026 This update for salt fixes the following issues: salt: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for s ... oval:org.secpod.oval:def:89048077 This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD . - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM . - CVE-2022-41861: Fixes a crash on invalid abinary data . oval:org.secpod.oval:def:89048015 This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet . oval:org.secpod.oval:def:89047387 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd"s systemd-tmpfiles which could cause a minor denial of service. Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89047626 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd"s systemd-tmpfiles . The following non-security bugs were fixed: - udev/net_id: don"t generate slot based names if multiple devices might claim the same slot - localectl: don"t omit keyma ... oval:org.secpod.oval:def:89047388 This update for bluez fixes the following issues: - CVE-2022-0204: Fixed a buffer overflow in the implementation of the gatt protocol . oval:org.secpod.oval:def:89047376 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free . oval:org.secpod.oval:def:89048111 This update for ovmf fixes the following issues: - CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg . oval:org.secpod.oval:def:89047761 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser . oval:org.secpod.oval:def:89048603 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20230214 release. Security issues fixed: * CVE-2022-38090: Security updates for INTEL-SA-00767 * CVE-2022-33196: Security updates for INTEL-SA-00738 * CVE-2022-21216: Security updates for INTEL-SA-00700 * New P ... oval:org.secpod.oval:def:89048866 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230512 release. * New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 0000 ... oval:org.secpod.oval:def:89049020 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230512 release. * New platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL-N | A0 | 06-be-00/01 | | 0000 ... oval:org.secpod.oval:def:89047526 This update for 389-ds fixes the following issues: - CVE-2021-4091: Fixed double free in psearch . - CVE-2022-1949: Fixed full access control bypass with simple crafted query . oval:org.secpod.oval:def:89047504 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release : - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave . See also: https://www.intel.com/conte ... oval:org.secpod.oval:def:89047508 This update for kernel-firmware fixes the following issues: Update Intel Wireless firmware for 9xxx : CVE-2021-0161: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access. CVE- ... oval:org.secpod.oval:def:89047569 This update for kernel-firmware fixes the following issues: Update AMD ucode and SEV firmware - oval:org.secpod.oval:def:89047602 This update for 389-ds fixes the following issues: - CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie . Non-security fixes: - Update to version 1.4.4.19~git46.c900a28c8: * CI - makes replication/acceptance_test.py::test_modify_e ... oval:org.secpod.oval:def:89047625 This update for 389-ds fixes the following issues: - CVE-2022-0918: Fixed a potential denial of service via crafted packet . - CVE-2022-0996: Fixed a mishandling of password expiry . - Resolved LDAP-Support not working with DHCP by adding required schema - Resolved multiple index migration bug oval:org.secpod.oval:def:89047629 This update for tiff fixes the following issues: - CVE-2017-17095: Fixed DoS in tools/pal2rgb.c in pal2rgb . - CVE-2019-17546: Fixed integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image . - CVE-2020-19131: Fixed buffer overflow in tiffcrop that may cause DoS ... oval:org.secpod.oval:def:89047364 This update for xerces-j2 fixes the following issues: - CVE-2022-23437: Fixed infinite loop within Apache XercesJ xml parser . oval:org.secpod.oval:def:89049251 This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89049090 This update of skopeo fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89049128 This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89049114 This update of cni-plugins fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89049117 This update of cni fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89049091 This update of geoipupdate fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89049109 This update for java-1_8_0-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 6 : * Fixed issue in Java Virtual Machine where outofmemory killer terminates the jvm due to failure in control groups detection. oval:org.secpod.oval:def:89049328 This update for ca-certificates-mozilla fixes the following issues: * Updated to 2.62 state of Mozilla SSL root CAs Added: * Atos TrustedRoot Root CA ECC G2 2020 * Atos TrustedRoot Root CA ECC TLS 2021 * Atos TrustedRoot Root CA RSA G2 2020 * Atos TrustedRoot Root CA RSA TLS 2021 * BJCA Global Root ... oval:org.secpod.oval:def:89047289 This update for libqt5-qtsvg fixes the following issues: - CVE-2021-3481: Fixed an out of bounds read in function QRadialFetchSimd from crafted svg file oval:org.secpod.oval:def:89047470 This update for fribidi fixes the following issues: - CVE-2022-25308: Fixed stack out of bounds read . - CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode . - CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks . oval:org.secpod.oval:def:89047958 This update for erlang fixes the following issues: - CVE-2022-37026: fixed a client authorization bypass vulnerability for SSL, TLS, and DTLS in Erlang/OTP. [bsc#1205318] oval:org.secpod.oval:def:89049302 This update for erlang fixes the following issues: * Replaced the CVE-2022-37026 patch with the one released by the upstream to fix a regression in the previous one oval:org.secpod.oval:def:89047397 This update for ldb fixes the following issues: - Update to version 2.4.2 - CVE-2021-3670: Fixed an issue where the LDAP server MaxQueryDuration value would not be honoured . oval:org.secpod.oval:def:89047264 This update for 389-ds fixes the following issues: - Update to 1.4.4.16 - CVE-2021-3652: Fixed crypt handling of locked accounts oval:org.secpod.oval:def:89047318 This update for rabbitmq-server fixes the following issues: - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page in management UI . - CVE-2021-32719: Fixed improper neutralization of script-related HTML tags in a web page in federation management plugin . - CVE ... oval:org.secpod.oval:def:89049567 This update for busybox fixes the following issues: * CVE-2022-48174: Fixed stack overflow vulnerability oval:org.secpod.oval:def:89047383 This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation . oval:org.secpod.oval:def:89047595 This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash oval:org.secpod.oval:def:89047624 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql . oval:org.secpod.oval:def:89048188 This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover oval:org.secpod.oval:def:89048045 This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass oval:org.secpod.oval:def:89048180 This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user"s password . oval:org.secpod.oval:def:89048176 This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed . - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM ... oval:org.secpod.oval:def:89048193 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing . oval:org.secpod.oval:def:89048085 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting . Bug fixes: - Support by-path devlink for multipath nvme block devices . - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon . - Restrict cpu r ... oval:org.secpod.oval:def:89047809 This update for buildah fixes the following issues: - CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host . - CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process . - CVE-2022-2990: Fix ... oval:org.secpod.oval:def:89047180 This update for postgresql13 fixes the following issues: - CVE-2021-3677: Fixed memory disclosure in certain queries . - Fixed build with llvm12 on s390x . - Re-enabled icu for PostgreSQL 10 . - Made the dependency of postgresqlXX-server-devel on llvm and clang optional . - llvm12 breaks PostgreSQL ... oval:org.secpod.oval:def:89047087 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge oval:org.secpod.oval:def:89047117 This update for xen fixes the following issues: Update to Xen 4.13.3 general bug fix release . Security issues fixed: - CVE-2021-28693: xen/arm: Boot modules are not scrubbed - CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling - CVE-2021-0089: xen: Speculative Code Store By ... oval:org.secpod.oval:def:89047344 This update for mutt fixes the following issues: - CVE-2022-1328: Fixed an invalid memory access when reading untrusted uuencoded data. This could result in including private memory in replies . oval:org.secpod.oval:def:89047953 This update for opensc fixes the following issues: - CVE-2019-6502: Fixed memory leak in sc_context_create in ctx.c . oval:org.secpod.oval:def:89047583 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 : - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GN ... oval:org.secpod.oval:def:89048730 This update for pgadmin4 fixes the following issues: * CVE-2023-0241: Fixed a directory traversal vulnerability . oval:org.secpod.oval:def:89048142 This update for MozillaFirefox fixes the following issues: - Updated to version 102.7.0 ESR : - CVE-2022-46871: Updated an out of date library which contained several vulnerabilities. - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and drop on Linux. - CVE-2023-23601: Fixed a potential ... oval:org.secpod.oval:def:89048675 This update for python-Werkzeug fixes the following issues: * CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields . oval:org.secpod.oval:def:89048854 This update for dmidecode fixes the following issues: * CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite . oval:org.secpod.oval:def:89049581 This update of containerd fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89049357 This update of kubernetes1.18 fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89049372 This update of geoipupdate fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89049370 This update of skopeo fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89049358 This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89049810 This update of runc fixes the following issues: * Update to runc v1.1.8. Upstream changelog is available from less than https://github.com/opencontainers/runc/releases/tag/v1.1.8greater than . * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89049589 This update of cni-plugins fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89049576 This update of cni fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89049569 This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89051046 This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89048157 This update for libzypp-plugin-appdata fixes the following issues: - CVE-2023-22643: Fixed potential shell injection related to malicious repo names . - Added hardening to systemd service . oval:org.secpod.oval:def:89048780 This update for shadow fixes the following issues: * CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn . oval:org.secpod.oval:def:89049111 This update for bouncycastle fixes the following issues: * CVE-2023-33201: Fixed an issue with the X509LDAPCertStoreSpi where a specially crafted certificate subject could be used to try and extract extra information out of an LDAP server . oval:org.secpod.oval:def:89049178 This update for xmltooling fixes the following issues: * CVE-2023-36661: Fix server-side request forgery vulnerability oval:org.secpod.oval:def:89048620 This update for pesign fixes the following issues: * CVE-2022-3560: Fixed pesign-authorize ExecStartPost script allowing privilege escalation from pesign to root . oval:org.secpod.oval:def:89048154 This update for rust1.65 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH . oval:org.secpod.oval:def:89047799 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der oval:org.secpod.oval:def:89048190 This update for nginx fixes the following issues: - CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. - CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads oval:org.secpod.oval:def:89048905 This update for wayland fixes the following issues: * CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling oval:org.secpod.oval:def:89047535 This update for postgresql13 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes . oval:org.secpod.oval:def:89047368 This update for dpdk fixes the following issues: - CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs . - CVE-2022-28199: Fixed buffer overflow in the vhost code . oval:org.secpod.oval:def:89047452 This update for postgresql14 fixes the following issues: - CVE-2022-1552: Confine additional operations within 'security restricted operation' sandboxes . oval:org.secpod.oval:def:89047630 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames oval:org.secpod.oval:def:89047618 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames oval:org.secpod.oval:def:89048685 This update for poppler fixes the following issues: * CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder . Bugfixes: * Fixed issue where some PDF generators generate PDF with some wrong numbers in entry table, but the content is still valid . oval:org.secpod.oval:def:89047471 This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 : - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges . oval:org.secpod.oval:def:89047649 This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability . oval:org.secpod.oval:def:89047491 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification . oval:org.secpod.oval:def:89047549 This update for gdk-pixbuf fixes the following issues: - CVE-2021-46829: Fixed overflow when compositing or clearing frames . oval:org.secpod.oval:def:89047468 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections . oval:org.secpod.oval:def:89047340 This update for wavpack fixes the following issues: - CVE-2022-2476: Fixed a Null pointer dereference in wvunpack . oval:org.secpod.oval:def:89047524 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability . - Use AES as default cipher instead of 3DES when we are in FIPS mode oval:org.secpod.oval:def:89047598 This update for perl-HTTP-Daemon fixes the following issues: - CVE-2022-31081: Fixed request smuggling in HTTP::Daemon . oval:org.secpod.oval:def:89047536 This update for harfbuzz fixes the following issues: - CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc . oval:org.secpod.oval:def:89047447 This update for cups fixes the following issues: - CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability oval:org.secpod.oval:def:89047391 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format . oval:org.secpod.oval:def:89048477 This update for python-PyJWT fixes the following issues: * CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats . * Update in SLE-15 * Update to 2.4.0 * Explicit check the key for ECAlgorithm * Don"t use implicit optionals * documentation fix: show correct scope * fix: Up ... oval:org.secpod.oval:def:89047521 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products . The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabli ... oval:org.secpod.oval:def:89047389 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue oval:org.secpod.oval:def:89047567 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions . oval:org.secpod.oval:def:89047545 This update for clamav fixes the following issues: - CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser . - CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check . - CVE-2022-20771: Fixed a possible infinite loop vulnerabilit ... oval:org.secpod.oval:def:89047354 This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection . - CVE-2022-24736: Fixed Lua NULL pointer dereference . oval:org.secpod.oval:def:89047556 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution oval:org.secpod.oval:def:89047446 This update for python-Twisted fixes the following issues: - CVE-2022-24801: Fixed to not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP request smuggling oval:org.secpod.oval:def:89047614 This update for libarchive fixes the following issues: - CVE-2022-26280: Fixed out-of-bounds read via the component zipx_lzma_alone_init . oval:org.secpod.oval:def:89047631 This update for openvpn fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in . oval:org.secpod.oval:def:89047520 This update for python-paramiko fixes the following issues: - CVE-2022-24302: Fixed a race condition between creation and chmod when writing private keys oval:org.secpod.oval:def:89047621 This update for libcaca fixes the following issues: - CVE-2022-0856: Fixed a divide by zero issue which could be exploited to cause an application crash . oval:org.secpod.oval:def:89047375 This update for wavpack fixes the following issues: - CVE-2021-44269: Fixed out of bounds read in processing .wav files . oval:org.secpod.oval:def:89047311 This update for postgresql14 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake . - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake . - Let rpmlint ignore shlib-policy-name-error . oval:org.secpod.oval:def:89047284 This update for postgresql13 fixes the following issues: - CVE-2021-23214: Make the server reject extraneous data after an SSL or GSS encryption handshake . - CVE-2021-23222: Make libpq reject extraneous data after an SSL or GSS encryption handshake . oval:org.secpod.oval:def:89047572 This update for python-Twisted fixes the following issues: - CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory . oval:org.secpod.oval:def:89048037 This update for libtpms fixes the following issues: - CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM oval:org.secpod.oval:def:89047411 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . The following non-security bugs were fixed: - postfix: sasl authentication with password fails . oval:org.secpod.oval:def:89047580 This update for polkit fixes the following issues: - CVE-2021-4115: Fixed a denial of service via file descriptor leak . oval:org.secpod.oval:def:89047488 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; ; ; - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; ; ; - CVE-2022-0336: Samba AD users with permission to write to an acco ... oval:org.secpod.oval:def:89047374 This update for swtpm fixes the following issues: - Update to version 0.5.3 - CVE-2022-23645: Check header size indicator against expected size . oval:org.secpod.oval:def:89047082 This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync . oval:org.secpod.oval:def:89047538 This update for firewalld, golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods ... oval:org.secpod.oval:def:89047706 This update for golang-github-prometheus-node_exporter fixes the following issues: oval:org.secpod.oval:def:89047466 This security update for golang-github-prometheus-node_exporter provides: Update golang-github-prometheus-node_exporter from version 1.1.2 to version 1.3.0 - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update to 1.3 ... oval:org.secpod.oval:def:89047341 This update for python-Twisted fixes the following issues: - CVE-2022-21712: Fixed secret exposure in cross-origin redirects by properly removing sensitive headers when redirecting to a different origin . oval:org.secpod.oval:def:89047439 This update for strongswan fixes the following issues: - CVE-2021-45079: Fixed authentication bypass in EAP authentication oval:org.secpod.oval:def:89047606 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol . oval:org.secpod.oval:def:89047502 This update for xen fixes the following issues: - CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. - CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. - CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. Special I ... oval:org.secpod.oval:def:89047517 This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE . - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd . oval:org.secpod.oval:def:89046994 This update for gdk-pixbuf fixes the following issues: - CVE-2021-44648: Fixed overflow vulnerability in lzw code size . oval:org.secpod.oval:def:89047559 This update for ghostscript fixes the following issues: - CVE-2021-45944: Fixed use-after-free in sampled_data_sample - CVE-2021-45949: Fixed heap-based buffer overflow in sampled_data_finish oval:org.secpod.oval:def:89047424 This update for lapack fixes the following issues: - CVE-2021-4048: Fixed an out of bounds read when user input was not validated properly . oval:org.secpod.oval:def:89047236 This update for strongswan fixes the following issues: A feature was added: - Add auth_els plugin to support Marvell FC-SP encryption Security issues fixed: - CVE-2021-41991: Fixed an integer overflow when replacing certificates in cache. - CVE-2021-41990: Fixed an integer Overflow in the gmp Plug ... oval:org.secpod.oval:def:89047330 This update for redis fixes the following issues: - CVE-2021-32627: Fixed integer to heap buffer overflows with streams . - CVE-2021-32628: Fixed integer to heap buffer overflows handling ziplist-encoded data types . - CVE-2021-32687: Fixed integer to heap buffer overflow with intsets . - CVE-2021-3 ... oval:org.secpod.oval:def:89047328 This update for xen fixes the following issues: - CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling . - Upstream bug fixes oval:org.secpod.oval:def:89047160 This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH oval:org.secpod.oval:def:89047209 This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed DoS or information disclosure in some configurations . - CVE-2021-39272: Fixed STARTTLS session encryption bypassing . - Update to 6.4.22 - Remove all python2 dependencies . - De-hardcode /usr/lib path for launch executa ... oval:org.secpod.oval:def:89047324 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious a ... oval:org.secpod.oval:def:89047078 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings . oval:org.secpod.oval:def:89047124 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field . oval:org.secpod.oval:def:89047079 This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed a missing variable initialization that can cause read from bad memory locations. - Change PASSWORDLEN from 64 to 256 oval:org.secpod.oval:def:89047304 This update for systemd fixes the following issues: - Updated to version 246.15 - CVE-2021-33910: Fixed a denial of service issue in systemd. - CVE-2020-13529: Fixed an issue that allows crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofin ... oval:org.secpod.oval:def:89047096 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd oval:org.secpod.oval:def:89047141 This update for aspell fixes the following issues: - CVE-2019-25051: Fixed heap-buffer-overflow in acommon:ObjStack:dup_top . oval:org.secpod.oval:def:89047205 This update for linuxptp fixes the following issues: - CVE-2021-3570: Fixed messageLength validation field of incoming messages . oval:org.secpod.oval:def:89047140 This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 : Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has local access. ... oval:org.secpod.oval:def:89047138 This update for dovecot23 fixes the following issues: - CVE-2021-29157: Local attacker can login as any user and access their emails - CVE-2021-33515: Attacker can potentially steal user credentials and mails oval:org.secpod.oval:def:89047410 This update for flac fixes the following issues: - CVE-2021-0561: Fixed out of bound write in append_to_verify_fifo_interleaved_ . oval:org.secpod.oval:def:89047385 This update for xscreensaver fixes the following issues: - CVE-2021-34557: Fixed potential crash and unlock while disconnecting video output with more than 10 monitors oval:org.secpod.oval:def:89047282 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding . oval:org.secpod.oval:def:89047090 This update for tpm2.0-tools fixes the following issues: - CVE-2021-3565: Fixed issue when no encrypted session with the TPM is used . oval:org.secpod.oval:def:89047232 This update for redis fixes the following issues: - Upgrade to 6.0.14 - CVE-2021-32625: An integer overflow bug could be exploited by using the STRALGO LCS command to cause remote remote code execution - Fix crash in UNLINK on a stream key with deleted consumer groups - SINTERSTORE: Add missing key ... oval:org.secpod.oval:def:89047176 This update for postgresql13 fixes the following issues: - Upgrade to version 13.3: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations . - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists . - CVE-2021-32029: Fixed possibly- ... oval:org.secpod.oval:def:89047331 This update for nginx fixes the following issues: - CVE-2021-23017: nginx DNS resolver off-by-one heap write oval:org.secpod.oval:def:89047252 This update for libX11 fixes the following issues: - Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign oval:org.secpod.oval:def:89047210 This update for libX11 fixes the following issues: - CVE-2021-31535: Fixed missing request length checks in libX11 . oval:org.secpod.oval:def:89047262 This update for dhcp fixes the following issues: - CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient oval:org.secpod.oval:def:89047097 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify . - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number . oval:org.secpod.oval:def:89047072 This update for rpm fixes the following issues: - Changed default package verification level to "none" to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb"s glue code - Added support for enforcing signature policy and payload verification ... oval:org.secpod.oval:def:89047253 This update for hivex fixes the following issues: - CVE-2021-3504: hivex: missing bounds check within hivex_open oval:org.secpod.oval:def:89047296 This update for cups fixes the following issues: - CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks oval:org.secpod.oval:def:89047211 This update for binutils fixes the following issues: - For compatibility on old code stream that expect "brcl 0,label" to not be disassembled as "jgnop label" on s390x. This reverts IBM zSeries HLASM support for now. - Fixed that ppc64 optflags did not enable LTO . - Fix empty man-pages from broken ... oval:org.secpod.oval:def:89047228 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent . oval:org.secpod.oval:def:89047495 This update for jasper fixes the following issues: - CVE-2021-3467: Fixed NULL pointer deref in jp2_decode . - CVE-2021-3443: Fixed NULL pointer deref in jp2_decode . - CVE-2021-26927: Fixed NULL pointer deref in jp2_decode . - CVE-2021-26926: Fixed an out of bounds read in jp2_decode . oval:org.secpod.oval:def:89047271 This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues: gstreamer was updated to version 1.16.3 : - delay creation of threadpools - bin: Fix `deep-element-removed` log message - buffer: fix meta sequence num ... oval:org.secpod.oval:def:89047259 This update for gstreamer-plugins-bad fixes the following issues: - Update to version 1.16.3: - CVE-2021-3185: buffer overflow in gst_h264_slice_parse_dec_ref_pic_marking - amcvideodec: fix sync meta copying not taking a reference - audiobuffersplit: Perform discont tracking on running time - audio ... oval:org.secpod.oval:def:89047221 This update for flac fixes the following issues: - CVE-2020-0499: Fixed an out-of-bounds access . oval:org.secpod.oval:def:89047142 This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for Realm Management Extension for AArch64 has been added. * A new linker option "-z report-relative-reloc" for x86 ELF targets has be ... oval:org.secpod.oval:def:89047273 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py . oval:org.secpod.oval:def:89047429 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforce ... oval:org.secpod.oval:def:89047490 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certifica ... oval:org.secpod.oval:def:89047108 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fa ... oval:org.secpod.oval:def:89047281 This update for python-rsa fixes the following issues: - CVE-2020-13757: Proper handling of leading "\0" bytes during decryption of ciphertext oval:org.secpod.oval:def:89047080 This update for python-httplib2 fixes the following issues: - Update to version 0.19.0 . - CVE-2021-21240: Fixed regular expression denial of service via malicious header . - CVE-2020-11078: Fixed unescaped part of uri where an attacker could change request headers and body . oval:org.secpod.oval:def:89047172 This update for fribidi fixes the following issues: Security issues fixed: - CVE-2019-18397: Avoid buffer overflow oval:org.secpod.oval:def:89047372 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files . oval:org.secpod.oval:def:89047276 This update for opensc fixes the following issues: - CVE-2019-15945: Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string . - CVE-2019-15946: Fixed an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry - CVE-2019-19479: Fixed an incorrect read operation during pa ... oval:org.secpod.oval:def:89047959 This update for libdb-4_8 fixes the following issues: - CVE-2019-2708: Fixed partial DoS due to data store execution . oval:org.secpod.oval:def:89047185 This update for libu2f-host fixes the following issues: This update ships the u2f-host package Version 1.1.10 - Add new devices to udev rules. - Fix a potentially uninitialized buffer Version 1.1.9 - Fix CID copying from the init response, which broke compatibility with some devices. Version 1.1 ... oval:org.secpod.oval:def:89047167 This update for libcryptopp fixes the following issues: - CVE-2016-9939: Fixed potential DoS in Crypto++ ASN.1 parser . oval:org.secpod.oval:def:89047537 This update for libinput fixes the following issues: - CVE-2022-1215: Fixed a format string vulnerability . oval:org.secpod.oval:def:89047552 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create Features added: - IBM Power 10 string operation improvements oval:org.secpod.oval:def:89047420 This update for spice fixes the following issues: - CVE-2021-20201: Fixed an issue which could allow clients to cause a denial of service by repeatedly renegotiating a connection . oval:org.secpod.oval:def:89047603 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 : - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. oval:org.secpod.oval:def:89047448 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck . - FIPS: mark al ... oval:org.secpod.oval:def:89048143 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . oval:org.secpod.oval:def:89047727 This update for tiff fixes the following issues: - CVE-2022-2519: Fixed a double free in rotateImage . - CVE-2022-2520: Fixed a assertion failure in rotateImage . - CVE-2022-2521: Fixed invalid free in TIFFClose . - CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c . - CVE-2022-2868: F ... oval:org.secpod.oval:def:89047434 This update for tiff fixes the following issues: - CVE-2022-2056: Fixed a division by zero denial of service . - CVE-2022-2057: Fixed a division by zero denial of service . - CVE-2022-2058: Fixed a division by zero denial of service . oval:org.secpod.oval:def:89051061 This update for apache-ivy fixes the following issues: * Upgrade to version 2.5.2 * CVE-2022-46751: Fixed an XML External Entity Injections that could be exploited to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways oval:org.secpod.oval:def:89048587 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed ... oval:org.secpod.oval:def:89051051 This update for libsndfile fixes the following issues: * CVE-2022-33065: Fixed an integer overflow that could cause memory safety issues when reading a MAT4 file . oval:org.secpod.oval:def:89047366 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220207 release. - CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege - CVE-2021-0127: Intel Processor Breakpoint Control Flow - CVE-2021-0145: Fa ... oval:org.secpod.oval:def:89047381 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220510 release. Updated to Intel CPU Microcode 20220419 release. - CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel Processors may allow an authenticated ... oval:org.secpod.oval:def:89047948 This update for nginx fixes the following issues: - CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed . oval:org.secpod.oval:def:89047015 This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack . - Added hardening to systemd services . Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled . - Allowed wait4 to be called so that the broker can wait for its child ... oval:org.secpod.oval:def:89047159 This update for graphviz fixes the following issues: - CVE-2020-18032: Fixed possible remote code execution via buffer overflow . oval:org.secpod.oval:def:89047674 This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. - multipathd: add 'force_reconfigure' option The command 'multipathd -kreconfigure' changes behavior: instead of ... oval:org.secpod.oval:def:89047342 This update for cifs-utils fixes the following issues: - CVE-2022-29869: Fixed verbose messages on option parsing causing information leak . oval:org.secpod.oval:def:89047600 This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option . oval:org.secpod.oval:def:89047519 This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions oval:org.secpod.oval:def:89049225 This update for cjose fixes the following issues: * CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag . oval:org.secpod.oval:def:89049371 This update for open-vm-tools fixes the following issues: * CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module . Bug fixes: * Fixed build problem with grpc 1.54 . oval:org.secpod.oval:def:89048178 This update for xrdp fixes the following issues: - CVE-2022-23477: Fixed a buffer overflow for oversized audio format from client . oval:org.secpod.oval:def:89047292 This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues: Update wireshark to version 3.4.5 - New and updated support and bug fixes for multiple protocols - Asynchronous DNS resolution is always enabled - Protobuf fields can be dissected as Wireshark fields - UI im ... oval:org.secpod.oval:def:89047076 This update for wireshark fixes the following issues: - Update to Wireshark 3.4.7 - CVE-2021-22235: Fixed DNP dissector crash . oval:org.secpod.oval:def:89047272 This update for wireshark fixes the following issues: - Update to Wireshark 3.4.10: - CVE-2021-39920: IPPUSB dissector crash . - CVE-2021-39921: Modbus dissector crash . - CVE-2021-39922: C12.22 dissector crash . - CVE-2021-39924: Bluetooth DHT dissector large loop . - CVE-2021-39925: Bluetooth SDP ... oval:org.secpod.oval:def:89047394 This update for wireshark fixes the following issues: Update to version 3.6.1: - CVE-2021-4185: RTMPT dissector infinite loop - CVE-2021-4184: BitTorrent DHT dissector infinite loop - CVE-2021-4183: pcapng file parser crash - CVE-2021-4182: RFC 7468 file parser infinite loop - CVE-2021-4181: Sys ... oval:org.secpod.oval:def:89047483 This update for wireshark fixes the following issues: Update to Wireshark 3.6.2: - CVE-2022-0586: RTMPT dissector infinite loop - CVE-2022-0585: Large loops in multiple dissectors - CVE-2022-0583: PVFS dissector crash - CVE-2022-0582: CSN.1 dissector crash - CVE-2022-0581: CMS dissector crash oval:org.secpod.oval:def:89047617 This update for wireshark fixes the following issues: Updated to Wireshark 3.6.8: - CVE-2022-3190: Fixed F5 Ethernet Trailer dissector infinite loop . - CVE-2021-4186: Fixed Gryphon dissector crash . oval:org.secpod.oval:def:89048038 This update for wireshark fixes the following issues: Update to version 3.6.10: - CVE-2022-3725: OPUS dissector crash . - Multiple dissector infinite loops . - Kafka dissector memory exhaustion . oval:org.secpod.oval:def:89047486 This update for dnsmasq fixes the following issues: - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet . oval:org.secpod.oval:def:89047164 This update for python fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading after a http 100. - CVE-2021-3733: Fixed ReDoS in urllib.request oval:org.secpod.oval:def:89047150 This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references . oval:org.secpod.oval:def:89047548 This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip . oval:org.secpod.oval:def:89047139 This update for python fixes the following issues: - python27 was upgraded to 2.7.18 - CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator . oval:org.secpod.oval:def:89047313 This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution . oval:org.secpod.oval:def:89047339 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs . oval:org.secpod.oval:def:89047286 This update for python-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references . oval:org.secpod.oval:def:89047611 This update for python39 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip . - Update to 3.9.10 - Remove shebangs from from python-base libraries in _libdir. - Update to 3.9.9: * Core and Builtins + bpo-30570: Fixed a crash in issubclass from infi ... oval:org.secpod.oval:def:89047258 This update for python39 fixes the following issues: - CVE-2021-29921: Fixed improper input validation of octal string IP addresses . - Use versioned python-Sphinx to avoid dependency on other version of Python . - Stop providing "python" symbol , which means python2 currently. oval:org.secpod.oval:def:89047451 This update for python39-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references . oval:org.secpod.oval:def:89048877 This update for openvswitch fixes the following issues: * CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 . * CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV . * CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV . oval:org.secpod.oval:def:89047512 This update for openvswitch fixes the following issues: - CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action . oval:org.secpod.oval:def:89047528 This update for u-boot fixes the following issues: - CVE-2022-33967: Fixed heap overflow in squashfs filesystem implementation . - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command . oval:org.secpod.oval:def:89047534 This update for u-boot fixes the following issues: - CVE-2022-30552: A large buffer overflow could have lead to a denial of service in the IP Packet deframentation code. - CVE-2022-30790: A Hole Descriptor Overwrite could have lead to an arbitrary out of bounds write primitive. - CVE-2022-30767: F ... oval:org.secpod.oval:def:89047623 This update for u-boot fixes the following issues: - CVE-2022-33103: Fixed a flaw in the squashfs subsystem that could lead to arbitrary code execution . oval:org.secpod.oval:def:89047427 This update for webkit2gtk3 fixes the following issues: - CVE-2022-32893: Fixed several crashes and rendering issues . - Fixed WebKitGTK not allow to be used from non-main threads . oval:org.secpod.oval:def:89047382 This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server . oval:org.secpod.oval:def:89047373 This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion . - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option . oval:org.secpod.oval:def:89047561 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode . oval:org.secpod.oval:def:89047407 This update for python-libxml2-python fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes . oval:org.secpod.oval:def:89047607 This update for unzip fixes the following issues: - CVE-2022-0530: Fixed SIGSEGV during the conversion of an utf-8 string to a local string . - CVE-2022-0529: Fixed heap out-of-bound writes and reads during conversion of wide string to local string oval:org.secpod.oval:def:89047608 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes . - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c and tree.c . oval:org.secpod.oval:def:89047461 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate . oval:org.secpod.oval:def:89047460 This update for rsyslog fixes the following issues: - CVE-2022-24903: Fixed potential heap buffer overflow in modules for TCP syslog reception . oval:org.secpod.oval:def:89047119 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed an information disclosure via pydoc oval:org.secpod.oval:def:89047089 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc . - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server . - CVE-2021-3737: Fixed ReDoS in urllib.request . - We do not require p ... oval:org.secpod.oval:def:89047270 This update for python-urllib3 fixes the following issues: - CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component oval:org.secpod.oval:def:89048023 This update for rabbitmq-server fixes the following issues: - CVE-2022-31008: Fixed predictable secret seed in URI encryption . oval:org.secpod.oval:def:89047551 This update for frr fixes the following issues: - CVE-2022-37032: Fixed out-of-bounds read in the BGP daemon that may lead to information disclosure or denial of service . - CVE-2019-25074: Fixed a memory leak in the IS-IS daemon that may lead to server memory exhaustion . oval:org.secpod.oval:def:89047440 This update for python fixes the following issues: - CVE-2022-0391: Fixed URL sanitization containing ASCII newline and tabs in urlparse . - CVE-2021-4189: Fixed ftplib not to trust the PASV response . - CVE-2021-3572: Fixed an improper handling of unicode characters in pip . oval:org.secpod.oval:def:89048886 This update for texlive fixes the following issues: * CVE-2023-32700: Fixed arbitrary code execution in LuaTeX . oval:org.secpod.oval:def:89047550 This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code . - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element . - CVE-2022-1922: Fixed integer overflows in mkv demuxing . - CVE-202 ... oval:org.secpod.oval:def:89048701 This update for podman fixes the following issues: Update to version 4.4.4: * libpod: always use direct mapping * macos pkginstaller: do not fail when podman-mac-helper fails * podman-mac-helper: install: do not error if already installed * podman.spec: Bump required version for libcontainers-common ... oval:org.secpod.oval:def:89048742 This update for wireshark fixes the following issues: * CVE-2023-1992: Fixed RPCoRDMA dissector crash . * CVE-2023-1993: Fixed LISP dissector large loop . * CVE-2023-1994: Fixed GQUIC dissector crash . Update to 3.6.13: * Further features, bug fixes and updated protocol support as listed in: https:/ ... oval:org.secpod.oval:def:89047540 This update for postgresql14 fixes the following issues: - Upgrade to version 14.5: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension . - Upgrade to version 14.4 - Release notes: https://www.postgresql.org/docs/release/14.4/ - Release anno ... oval:org.secpod.oval:def:89047581 This update for postgresql13 fixes the following issues: - Update to 13.8: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension . oval:org.secpod.oval:def:89048016 This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags . oval:org.secpod.oval:def:89048729 This update for nodejs14 fixes the following issues: * CVE-2022-25881: Fixed regular expression denial of service vulnerability . oval:org.secpod.oval:def:89048739 This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: * CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics . Other changes: * update undici to 5.20.0 * update c-ares to 1.19.0 * update npm to 8.19.4 oval:org.secpod.oval:def:89048731 This update for nodejs12 fixes the following issues: * CVE-2022-25881: Fixed regular expression denial of service vulnerability . oval:org.secpod.oval:def:89049395 This update for cups fixes the following issues: * CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing . * CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation . oval:org.secpod.oval:def:89050965 This update for libcue fixes the following issues: * CVE-2023-43641: Fixed a buffer overflow while parsing a malicious file . oval:org.secpod.oval:def:89050969 This update for python-gevent fixes the following issues: * CVE-2023-41419: Fixed a http request smuggling . oval:org.secpod.oval:def:89048568 This update for python-wheel fixes the following issues: * CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression . oval:org.secpod.oval:def:89047111 This update for xorg-x11-server fixes the following issues: - CVE-2021-4008: Fixed Privilege Escalation Vulnerability via Out-Of-Bounds Access in SProcRenderCompositeGlyphs . oval:org.secpod.oval:def:89047092 This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. - CVE-2021-4010: The handler for the Suspend request of the Scre ... oval:org.secpod.oval:def:89048516 This update for xorg-x11-server fixes the following issues: * Fixed a regression introduced with security update for CVE-2022-46340 . oval:org.secpod.oval:def:89047477 This update for patch fixes the following issues: Security issues fixed: - CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches . - CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leadin ... oval:org.secpod.oval:def:89047555 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition . oval:org.secpod.oval:def:89047299 This update for busybox fixes the following issues: - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data . - CVE-2018-20679: Fixed out of bounds read in udhcp . - CVE-2018-1000517: Fixed buffer overflow in the retrieve_file_data . - CVE-2011-5325: Fixed a directory trav ... oval:org.secpod.oval:def:89047422 This update for python-Twisted fixes the following issues: - CVE-2020-10109: Fixed an HTTP request smuggling issue . oval:org.secpod.oval:def:89047627 This update for busybox fixes the following issues: - CVE-2011-5325: Fixed tar directory traversal . - CVE-2015-9261: Fixed segfalts and application crashes in huft_build . - CVE-2016-2147: Fixed out of bounds write due to integer underflow in udhcpc . - CVE-2016-2148: Fixed heap-based buffer overf ... oval:org.secpod.oval:def:89047165 This update for libmspack fixes the following issues: - CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. - CVE-2018-14682: There is an off-by-one error in the TOLOWER macro for CHM decompression. - CVE-2018-14679: There is an off-by-one error in the CHM PMGI ... oval:org.secpod.oval:def:89047770 This update for python-paramiko fixes the following issues: Updated to version 2.4.3: - CVE-2018-1000805: Fixed authentication bypass . Bugfixes: - Fixed Ed25519 key handling for certain key comment lengths . oval:org.secpod.oval:def:89047128 This update for wavpack fixes the following issues: - Update to version 5.4.0 * CVE-2020-35738: Fixed an out-of-bounds write in WavpackPackSamples * fixed: disable A32 asm code when building for Apple silicon * fixed: issues with Adobe-style floating-point WAV files * added: --normalize-floats opti ... oval:org.secpod.oval:def:89047599 This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero . - CVE-2018-11490: Fixed a heap-based buffer overflow in DGifDecompressLine func ... oval:org.secpod.oval:def:89047307 This update for pam_radius fixes the following issues: - CVE-2015-9542: pam_radius: buffer overflow in password field oval:org.secpod.oval:def:89047568 This update for net-snmp fixes the following issues: - CVE-2020-15862: Make extended MIB read-only - CVE-2018-18065: Fix remote DoS in agent/helpers/table.c oval:org.secpod.oval:def:89047208 This update for glib-networking fixes the following issues: Update to version 2.62.4: - CVE-2020-13645: Fixed a connection failure when the server identity is unset . oval:org.secpod.oval:def:89047501 This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvpro ... oval:org.secpod.oval:def:89047132 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all chang ... oval:org.secpod.oval:def:89047316 This update for mutt fixes the following issues: - CVE-2020-28896: incomplete connection termination could lead to sending credentials over unencrypted connections - Avoid that message with a million tiny parts can freeze MUA for several minutes oval:org.secpod.oval:def:89047417 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes oval:org.secpod.oval:def:89047247 This update for jasper fixes the following issues: - bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls - bsc#1181483 CVE-2021-3272: Fix buffer over-read in jp2_decode oval:org.secpod.oval:def:89047216 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER . oval:org.secpod.oval:def:89047158 This update for git fixes the following issues: - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters , Git could be fooled into running remote code during a clone oval:org.secpod.oval:def:89047396 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files . oval:org.secpod.oval:def:89047186 This update for clamav fixes the following issues: - CVE-2021-1252: Fix for Excel XLM parser infinite loop. - CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. - CVE-2021-1405: Fix for mail parser NULL-dereference crash. - Fix errors when scanning files greater than or equal to ... oval:org.secpod.oval:def:89047302 This update for git fixes the following issues: Update from version 2.26.2 to version 2.31.1 Security fixes: - CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters , Git could run remote code duri ... oval:org.secpod.oval:def:89047149 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, result ... oval:org.secpod.oval:def:89047310 This update for python-Pygments fixes the following issues: - CVE-2021-27291: Fixed ReDoS via crafted malicious input . oval:org.secpod.oval:def:89047103 This update for spamassassin fixes the following issues: - CVE-2019-12420: memory leak via crafted messages - CVE-2020-1946: security update oval:org.secpod.oval:def:89047093 This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text oval:org.secpod.oval:def:89047098 This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution . oval:org.secpod.oval:def:89048186 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files . oval:org.secpod.oval:def:89047405 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header in list.c . - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c . - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c . - Update to GNU tar 1.3 ... oval:org.secpod.oval:def:89047260 This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold . - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids . - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs . - Spec file fixes around systemd and req ... oval:org.secpod.oval:def:89047465 This update for libcaca fixes the following issues: - CVE-2021-3410: Fixed overflow when multiplying large ints . oval:org.secpod.oval:def:89047220 This update for bind fixes the following issues: - CVE-2021-25214: Fixed a broken inbound incremental zone update which could have caused named to terminate unexpectedly . - CVE-2021-25215: Fixed an assertion check which could have failed while answering queries for DNAME records that required the ... oval:org.secpod.oval:def:89047214 This update for wpa_supplicant fixes the following issues: - CVE-2021-27803: Fixed a P2P provision discovery processing vulnerability . oval:org.secpod.oval:def:89047212 This update for xorg-x11-server fixes the following issues: - CVE-2021-3472: XChangeFeedbackControl Integer Underflow Privilege Escalation oval:org.secpod.oval:def:89047215 This update for gstreamer-plugins-good fixes the following issues: - CVE-2021-3498: Matroskademux: initialize track context out parameter to NULL before parsing . - CVE-2021-3497: Matroskademux: Fix extraction of multichannel WavPack . oval:org.secpod.oval:def:89051058 This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed a remote code execution issue due to improper parsing of H265 encoded video files . oval:org.secpod.oval:def:89048048 This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free - CVE-2022-46343: Server ScreenSaverSetAttribute ... oval:org.secpod.oval:def:89047474 This update for opensc fixes the following issues: Security issues fixed: - CVE-2021-42782: Stack buffer overflow issues in various places . - CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c . - CVE-2021-42780: Fixed use after return in insert_pin . - CVE-2021-42779: Fixed ... oval:org.secpod.oval:def:89047418 This update for tiff fixes the following issues: - CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy within TIFFFetchStripThing in tif_dirread.c . - CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy within TIFFReadDirectory in tif_dirread.c . - CVE-2022- ... oval:org.secpod.oval:def:89049099 This update for ghostscript fixes the following issues: * CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix . oval:org.secpod.oval:def:89048495 This update for MozillaFirefox fixes the following issues: Update to version 102.9.0 ESR : * CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android * CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android * CVE-2023-25749: Fi ... oval:org.secpod.oval:def:89048506 This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR : * CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. * CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. * CVE-2023-25743: Fixed Fullscreen notification not ... oval:org.secpod.oval:def:89048709 This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 102.10.0 ESR * CVE-2023-29531: Out-of-bound memory access in WebGL on macOS * CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass * CVE-2023-29533: Fullscreen notification obscured * MFSA-TMP-202 ... oval:org.secpod.oval:def:89048802 This update for ffmpeg fixes the following issues: * CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c . oval:org.secpod.oval:def:89048052 This update for ceph fixes the following issues: ceph was updated to the Pacific release : + rgw: check bucket shard init status in RGWRadosBILogTrimCR + ceph-volume: honour osd_dmcrypt_key_size option + Remove last vestiges of docker.io image paths + cephadm: prometheus: The generatorURL in al ... oval:org.secpod.oval:def:89047622 This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues: Security issues fixed: - CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. - CV ... oval:org.secpod.oval:def:89047413 This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass PAM authentication oval:org.secpod.oval:def:89047443 This update for subversion fixes the following issues: - CVE-2022-24070: Fixed a memory corruption issue in mod_dav_svn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denial of service . - CVE-2021-28544: Fixed an information leak issue where Subversion server ... oval:org.secpod.oval:def:89047497 This update for salt fixes the following issues: - CVE-2022-22935: Sign authentication replies to prevent MiTM - CVE-2022-22934: Sign pillar data to prevent MiTM attacks. - CVE-2022-22936: Prevent job and fileserver replays - CVE-2022-22941: Fixed targeting bug, especially visible when using synd ... oval:org.secpod.oval:def:89047153 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB . oval:org.secpod.oval:def:89047423 This update for log4j12 fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. - CVE-2022-23302: Fix remote code execution by removing src/m ... oval:org.secpod.oval:def:89047242 This update for log4j12 fixes the following issues: - CVE-2021-4104: Disable the JMSAppender class from log4j to protect against the log4jshell vulnerability. [bsc#1193662] oval:org.secpod.oval:def:89047277 This update for salt fixes the following issues: - CVE-2021-21996: Exclude the full path of a download URL to prevent injection of malicious code oval:org.secpod.oval:def:89047151 This update for salt fixes the following issues: - Check if dpkgnotify is executable - Update to Salt release version 3002.2 - Drop support for Python2. Obsoletes `python2-salt` package - Fix issue parsing errors in ansiblegate state module - Prevent command injection in the snapper module - tra ... oval:org.secpod.oval:def:89047235 This update for salt fixes the following issues: Update to Salt release version 3002.2 - Check if dpkgnotify is executable - Drop support for Python2. Obsoletes `python2-salt` package - virt module updates * network: handle missing ipv4 netmask attribute * more network support * PCI/USB host devi ... oval:org.secpod.oval:def:89049350 This update for php7 fixes the following issues: * CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. * CVE-2023-3824: Fixed a buffer overflow in phar_dir_read oval:org.secpod.oval:def:89048609 This update for php7 fixes the following issues: * CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string . * CVE-2023-0568: Fixed NULL byte off-by-one in php_check_specific_open_basedir . * CVE-2023-0662: Fixed DoS vulnerability when parsing multipart request body . * CVE-2 ... oval:org.secpod.oval:def:89048497 This update for xorg-x11-server fixes the following issues: * CVE-2023-1393: Fixed use-after-free overlay window . oval:org.secpod.oval:def:89048704 This update for apache2-mod_auth_openidc fixes the following issues: * CVE-2023-28625: Fixed NULL pointer dereference when OIDCStripCookies was set and a crafted Cookie header was supplied . oval:org.secpod.oval:def:89048566 This update for liblouis fixes the following issues: * CVE-2023-26767: Fixed buffer overflow vulnerability in lou_logFile function . * CVE-2023-26769: Fixed buffer Overflow vulnerability in resolveSubtable function . oval:org.secpod.oval:def:89048790 This update for liblouis fixes the following issues: * CVE-2023-26768: Fixed buffer overflow in lou_logFile . oval:org.secpod.oval:def:89048669 This update for postgresql14 fixes the following issues: Update to 14.7: * CVE-2022-41862: Fixed memory leak in libpq . oval:org.secpod.oval:def:89048531 This update for postgresql15 fixes the following issues: Update to 15.2: * CVE-2022-41862: Fixed memory leak in libpq . oval:org.secpod.oval:def:89048525 This update for postgresql13 fixes the following issues: Update to 13.10: * CVE-2022-41862: Fixed memory leak in libpq . oval:org.secpod.oval:def:89047562 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write oval:org.secpod.oval:def:89049034 This update for libX11 fixes the following issues: * CVE-2023-3138: Fixed buffer overflows in InitExt.c . oval:org.secpod.oval:def:89048667 This update for flatpak fixes the following issues: * CVE-2023-28101: Fixed misleading terminal output with metadata with ANSI control codes . * CVE-2023-28100: Fixed unsandboxed TIOCLINUX commands . Update to version 1.10.8: * If an app update is blocked by parental controls policies, clean up the ... oval:org.secpod.oval:def:89049186 This update for salt fixes the following issues: Security fixes: * CVE-2023-28370: Fix an open redirect vulnerability in "StaticFileHandler" under certain configurations Bug fixes: * Prevent error loading "known_hosts" when "$HOME" is not set * Fix ModuleNotFoundError and other issues raised by sa ... oval:org.secpod.oval:def:89049193 This update fixes the following issues: python-tornado: * Security fixes: * CVE-2023-28370: Fixed an open redirect issue in the static file handler prometheus-blackbox_exporter: * Use obscpio for go modules service * Set version number * Set build date from SOURCE_DATE_EPOCH * Update to 0.24.0 * R ... oval:org.secpod.oval:def:89048695 This update for ghostscript fixes the following issues: * CVE-2023-28879: Fixed buffer Overflow in s_xBCPE_process . oval:org.secpod.oval:def:89049016 This update for cups fixes the following issues: * CVE-2023-32324: Fixed a buffer overflow in format_log_line which could cause a denial-of-service . oval:org.secpod.oval:def:89048820 This update for protobuf-c fixes the following issues: * CVE-2022-48468: Fixed an unsigned integer overflow oval:org.secpod.oval:def:89049023 This update for c-ares fixes the following issues: Update to version 1.19.1: * CVE-2023-32067: 0-byte UDP payload causes Denial of Service * CVE-2023-31147: Insufficient randomness in generation of DNS query IDs * CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton * CVE-2023-31124: AutoTools ... oval:org.secpod.oval:def:89047278 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c . oval:org.secpod.oval:def:89049207 This update for libqt5-qtbase fixes the following issues: * CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate . * CVE-2023-33285: Fixed buffer overflow in QDnsLookup . * CVE-2023-32762: Fixed Qt Network incorrectly parses ... oval:org.secpod.oval:def:89047798 This update for telnet fixes the following issues: - CVE-2022-39028: Fixed NULL pointer dereference in telnetd . oval:org.secpod.oval:def:89048144 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the "git archive" and "git log --format" commands . - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file . oval:org.secpod.oval:def:89047416 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree . oval:org.secpod.oval:def:89047106 This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID"s Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89047229 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89048518 This update for ldb, samba fixes the following issues: ldb: * CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module . * CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes . samba: * CVE-2023-0922: Fixed cleartext password sending by AD DC admin too ... oval:org.secpod.oval:def:89047239 This update for samba fixes the following issues: - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when "allow trusted domains" is off; ; oval:org.secpod.oval:def:89047256 This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue administrator tickets to other servers . - CVE-2021-3738: Fixed crash in dsdb stack . - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos . - CVE-2020-2571 ... oval:org.secpod.oval:def:89048100 This update for samba fixes the following issues: Update to 4.15.13 - CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers . - CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC . - CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak ... oval:org.secpod.oval:def:89048875 This update for python-Flask fixes the following issues: * CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching . oval:org.secpod.oval:def:89048968 This update for kubernetes1.23 fixes the following issues: * CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin . * CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin . oval:org.secpod.oval:def:89048963 This update for kubernetes1.18 fixes the following issues: * CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin . * CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin . oval:org.secpod.oval:def:89049287 This update for krb5 fixes the following issues: * CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user oval:org.secpod.oval:def:89049362 This update for docker fixes the following issues: * Update to Docker 24.0.5-ce. See upstream changelong online at less than https://docs.docker.com/engine/release- notes/24.0/#2405greater than bsc#1213229 * Update to Docker 24.0.4-ce. See upstream changelog online at less than https://docs.docker. ... oval:org.secpod.oval:def:89049367 This update for libssh2_org fixes the following issues: * CVE-2020-22218: Fixed a bug in _libssh2_packet_add which allows to access out of bounds memory oval:org.secpod.oval:def:89049738 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-20897: Fixed DOS in minion return. * CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base name. Bugs fixed: * Create minion_id with reproducible mtim ... oval:org.secpod.oval:def:89050213 This update for poppler fixes the following issues: * CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops . * CVE-2020-36024: Fixed NULL Pointer Deference in `FoFiType1C:convertToType1` . * CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c . * CVE-2022-37051: Fixed a ... oval:org.secpod.oval:def:89050214 This update for nghttp2 fixes the following issues: * CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent . oval:org.secpod.oval:def:89051031 This update for zchunk fixes the following issues: * CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files oval:org.secpod.oval:def:89048639 This update for emacs fixes the following issues: * CVE-2022-48337: Fixed etags local command injection vulnerability . * CVE-2022-48339: Fixed htmlfontify.el command injection vulnerability . oval:org.secpod.oval:def:89047243 This update for avahi fixes the following issues: - CVE-2021-3468: avoid infinite loop by handling HUP event in client_work . oval:org.secpod.oval:def:89049255 This update for gstreamer-plugins-good fixes the following issues: * CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow . oval:org.secpod.oval:def:89049253 This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-37329: Fixed a heap overwrite in PGS subtitle overlay decoder which might trigger a crash or remote code execution oval:org.secpod.oval:def:89049252 This update for gstreamer-plugins-base fixes the following issues: * CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow . * CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS . oval:org.secpod.oval:def:89049382 This update for libwebp fixes the following issues: * CVE-2023-4863: Fixed heap buffer overflow . oval:org.secpod.oval:def:89049375 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.2.1 ESR . * CVE-2023-4863: Fixed heap buffer overflow in libwebp . The following non-security bug was fixed: * Fix i586 build by reducing debug info to -g1 . oval:org.secpod.oval:def:89049033 This update for MozillaFirefox fixes the following issues: Extended Support Release 102.12.0 ESR : * CVE-2023-34414: Click-jacking certificate exceptions through rendering lag * CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 oval:org.secpod.oval:def:89048829 This update for MozillaFirefox fixes the following issues: Extended Support Release 102.11.0 ESR : * CVE-2023-32205: Browser prompts could have been obscured by popups * CVE-2023-32206: Crash in RLBox Expat driver * CVE-2023-32207: Potential permissions request bypass via clickjacking * CVE-2023-322 ... oval:org.secpod.oval:def:89048860 This update for cups-filters fixes the following issues: * CVE-2023-24805: Fixed a remote code execution in the beh backend . oval:org.secpod.oval:def:89049027 This update for cups-filters fixes the following issues: * CVE-2023-24805: Fixed a remote code execution in the beh backend . oval:org.secpod.oval:def:89048521 This update for c-ares fixes the following issues: Updated to version 1.19.0: * CVE-2022-4904: Fixed missing string length check in config_sortlist . oval:org.secpod.oval:def:89047566 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by "util-linux" and "shadow" to fix autoyast handling of security related parameters Issues fixed in libeconf: - Reading numbers with different ... oval:org.secpod.oval:def:89047312 This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers - If ares_getaddrinfo was terminated by an ares_destroy, it would cause crash - Crash in sortaddrinfo if the list s ... oval:org.secpod.oval:def:89047612 This update for libyajl fixes the following issues: - CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs . oval:org.secpod.oval:def:89051000 This update for xen fixes the following issues: * CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion . * CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled . * CVE-2023-34325: Fixed multiple parsing i ... oval:org.secpod.oval:def:89049571 This update for open-vm-tools fixes the following issues: Update to 12.3.0 * There are no new features in the open-vm-tools 12.3.0 release. This is primarily a maintenance release that addresses a few critical problems, including: * This release integrates CVE-2023-20900 without the need for a pat ... oval:org.secpod.oval:def:89049353 This update for open-vm-tools fixes the following issues: * CVE-2023-20900: Fixed SAML token signature bypass vulnerability . This update also ships a open-vm-tools-containerinfo plugin oval:org.secpod.oval:def:89047401 This update for dovecot23 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used . oval:org.secpod.oval:def:89047421 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree . oval:org.secpod.oval:def:89051134 This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89051106 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 pre-release . * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation oval:org.secpod.oval:def:89051117 This update for xen fixes the following issues: * CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels . * CVE-2023-46836: x86: BTC/SRSO fixes not fully effective . ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051148 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20231114 release. * CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation oval:org.secpod.oval:def:89051144 This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution . oval:org.secpod.oval:def:89051156 This update for maven, maven-resolver, sbt, xmvn fixes the following issues: * CVE-2023-46122: Fixed an arbitrary file write when extracting a crafted zip file with sbt . * Upgraded maven to version 3.9.4 * Upgraded maven-resolver to version 1.9.15. oval:org.secpod.oval:def:89051175 This update for squashfs fixes the following issues: * CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs- tools * CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination * CVE-2021-41072: Fixed an issue where an attacker m ... oval:org.secpod.oval:def:89051195 This update for sqlite3 fixes the following issues: * CVE-2023-2137: Fixed heap buffer overflow . oval:org.secpod.oval:def:89051232 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service . \- suse-build-key- import.service \- suse-build-key-import.timer It imports the future SUSE L ... oval:org.secpod.oval:def:89051247 This update of runc and containerd fixes the following issues: containerd: * Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful catatonit: * Update to catatonit v0.2.0. * Change license t ... oval:org.secpod.oval:def:89051223 This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.21 security release . oval:org.secpod.oval:def:89051275 This update for ghostscript fixes the following issues: * CVE-2023-46751: Fixed dangling pointer in gdev_prn_open_printer_seekable . oval:org.secpod.oval:def:89051088 This update for salt fixes the following issues: Security issues fixed: * CVE-2023-34049: arbitrary code execution via symlink attack Bugs fixed: * Fix optimization_order opt to prevent testsuite fails * Improve salt.utils.json.find_json to avoid fails * Use salt-call from salt bundle with transac ... oval:org.secpod.oval:def:89051187 This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video . * CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 . oval:org.secpod.oval:def:89051305 This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free . * CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow . oval:org.secpod.oval:def:89049238 This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 : * CVE-2023-38133: Fixed information disclosure. * CVE-2023-38572: Fixed Same-Origin-Policy bypass. * CVE-2023-38592: Fixed arbitrary code execution. * CVE-2023-38594: Fixed arbitrary code execution. * CVE-2023-38595: ... oval:org.secpod.oval:def:89051062 This update for redis fixes the following issues: * CVE-2023-45145: Fixed a potential permission bypass due to a race condition during UNIX socket creation . oval:org.secpod.oval:def:89049301 This update for redis fixes the following issues: * CVE-2023-28856: Fixed possible DoS when using HINCRBYFLOAT to create an hash field. * CVE-2022-24834: Fixed a heap overflow in the cjson and cmsgpack libraries oval:org.secpod.oval:def:89048035 This update for tiff fixes the following issues: - CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c . - CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642] oval:org.secpod.oval:def:89048816 This update for shim fixes the following issues: * CVE-2022-28737 was missing as reference previously. * Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is "SUSE Linux Enterprise Secure Boot CA1", not "ope ... oval:org.secpod.oval:def:89048672 This update for shim fixes the following issues: * Updated shim signature after shim 15.7 be signed back: signature- sles.x86_64.asc, signature-sles.aarch64.asc * Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because g ... oval:org.secpod.oval:def:89048007 This update for bcel fixes the following issues: - CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing . oval:org.secpod.oval:def:89050983 This update for helm fixes the following issues: helm was updated to version 3.13.1: * Fixing precedence issue with the import of values. * Add missing with clause to release gh action * FIX Default ServiceAccount yaml * fix: unswallow error * remove useless print during prepareUpgrade * fix: addres ... oval:org.secpod.oval:def:89048524 This update fixes the following issues: dracut-saltboot: * Update to verion 0.1.1674034019.a93ff61 * Install copied wicked config as client.xml * Update to version 0.1.1673279145.e7616bd grafana: * CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to version 0.7.3 * ... oval:org.secpod.oval:def:89047489 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer . - CVE-2022-23990: Fixed integer overflow in the doProlog function . oval:org.secpod.oval:def:89047444 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior . - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog . - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse ... oval:org.secpod.oval:def:89047546 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules . oval:org.secpod.oval:def:89047544 This update for libqt5-qtbase fixes the following issues: - CVE-2022-23853, CVE-2022-25255: Avoid unintentionally using binaries from CWD . oval:org.secpod.oval:def:89048803 This update for antlr3, maven, minlog, sbt, xmvn fixes the following issues: maven: * Version update from 3.8.5 to 3.8.6 : * Security fixes: * CVE-2021-42550: Update Version of Logback * Bug fixes: * Fix resolver session containing non-MavenWorkspaceReader * Fix for multiple maven instances workin ... oval:org.secpod.oval:def:89047710 This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations . - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA a ... oval:org.secpod.oval:def:89047596 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL . - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped . - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs . - CVE-2020-2778 ... oval:org.secpod.oval:def:89047325 This update for python-sqlparse fixes the following issues: - CVE-2021-32839: Fixed ReDoS via regular expression in StripComments filter . oval:org.secpod.oval:def:89047481 This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance . oval:org.secpod.oval:def:89047113 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext . oval:org.secpod.oval:def:89047105 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_ce ... oval:org.secpod.oval:def:89046995 This update for qpdf fixes the following issues: - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write . oval:org.secpod.oval:def:89047261 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars . oval:org.secpod.oval:def:89051377 This update for perl-Spreadsheet-ParseExcel fixes the following issues: * CVE-2023-7101: Fixed a command injection issue when parsing an untrusted spreadsheet . oval:org.secpod.oval:def:89047523 This update for apache2 fixes the following issues: Apache2 was updated to the current stable version 2.4.51 It fixes all CVEs and selected bugs represented by patches found between 2.4.23 and 2.4.51. See https://downloads.apache.org/httpd/CHANGES_2.4 for a complete change log. Also fixed: - CVE-20 ... oval:org.secpod.oval:def:89047110 This update for apache2 fixes the following issues: - CVE-2021-40438: Fixed a SRF via a crafted request uri-path. - CVE-2021-36160: Fixed an out-of-bounds read via a crafted request uri-path. - CVE-2021-39275: Fixed an out-of-bounds write in ap_escape_quotes via malicious input. - CVE-2021-34798: ... oval:org.secpod.oval:def:89047147 This update for apache2 fixes the following issues: - fixed CVE-2021-30641 [bsc#1187174]: MergeSlashes regression - fixed CVE-2021-31618 [bsc#1186924]: NULL pointer dereference on specially crafted HTTP/2 request - fixed CVE-2020-13950 [bsc#1187040]: mod_proxy NULL pointer dereference - fixed CVE-20 ... oval:org.secpod.oval:def:89047384 This update for apache2 fixes the following issues: - CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match - CVE-2022-29404: Fixed denial of service in mod_lua r:par ... oval:org.secpod.oval:def:89048888 This update for rmt-server fixes the following issues: Updated to version 2.13: \- CVE-2023-28120: Fixed a potential XSS issue in an embedded dependency . \- CVE-2023-27530: Fixed a denial of service issue in multipart request parsing . Non-security fixes: \- Fixed transactional update on GCE . \- U ... oval:org.secpod.oval:def:89047104 This update for apache2 fixes the following issues: - CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and mod_proxy . oval:org.secpod.oval:def:89047577 This update for apache2 fixes the following issues: - CVE-2022-23943: heap out-of-bounds write in mod_sed . - CVE-2022-22720: HTTP request smuggling due to incorrect error handling . - CVE-2022-22719: use of uninitialized value of in r:parsebody in mod_lua . - CVE-2022-22721: possible buffer overflo ... oval:org.secpod.oval:def:89051092 This update for apache2 fixes the following issues: * CVE-2023-31122: Fixed an out of bounds read in mod_macro . Non-security fixes: * Fixed the content type handling in mod_proxy_http2 . * Fixed a floating point exception crash . oval:org.secpod.oval:def:89048594 This update for apache2 fixes the following issues: * CVE-2023-27522: Fixed HTTP response splitting in mod_proxy_uwsgi . * CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy . The following non-security bugs were fixed: * Fixed mod_proxy handling of very long urls * Fixed p ... oval:org.secpod.oval:def:89048683 This update for python-cryptography, python-cryptography-vectors fixes the following issues: * Update in SLE-15 * CVE-2020-36242: Fixed a bug where certain sequences of update calls could result in integer overflow . * CVE-2020-25659: Fixed Bleichenbacher vulnerabilities . * update to 3.3.2 oval:org.secpod.oval:def:89049083 This update for grpc, protobuf, python-Deprecated, python-PyGithub, python- aiocontextvars, python-avro, python-bcrypt, python-cryptography, python- cryptography-vectors, python-google-api-core, python-googleapis-common-protos, python-grpcio-gcp, python-humanfriendly, python-jsondiff, python-knack, ... oval:org.secpod.oval:def:89048733 This update for openssl-1_0_0 fixes the following issues: * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored . * CVE-2023-0466: Certificate policy check were not enabled . oval:org.secpod.oval:def:89048750 This update for ovmf fixes the following issues: * CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 . * CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd . oval:org.secpod.oval:def:89048503 This update for openssl-1_1 fixes the following issues: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . * CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored . * CVE-2023-0466: Certificate policy check were not enabled . oval:org.secpod.oval:def:89047181 This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. See also: https://www.intel.com/ ... oval:org.secpod.oval:def:89051039 This update for vorbis-tools fixes the following issues: * CVE-2023-43361: Fixed a buffer overflow vulnerability during the conversion of wav files to ogg files oval:org.secpod.oval:def:89050978 This update for glibc fixes the following issues: Security issue fixed: * CVE-2023-4813: Fixed a potential use-after-free in gaih_inet Also a regression from a previous update was fixed: * elf: Align argument of __munmap to page size oval:org.secpod.oval:def:89049221 This update for librsvg fixes the following issues: librsvg was updated to version 2.46.7: * CVE-2023-38633: Fixed directory traversal in URI decoder . oval:org.secpod.oval:def:89050999 This update for ruby2.5 fixes the following issues: * CVE-2023-28755: Fixed a ReDoS vulnerability in URI. * CVE-2023-28756: Fixed an expensive regexp in the RFC2822 time parser. * CVE-2021-41817: Fixed a Regular Expression Denial of Service Vulnerability of Date Parsing Methods. * CVE-2021-33621: ... oval:org.secpod.oval:def:89048595 This update for clamav fixes the following issues: * CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser . * CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser . oval:org.secpod.oval:def:89048542 This update for vim fixes the following issues: * CVE-2023-0512: Fixed a divide By Zero . * CVE-2023-1175: vim: an incorrect calculation of buffer size . * CVE-2023-1170: Fixed a heap-based Buffer Overflow . * CVE-2023-1127: Fixed divide by zero in scrolldown . Updated to version 9.0 with patch leve ... oval:org.secpod.oval:def:89047511 This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd . - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device . Non-security fixes: - Fixed a kernel data corruption via a long kernel boot cmdline . - Included ... oval:org.secpod.oval:def:89047309 This update for hivex fixes the following issues: - CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children . oval:org.secpod.oval:def:89047507 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure . - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure . - CVE-2021-3595: Fixed invalid pointer initialization may lead ... oval:org.secpod.oval:def:89047120 This update for qemu fixes the following issues: Security issues fixed: - usbredir: free call on invalid pointer in bufp_alloc - NULL pointer dereference in ESP - NULL pointer dereference issue in megasas-gen2 host bus adapter - eepro100: stack overflow via infinite recursion - usb: unbounded ... oval:org.secpod.oval:def:89047116 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS device emulation - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd - Fix ... oval:org.secpod.oval:def:89047101 This update for qemu fixes the following issues: - CVE-2021-3546: Fixed out-of-bounds write in virgl_cmd_get_capset . - CVE-2021-3544: Fixed memory leaks found in the virtio vhost-user GPU device . - CVE-2021-3545: Fixed information disclosure due to uninitialized memory read . oval:org.secpod.oval:def:89047400 This update for qemu fixes the following issues: - CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash . oval:org.secpod.oval:def:89047609 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure . - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure . - CVE-2021-3595: Fixed invalid pointer initialization may lead ... oval:org.secpod.oval:def:89047610 This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure . - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure . - CVE-2021-3595: Fixed invalid pointer initialization may lead ... oval:org.secpod.oval:def:89047469 This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure . Non-security fixes: - Fix the version header oval:org.secpod.oval:def:89047353 This update for ruby2.5 fixes the following issues: - CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse . oval:org.secpod.oval:def:89047085 This update for ruby2.5 fixes the following issues: - CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick . - Enable optimizations also on ARM64 oval:org.secpod.oval:def:89049828 This update for openssl-1_1 fixes the following issues: * CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value oval:org.secpod.oval:def:89049177 This update for openssl-1_0_0 fixes the following issues: * CVE-2023-3446: Fixed DH_check excessive time with over sized modulus . oval:org.secpod.oval:def:89049202 This update for openssl-1_1 fixes the following issues: * CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case . * CVE-2023-3446: Fixed DH_check excessiv ... oval:org.secpod.oval:def:89047275 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis - CVE-2021-32786: open redirect in logout functionality - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption - CVE-2021-32792: XSS when using OIDCP ... oval:org.secpod.oval:def:89048929 This update for openssl-1_1 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers . oval:org.secpod.oval:def:89048922 This update for openssl-1_0_0 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers . oval:org.secpod.oval:def:89048784 This update for git fixes the following issues: * CVE-2023-25652: Fixed partial overwrite of paths outside the working tree . * CVE-2023-25815: Fixed malicious placemtn of crafted message . * CVE-2023-29007: Fixed arbitrary configuration injection . oval:org.secpod.oval:def:89048644 This update for openssl-1_0_0 fixes the following issues: Security fixes: * CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints . Other fixes: * Fix DH key generation in FIPS mode, add support for constant BN for DH parameters oval:org.secpod.oval:def:89047251 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE- ... oval:org.secpod.oval:def:89051279 This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.6.0 ESR changelog-entry . * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver . * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers ... oval:org.secpod.oval:def:89051033 This update for open-vm-tools fixes the following issues: * CVE-2023-34058: Fixed a SAML token signature bypass issue . * CVE-2023-34059: Fixed a privilege escalation issue through vmware-user-suid- wrapper . oval:org.secpod.oval:def:89049107 This update for libqt5-qtbase fixes the following issues: * CVE-2023-32763: Fixed overflow in QTextLayout . oval:org.secpod.oval:def:89048633 This update for xen fixes the following issues: * CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode . * CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis- handling . * CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 . ## Specia ... oval:org.secpod.oval:def:89048612 This update for containerd fixes the following issues: * CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak . * Re-build containerd to use updated golang-packaging . * Update to containerd v1.6.16 for Docker v23.0.0-ce. * https://github.com/containerd/containerd/rele ... oval:org.secpod.oval:def:89048175 This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative security issues . Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:89047558 This update for xorg-x11-server fixes the following issues: - CVE-2022-2319: Fixed out-of-bounds access in _CheckSetSections . - CVE-2022-2320: Fixed out-of-bounds access in CheckSetDeviceIndicators . oval:org.secpod.oval:def:89047269 This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly . - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs . - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates ... oval:org.secpod.oval:def:89047288 This update for python3 fixes the following issues: Update to 3.6.12 , including: - Fixed a directory traversal in _download_http_url oval:org.secpod.oval:def:89047233 This update for python fixes the following issues: - Fixed a directory traversal in _download_http_url oval:org.secpod.oval:def:89047442 This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package . - Make wheel a separate build run to avoid the setuptools/wheel build cycle. - Switch this package to use update-alternatives for all files in %{_bindir} so it doesn"t collide wi ... oval:org.secpod.oval:def:89047226 This update for python-pip fixes the following issues: - Fixed a directory traversal in _download_http_url oval:org.secpod.oval:def:89047213 This update for python fixes the following issues: - buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution . - Provide the newest setuptools wheel in their correct form . oval:org.secpod.oval:def:89047163 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures . oval:org.secpod.oval:def:89049254 This update for go1.19 fixes the following issues: * Update to go v1.19.12 * CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys oval:org.secpod.oval:def:89049664 This update for Golang Prometheus fixes the following issues: golang-github-prometheus-alertmanager: * CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. There are no direct sou ... oval:org.secpod.oval:def:89050967 This update for opensc fixes the following issues: * CVE-2023-40660: Fixed a PIN bypass that could be triggered when cards tracked their own login state . * CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init . oval:org.secpod.oval:def:89051319 This update for gnutls fixes the following issues: * CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange . oval:org.secpod.oval:def:89051215 This update for kernel-firmware fixes the following issues: Update AMD ucode to 20231030 : * CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. * CVE-2021-46774: Insufficient input validatio ... oval:org.secpod.oval:def:89047130 This update for squid fixes the following issues: Update to version 4.17: - CVE-2021-28116: Fixed a out-of-bounds read in the WCCP protocol . oval:org.secpod.oval:def:89051241 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.3 : * Fix flickering while playing videos with DMA-BUF sink. * Fix color picker being triggered in the inspector when typing "tan". * Do not special case the "sans" font family name. * Fix build failure with libxml2 versi ... oval:org.secpod.oval:def:89048489 This update for nodejs14 fixes the following issues: Update to 14.21.3: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule . * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment . oval:org.secpod.oval:def:89048485 This update for nodejs12 fixes the following issues: * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment . oval:org.secpod.oval:def:89051011 This update for java-11-openjdk fixes the following issues: * Upgraded to JDK 11.0.21+9 : * CVE-2023-22081: Fixed a partial denial of service issue that could be triggered via HTTPS . Please visit the Oracle Release Notes page for the full changelog: https://www.oracle.com/java/technologies/javase/1 ... oval:org.secpod.oval:def:89048637 This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule . * CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library . * CVE-2023-23920: Fixed insecure lo ... oval:org.secpod.oval:def:89049310 This update for nodejs16 fixes the following issues: Update to LTS version 16.20.2. * CVE-2023-32002: Fixed permissions policies bypass via Module._load . * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire . * CVE-2023-32559: Fixed permissions policies ... oval:org.secpod.oval:def:89051182 This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 15: * Oracle October 17 2023 CPU [bsc#1216640] Security fixes: * CVE-2023-22081: Fixed enhanced TLS connections * CVE-2023-22067: Fixed IOR deserialization issue in CORBA * CVE-2023-22025: Fi ... oval:org.secpod.oval:def:89051135 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u392 October 2023 CPU: * CVE-2023-22067: Fixed IOR deserialization issue in CORBA . * CVE-2023-22081: Fixed certificate path validation issue during client authentication . * CVE-2015-4000: Fixed Logjam issue in SL ... oval:org.secpod.oval:def:89049809 This update for vim fixes the following issues: Security fixes: * CVE-2023-4733: Fixed use-after-free in function buflist_altfpos . * CVE-2023-4734: Fixed segmentation fault in function f_fullcommand . * CVE-2023-4735: Fixed out of bounds write in ops.c . * CVE-2023-4738: Fixed heap buffer overflow ... oval:org.secpod.oval:def:89049147 This update for MozillaFirefox fixes the following issues: Firefox was updated to version 115.0.2 ESR : * CVE-2023-3600: Fixed Use-after-free in workers . Bugfixes: \- Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL . \- Fixed a bug with disp ... oval:org.secpod.oval:def:89049356 This update for MozillaFirefox fixes the following issues: Firefox was updated to Extended Support Release 115.2.0 ESR . * CVE-2023-4574: Fixed memory corruption in IPC ColorPickerShownCallback * CVE-2023-4575: Fixed memory corruption in IPC FilePickerShownCallback * CVE-2023-4576: Fixed integer ... oval:org.secpod.oval:def:89049188 This update for MozillaFirefox fixes the following security issues: Firefox was updated to Extended Support Release 115.1.0 ESR : * CVE-2023-4045: Fixed cross-origin restrictions bypass with Offscreen Canvas . * CVE-2023-4046: Fixed incorrect value used during WASM compilation . * CVE-2023-4047: Fix ... oval:org.secpod.oval:def:89049816 This update for libvpx fixes the following issues: * CVE-2023-5217: Fixed a heap buffer overflow . oval:org.secpod.oval:def:89049814 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 115.3.1 ESR, fixing a security issue: MFSA 2023-44 * CVE-2023-5217: Fixed a heap buffer overflow in libvpx oval:org.secpod.oval:def:89049126 This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox and MozillaFirefox-branding-SLE: This update provides Firefox Extended Support Release 115.0 ESR * New: * Required fields are now highlighted in PDF forms. * Improved performance on high ... oval:org.secpod.oval:def:89051013 This update for MozillaFirefox fixes the following issues: * Updated to version 115.4.0 ESR : * CVE-2023-5721: Fixed a potential clickjack via queued up rendering. * CVE-2023-5722: Fixed a cross-Origin size and header leakage. * CVE-2023-5723: Fixed unexpected errors when handling invalid cookie cha ... oval:org.secpod.oval:def:89051169 This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack * CVE-202 ... oval:org.secpod.oval:def:89048861 This update for curl fixes the following issues: * CVE-2023-28320: Fixed siglongjmp race condition . * CVE-2023-28321: Fixed IDN wildcard matching . * CVE-2023-28322: Fixed POST-after-PUT confusion . oval:org.secpod.oval:def:89049021 This update for cups fixes the following issues: * CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient . oval:org.secpod.oval:def:89049248 This update for vim fixes the following issues: * CVE-2023-2426: Fixed out-of-range pointer offset . * CVE-2023-2609: Fixed NULL pointer dereference . * CVE-2023-2610: Fixed integer overflow or wraparound . oval:org.secpod.oval:def:89048852 This update for postgresql13 fixes the following issues: Updated to version 13.11: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script . \- CVE-2023-2455: Fixed an issue that could allow a u ... oval:org.secpod.oval:def:89048847 This update for postgresql15 fixes the following issues: Updated to version 15.3: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script . \- CVE-2023-2455: Fixed an issue that could allow a us ... oval:org.secpod.oval:def:89048845 This update for postgresql14 fixes the following issues: Updated to version 14.8: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script . \- CVE-2023-2455: Fixed an issue that could allow a us ... oval:org.secpod.oval:def:89048843 This update for postgresql12 fixes the following issues: Updated to version 12.15: \- CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script . \- CVE-2023-2455: Fixed an issue that could allow a u ... oval:org.secpod.oval:def:89051362 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknow ... oval:org.secpod.oval:def:89051125 This update for postgresql14 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value at runtime. This could result in disclosure o ... oval:org.secpod.oval:def:89051116 This update for postgresql13 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value at runtime. This could result in disclosure o ... oval:org.secpod.oval:def:89051114 This update for postgresql12 fixes the following issues: Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value at runtime. This could result in disclosure o ... oval:org.secpod.oval:def:89051147 This update for postgresql, postgresql15, postgresql16 fixes the following issues: This update ships postgresql 16. Security issues fixed: * CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknow ... oval:org.secpod.oval:def:89048851 This update for java-11-openjdk fixes the following issues: Upgrade to upsteam tag jdk-11.0.19+7 : * CVE-2023-21930: Fixed AES support . * CVE-2023-21937: Fixed String platform support . * CVE-2023-21938: Fixed runtime support . * CVE-2023-21939: Fixed Swing platform support . * CVE-2023-21954: Fixe ... oval:org.secpod.oval:def:89048867 This update for java-1_8_0-openjdk fixes the following issues: * Updated to version jdk8u372 : * CVE-2023-21930: Fixed an issue in the JSSE component that could allow an attacker to access critical data without authorization . * CVE-2023-21937: Fixed an issue in the Networking component that could a ... oval:org.secpod.oval:def:89049327 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u382 : * CVE-2023-22045: Fixed a difficult to exploit vulnerability that allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Or ... oval:org.secpod.oval:def:89049320 This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 Fix Pack 10 * CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. * CVE-2023-22041: Fixed a flaw whcih could allow unautho ... oval:org.secpod.oval:def:89049261 This update for java-11-openjdk fixes the following issues: Updated to jdk-11.0.20+8 : * CVE-2023-22006: Fixed vulnerability in the network component . * CVE-2023-22036: Fixed vulnerability in the utility component . * CVE-2023-22041: Fixed vulnerability in the hotspot component . * CVE-2023-22044: ... oval:org.secpod.oval:def:89048953 This update for java-1_8_0-ibm fixes the following issues: * CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS . * CVE-2023-21937: Fixed vulnerability inside the networking component . * CVE-2023-21938: Fixed vulnerability inside the library componen ... oval:org.secpod.oval:def:89048792 This update for harfbuzz fixes the following issues: * CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O growth via consecutive marks . oval:org.secpod.oval:def:89049591 This update for quagga fixes the following issues: * CVE-2023-38802: Fixed bad length handling in BGP attribute handling . * CVE-2023-41358: Fixed possible crash when processing NLRIs if the attribute length is zero . oval:org.secpod.oval:def:89047338 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured . oval:org.secpod.oval:def:89048716 This update for tomcat fixes the following issues: * CVE-2022-45143: Fixed JsonErrorReportValve injection . oval:org.secpod.oval:def:89048084 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 . - CVE-2022-3520: vim: Heap-based Buffer Overflow . - CVE-2022-3591: vim: Use After Free . - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vi ... oval:org.secpod.oval:def:89047182 This update for java-11-openjdk fixes the following issues: Update to 11.0.13+8 - CVE-2021-35550, bsc#1191901: Update the default enabled cipher suites preference - CVE-2021-35565, bsc#1191909: com.sun.net.HttpsServer spins on TLS session close - CVE-2021-35556, bsc#1191910: Richer Text Editors - C ... oval:org.secpod.oval:def:89048640 This update for java-1_8_0-openjdk fixes the following issues: Updated to version jdk8u362 : * CVE-2023-21830: Fixed improper restrictions in CORBA deserialization . * CVE-2023-21843: Fixed soundbank URL remote loading . oval:org.secpod.oval:def:89047620 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 - CVE-2022-21540: Improve class compilation - CVE-2022-21541: Enhance MethodHandle invocations - CVE-2022-34169: Improve Xalan supports oval:org.secpod.oval:def:89047616 This update for java-11-openjdk fixes the following issues: - CVE-2022-21248: Fixed incomplete deserialization class filtering in ObjectInputStream. - CVE-2022-21277: Fixed incorrect reading of TIFF files in TIFFNullDecompressor. - CVE-2022-21282: Fixed Insufficient URI checks in the XSLT Transfor ... oval:org.secpod.oval:def:89048703 This update for java-1_8_0-ibm fixes the following issues: * Update to Java 8.0 Service Refresh 8 : * Security fixes: * CVE-2023-21830: Fixed improper restrictions in CORBA deserialization . * CVE-2023-21835: Fixed handshake DoS attack against DTLS connections . * CVE-2023-21843: Fixed soundbank URL ... oval:org.secpod.oval:def:89048579 This update for java-11-openjdk fixes the following issues: * CVE-2023-21843: Fixed soundbank URL remote loading . * CVE-2023-21835: Fixed handshake DoS attack against DTLS connections . Bugfixes: * Remove broken accessibility sub-package . oval:org.secpod.oval:def:89047245 This update for java-11-openjdk fixes the following issues: - Update to jdk-11.0.12+7 - CVE-2021-2369: Fixed JAR file handling problem containing multiple MANIFEST.MF files. - CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. - CVE-2021-2341: Fixed a flaw ... oval:org.secpod.oval:def:89047230 This update for java-11-openjdk fixes the following issues: - Update to upstream tag jdk-11.0.11+9 * CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled algorithms * CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in ProcessBuilder - moved mozilla-nss depende ... oval:org.secpod.oval:def:89048655 This update for go1.19 fixes the following issues: * CVE-2022-41722: Fixed path traversal in filepath.Clean on Windows . * CVE-2022-41723: Fixed quadratic complexity in HPACK decoding . * CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls . * CVE-2022-41725: Fixed denial of servic ... oval:org.secpod.oval:def:89048660 This update for go1.18 fixes the following issues: * CVE-2022-41723: Fixed a quadratic complexity in HPACK decoding in net/http . * CVE-2022-41724: Fixed a denial of service from excessive resource consumption in net/http and mime/multipart . * CVE-2022-41725: Fixed a panic with large handshake reco ... oval:org.secpod.oval:def:89048758 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: * CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn"t unshared . * CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability . * CVE-2023-28642: Fixed AppArmor/SE ... oval:org.secpod.oval:def:89048544 This update of container-suseconnect fixes the following issue: * container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. * CVE-2022-41723: Fixed quadratic complexity in HPACK decoding . * CVE-2022-41724: Fixed panic with arge ha ... oval:org.secpod.oval:def:89047107 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess . - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal . - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesIntern ... oval:org.secpod.oval:def:89047069 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms oval:org.secpod.oval:def:89047293 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess . - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInterna ... oval:org.secpod.oval:def:89047173 This update for ceph fixes the following issues: - Update to 15.2.12-83-g528da226523: - fix cookie injection issue - RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name - sanitize \r in s3 CORSConfiguration's ExposeHeader oval:org.secpod.oval:def:89047254 This update for ceph fixes the following issues: - ceph was updated to 15.2.11-83-g8a15f484c2: * CVE-2021-20288: Fixed unauthorized global_id reuse . * disk gets replaced with no rocksdb/wal . * BlueStore handles huge writes from RocksDB to BlueFS poorly, potentially causing data corruption . oval:org.secpod.oval:def:89047238 This update for bluez fixes the following issues: - CVE-2021-0129,CVE-2020-26558: Check bluetooth security flags . oval:org.secpod.oval:def:89047039 This update for libostree fixes the following issues: - CVE-2014-9862: Fixed arbitrary write on heap vulnerability . oval:org.secpod.oval:def:89046983 This update for oniguruma fixes the following issues: - CVE-2019-19246: Fixed an out of bounds access during regular expression matching . - CVE-2019-19204: Fixed an out of bounds access when compiling a crafted regular expression . - CVE-2019-19203: Fixed an out of bounds access when performing a s ... oval:org.secpod.oval:def:89049075 This update for openssl-1_0_0 fixes the following issues: * CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address . * CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF . * CVE-2022-4304: Fixed timing Oracle in RSA Decryption . oval:org.secpod.oval:def:89047115 This update for qemu fixes the following issues: - CVE-2021-3582: Fix possible mremap overflow in the pvrdma - CVE-2021-3607: Ensure correct input on ring init - CVE-2021-3608: Fix the ring init error flow - CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow oval:org.secpod.oval:def:89051089 This update for clamav fixes the following issues: * Updated to version 0.103.11: * CVE-2023-40477: Updated libclamunrar dependency to version 6.2.12 . oval:org.secpod.oval:def:89051221 This update for xerces-c fixes the following issues: * CVE-2023-37536: Fixed an integer overflow that could have led to a out-of- bounds memory accesses . oval:org.secpod.oval:def:89051176 This update for xerces-c fixes the following issues: * CVE-2023-37536: Fixed an integer overflow that could have led to a out-of- bounds memory accesses . oval:org.secpod.oval:def:89047329 This update for python-Jinja2 fixes the following issues: - CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have been called with untrusted user data . oval:org.secpod.oval:def:89051140 This update for openssl-1_0_0 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service . oval:org.secpod.oval:def:89051136 This update for openssl-1_1 fixes the following issues: * CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service . oval:org.secpod.oval:def:89048814 This update for go1.19 fixes the following issues: Update to 1.19.9 : \- CVE-2023-24539: fixed an improper sanitization of CSS values . \- CVE-2023-24540: fixed an improper handling of JavaScript whitespace . \- CVE-2023-29400: fixed an improper handling of empty HTML attributes . \- runtime: automa ... oval:org.secpod.oval:def:89048830 This update for golang-github-prometheus-alertmanager and golang-github- prometheus-node_exporter fixes the following issues: golang-github-prometheus-alertmanager: * Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning golang-github-prometheus-node_exporter: * Sec ... oval:org.secpod.oval:def:89048650 This update for go1.19 fixes the following issues: Update to 1.19.8 * CVE-2023-24534: security: net/http, net/textproto: denial of service from excessive memory allocation * CVE-2023-24536: security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption * C ... oval:org.secpod.oval:def:89048917 This update for go1.18-openssl fixes the following issues: * Add subpackage go1.x-libstd compiled shared object libstd.so * Main go1.x package included libstd.so in previous versions * Split libstd.so into subpackage that can be installed standalone * Continues the slimming down of main go1.x packa ... oval:org.secpod.oval:def:89051376 This update for pam fixes the following issues: * CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation . * Check localtime_r return value to fix crashing oval:org.secpod.oval:def:89051324 This update for postfix fixes the following issues: * CVE-2023-51764: Fixed SMTP smuggling attack . oval:org.secpod.oval:def:89051282 This update for mariadb fixes the following issues: * CVE-2023-22084: Fixed an easily exploitable vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server . oval:org.secpod.oval:def:89050937 This update for shadow fixes the following issues: * CVE-2023-4641: Fixed potential password leak . oval:org.secpod.oval:def:89048578 This update for sudo fixes the following issue: Security fixes: * CVE-2023-28486: Fixed missing control characters escaping in log messages . * CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output . Other fixes: * Fix a situation where "sudo -U otheruser -l" would dereferen ... oval:org.secpod.oval:def:89050992 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for ... oval:org.secpod.oval:def:89051118 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for ... oval:org.secpod.oval:def:89049845 This update for ghostscript fixes the following issues: * CVE-2023-43115: Fixed remote code execution via crafted PostScript documents in gdevijs.c . oval:org.secpod.oval:def:89047404 This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols . - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multipl ... oval:org.secpod.oval:def:89051340 This update for wireshark fixes the following issues: * Updated to Wireshark 3.6.20: * CVE-2024-0208: Fixed a crash in the GVCP dissector . * CVE-2024-0209: Fixed a crash in the IEEE 1609.2 dissector . oval:org.secpod.oval:def:89051338 This update for wireshark fixes the following issues: * Updated to Wireshark 3.6.20: * CVE-2024-0208: Fixed a crash in the GVCP dissector . * CVE-2024-0209: Fixed a crash in the IEEE 1609.2 dissector . oval:org.secpod.oval:def:89047570 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface . - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface . - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface . Non-security fixes: - Updated to version 2 ... oval:org.secpod.oval:def:89047200 This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands . - Add LDAPS support for the AD provider . - Improve logs to record the reason why internal watchdog terminates a process . - Fix watchdog not te ... oval:org.secpod.oval:def:89051237 This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie . oval:org.secpod.oval:def:89051154 This update for openvswitch fixes the following issues: * CVE-2023-5366: Fixed missing masks on a final stage with ports trie . oval:org.secpod.oval:def:89049104 This update for nodejs16 fixes the following issues: Update to version 16.20.1: * CVE-2023-30581: Fixed mainModule. **proto** Bypass Experimental Policy Mechanism . * CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process . * CVE-20 ... oval:org.secpod.oval:def:89049329 This update for nodejs12 fixes the following issues: * CVE-2023-23918: Fixed permissions policies bypass via process.mainModule . * CVE-2023-32002: Fixed permissions policies bypass via Module._load . * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire . ... oval:org.secpod.oval:def:89049294 This update for nodejs14 fixes the following issues: * CVE-2023-32002: Fixed permissions policies bypass via Module._load . * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire . * CVE-2023-32559: Fixed permissions policies bypass via process.binding . * ... oval:org.secpod.oval:def:89048769 This update for libtpms fixes the following issues: * CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption . * CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption . oval:org.secpod.oval:def:89047955 This update for libarchive fixes the following issues: - CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter . oval:org.secpod.oval:def:89047689 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion . oval:org.secpod.oval:def:89047459 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse oval:org.secpod.oval:def:89047392 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect - CVE-2022-27775: Fixed bad local IPv6 connection reuse - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use oval:org.secpod.oval:def:89047527 This update for libvirt fixes the following issues: - CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters . The following non-security bugs were fixed: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-inden ... oval:org.secpod.oval:def:89047506 This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults oval:org.secpod.oval:def:89047197 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM . - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed . oval:org.secpod.oval:def:89047285 This update for libvirt fixes the following issues: Security issues fixed: - CVE-2021-3631: fix SELinux label generation logic - CVE-2021-3667: Unlock object on ACL fail in storagePoolLookupByTargetPath Non-security issues fixed: - virtlockd: Don"t report error if lockspace exists - Don"t forcibl ... oval:org.secpod.oval:def:89047148 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. - CVE-2021-22924: Bad connection reuse due to flawed path name checks. - CVE-2021-22923: Insufficiently Protected Credentials. - CVE-2021-22922: Wrong content via metalink not discarded oval:org.secpod.oval:def:89047492 This update for libarchive fixes the following issues: - CVE-2021-36976: Fixed an invalid memory access that could cause data corruption . Non-security updates: - Updated references for CVE-2017-5601, which was already fixed in a previous version . oval:org.secpod.oval:def:89047337 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure . - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are ... oval:org.secpod.oval:def:89047291 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument . oval:org.secpod.oval:def:89047450 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode . - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions . oval:org.secpod.oval:def:89049134 This update for openssh fixes the following issues: * CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh- agent"s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim"s system and if the agen ... oval:org.secpod.oval:def:89047190 This update for gd fixes the following issues: - CVE-2021-40812: Fixed out-of-bounds read caused by the lack of certain gdGetBuf and gdPutBuf return value checks . oval:org.secpod.oval:def:89047560 This update for libcaca fixes the following issues: - CVE-2021-30498, CVE-2021-30499: If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte . oval:org.secpod.oval:def:89047951 This update for net-snmp fixes the following issues: Updated to version 5.9.3 : - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable th ... oval:org.secpod.oval:def:89047564 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service . oval:org.secpod.oval:def:89051172 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.2 : * CVE-2023-41983: Processing web content may lead to a denial-of-service. * CVE-2023-42852: Processing web content may lead to arbitrary code execution. Already previously fixed: * CVE-2022-32919: Visiting a website t ... oval:org.secpod.oval:def:89049038 This update for sqlite3 fixes the following issues: * CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script . oval:org.secpod.oval:def:89047343 This update for xen fixes the following issues: - CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR and unity map handling issues - CVE-2022-26362: Fixed race condition in typeref acquisition - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-cohe ... oval:org.secpod.oval:def:89047579 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host . - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to ... oval:org.secpod.oval:def:89046159 A flaw was found in the way the flags member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cach ... oval:org.secpod.oval:def:89048614 This update for libxslt fixes the following issues: * CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT . oval:org.secpod.oval:def:89051261 This update for squid fixes the following issues: * CVE-2023-49285: Fixed buffer over read bug on HTTP Message processing flow * CVE-2023-49286: Fixed Denial of Service vulnerability in helper process management * Fix X-Forwarded-For Stack Overflow oval:org.secpod.oval:def:89047126 This update for squid fixes the following issues: - update to 4.15: - CVE-2021-28652: Broken cache manager URL parsing - CVE-2021-28651: Memory leak in RFC 2169 response parsing - CVE-2021-28662: Limit HeaderLookupTable_t::lookup to BadHdr and specific IDs - CVE-2021-31806: Handle more Range requ ... oval:org.secpod.oval:def:89047360 This update for squid fixes the following issues: - CVE-2021-46784: Fixed DoS when processing gopher server responses. - CVE-2021-33620: Fixed DoS in HTTP Response processing oval:org.secpod.oval:def:89051178 This update for squid fixes the following issues: * CVE-2023-46728: Remove gopher support . * Fixed overread in HTTP request header parsing . oval:org.secpod.oval:def:89049821 This update for bind fixes the following issues: Security fixes: * CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly . Other fixes: * Add `dnstap` support oval:org.secpod.oval:def:89050998 This update for suse-module-tools fixes the following issues: * Updated to version 15.3.17: * CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module . * CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules . * Updated to version 15.3.16: * Fixed a build issue for s390x . oval:org.secpod.oval:def:89049048 This update for dnsdist fixes the following issues: * Implements package "dnsdist" with version 1.8.0 in SLE15. * Downstream DNS resolver configuration should be chosen by the admin * Security fix: fixes a possible record smugging with a crafted DNS query with trailing data * Security fix: There i ... oval:org.secpod.oval:def:89049216 This update for kernel-firmware fixes the following issues: * CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability . ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89047393 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs . - CVE-2022-25235: Fixed UTF-8 character validation in a certain context . - CVE-2022-25313: Fixed stack exhaustion in build_model via uncontrolled recursi ... oval:org.secpod.oval:def:89049563 This update for python3 fixes the following issues: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets . oval:org.secpod.oval:def:89049812 This update for python fixes the following issues: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets . oval:org.secpod.oval:def:89047613 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 . oval:org.secpod.oval:def:89049406 This update for python39 fixes the following issues: * Update to 3.9.18: * CVE-2023-40217: Fixed TLS handshake bypass on closed sockets . The following non-security bugs were fixed: * making marshalling of `set` and `frozenset` deterministic . * stabilizing FLAG_REF usage oval:org.secpod.oval:def:89049321 This update for qemu fixes the following issues: * CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. * CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. * CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_ ... oval:org.secpod.oval:def:89051553 This update fixes the following issues: cobbler: * CVE-2022-0860: Unbreak PAM authentication due to missing encode of user input in the PAM auth module of Cobbler * Fix S390X auto-installation for cases where kernel options are longer than 79 characters * Switch packaging from patch based to Git t ... oval:org.secpod.oval:def:89051557 This update for salt and python-pyzmq fixes the following issues: salt: * Update to Salt release version 3006.0 * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new ... oval:org.secpod.oval:def:89051571 This update of container-suseconnect fixes the following issues: * rebuild the package with the go 1.20 security release . oval:org.secpod.oval:def:89051545 This update for bluez fixes the following issues: * CVE-2023-27349: Fixed crash while handling unsupported events . oval:org.secpod.oval:def:89051551 This update for sccache fixes the following issues: * CVE-2023-1521: Fixed possible code injection via LD_PRELOAD to sccache server . * CVE-2022-31394: Fixed a denial-of-service vulnerability via header list size . oval:org.secpod.oval:def:89051567 This update for rabbitmq-c fixes the following issues: * CVE-2023-35789: Fixed insecure credentials submission . oval:org.secpod.oval:def:89051445 This update for perl fixes the following issues: * CVE-2023-31484: Enable TLS cert verification in CPAN . oval:org.secpod.oval:def:89051395 This update for bluez fixes the following issues: * CVE-2023-50229: Fixed an out of bounds write in the primary version counter for the Phone Book Access Profile implementation . * CVE-2023-50230: Fixed an out of bounds write in the secondary version counter for the Phone Book Access Profile impleme ... oval:org.secpod.oval:def:89051407 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.7.0 ESR : * CVE-2024-0741: Out of bounds write in ANGLE * CVE-2024-0742: Failure to update user input timestamp * CVE-2024-0746: Crash when listing printers on Linux * CVE-2024-0747: Bypass of ... oval:org.secpod.oval:def:89051425 This update for xen fixes the following issues: * CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89051430 This update for xerces-c fixes the following issues: * CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS oval:org.secpod.oval:def:89051442 This update for xerces-c fixes the following issues: * CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS oval:org.secpod.oval:def:89051451 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service . \- suse-build-key- import.service \- suse-build-key-import.timer It imports the future SUSE L ... oval:org.secpod.oval:def:89051458 This update for tomcat fixes the following issues: Updated to Tomcat 9.0.85: * CVE-2023-45648: Improve trailer header parsing . * CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows . * CVE-2023-42795: Improve handling of failures during recycle methods . * CVE-2023-46589: Fixed HTT ... oval:org.secpod.oval:def:89051469 This update for salt fixes the following issues: Security issues fixed: * CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master * CVE-2024-22232: Prevent directory traversal attacks in the master"s serve_file method Bugs fixed: * Ensure that pillar refresh ... oval:org.secpod.oval:def:89051476 This update for postgresql13 fixes the following issues: Upgrade to 13.14: * CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY . oval:org.secpod.oval:def:89051477 This update for postgresql12 fixes the following issues: Upgrade to 12.18: * CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY . oval:org.secpod.oval:def:89051480 This update for openvswitch fixes the following issues: * CVE-2024-22563: Fixed memory leak via the function xmalloc__ in /lib/util.c . oval:org.secpod.oval:def:89051485 This update for openvswitch fixes the following issues: * CVE-2024-22563: Fixed memory leak via the function xmalloc__ in /lib/util.c . oval:org.secpod.oval:def:89051481 This update for dpdk fixes the following issues: * Fixed a regression caused by incomplete fix for CVE-2022-2132 . oval:org.secpod.oval:def:89051490 This update for postgresql16 fixes the following issues: Upgrade to 16.2: * CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY . oval:org.secpod.oval:def:89051495 This update for postgresql15 fixes the following issues: Upgrade to 15.6: * CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY . oval:org.secpod.oval:def:89051494 This update for postgresql14 fixes the following issues: Upgrade to 14.11: * CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY . oval:org.secpod.oval:def:89051533 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn"t validate entitlement on container creation . * CVE-2024-23652: Fixed arbitrary deletion of files . * CVE-2024-23651: Fixed race condition in mo ... oval:org.secpod.oval:def:89051536 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.8.0 ESR : * CVE-2024-1546: Out-of-bounds memory read in networking channels * CVE-2024-1547: Alert dialog could have been spoofed on another site * CVE-2024-1548: Fullscreen Notification could ... oval:org.secpod.oval:def:89051592 This update for nodejs16 fixes the following issues: Security issues fixed: * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack . * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks . * CVE-2024-22025: Denial of Service by resource exh ... oval:org.secpod.oval:def:89051582 This update for nodejs14 fixes the following issues: Security issues fixed: * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack . * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks . * CVE-2024-22025: Denial of Service by resource exh ... oval:org.secpod.oval:def:89051584 This update for nodejs12 fixes the following issues: Security issues fixed: * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack . * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks . * CVE-2024-22025: Denial of Service by resource exh ... oval:org.secpod.oval:def:89051600 This update for apache2-mod_auth_openidc fixes the following issues: * CVE-2024-24814: Fixed a denial of service when using `OIDCSessionType client-cookie` and manipulating cookies . oval:org.secpod.oval:def:89051603 This update for postgresql-jdbc fixes the following issues: * CVE-2024-1597: Fixed SQL Injection via line comment generation . oval:org.secpod.oval:def:89051616 This update for giflib fixes the following issues: Update to version 5.2.2 * Fixes for CVE-2023-48161 , CVE-2022-28506 * # 138 Documentation for obsolete utilities still installed * # 139: Typo in "LZW image data" page * # 140: Typo in "LZW image data" page * # 141: Typo in "Bits and bytes" page ... oval:org.secpod.oval:def:89051627 This update for wpa_supplicant fixes the following issues: * CVE-2023-52160: Bypassing WiFi Authentication . oval:org.secpod.oval:def:89051625 This update for cpio fixes the following issues: * CVE-2023-7207: Fixed path traversal vulnerability oval:org.secpod.oval:def:89051639 This update for openssl-1_1 fixes the following issues: * CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file . oval:org.secpod.oval:def:89051646 This update for sudo fixes the following issues: * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . Fixed issues introduced by first patches for CVE-2023-42465 . oval:org.secpod.oval:def:89051654 This update for glibc fixes the following issues: Security issues fixed: * qsort: harden handling of degenerated / non transient compare function Other issues fixed: * getaddrinfo: translate ENOMEM to EAI_MEMORY * aarch64: correct CFI in rawmemchr oval:org.secpod.oval:def:89051664 This update for spectre-meltdown-checker fixes the following issues: * updated to 0.46 This release mainly focuses on the detection of the new Zenbleed vulnerability, among few other changes that were in line waiting for a release: * feat: detect the vulnerability and mitigation of Zenbleed * feat ... oval:org.secpod.oval:def:89051661 This update for gdb fixes the following issues: * Drop libdebuginfod1 BuildRequires/Recommends. The former isn"t needed because there"s a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it"s bogus since RPM auto generated dependency will ... oval:org.secpod.oval:def:89051679 This update for openvswitch fixes the following issues: * CVE-2023-3966: Fixed invalid memory access in Geneve with HW offload . oval:org.secpod.oval:def:89051705 This update for netty, netty-tcnative fixes the following issues: * CVE-2024-29025: Fixed out of memory due to large number of form fields . oval:org.secpod.oval:def:89051721 This update for gradle, gradle-bootstrap fixes the following issues: * CVE-2021-29429: Fixed information disclosure through temporary directory permissions . * CVE-2019-15052: Fixed authentication credentials disclosure . gradle: * Fixed RPM package building issues due to changed dependencies gradle ... oval:org.secpod.oval:def:89051762 This update for eclipse, maven-surefire, tycho fixes the following issues: eclipse received the following security fix: * CVE-2023-4218: Fixed a bug where parsing files with xml content laeds to XXE attacks. maven-sunfire was updated from version 2.22.0 to 2.22.2: * Changes in version 2.22.2: * Bug ... oval:org.secpod.oval:def:89051770 This update for pgadmin4 fixes the following issues: * CVE-2024-2044: Fixed unsafe deserialization and Remote Code Execution by an authenticated user oval:org.secpod.oval:def:89051782 This update for wireshark fixes the following issues: Security fixes: * CVE-2024-24476: Fixed a denial of service in ws_manuf_lookup_str Other fixes: * Wireshark 3.6.22: * Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.22 ... oval:org.secpod.oval:def:89051793 This update for apache-commons-configuration2 fixes the following issues: * CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator . * CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flatten with a cyclical object tree . oval:org.secpod.oval:def:89051544 This update for openssl-1_0_0 fixes the following issues: * CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case . oval:org.secpod.oval:def:89051549 This update for bind fixes the following issues: * CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm . oval:org.secpod.oval:def:89051562 This update of installation-images fixes the following issues: * rebuild the package with the new secure boot key . oval:org.secpod.oval:def:89051574 This update for gcc12 fixes the following issues: * CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 . oval:org.secpod.oval:def:89051585 This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: * Changes in version 1.16.1: * New features: * Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: * Correct error in Base64 Javadoc * Added minimum Java versio ... oval:org.secpod.oval:def:89051617 This update for gstreamer-plugins-bad fixes the following issues: * CVE-2023-44446: Fixed use-after-free remote code execution vulnerability via MXF file . oval:org.secpod.oval:def:89051629 This update for jetty-minimal fixes the following issues: * CVE-2024-22201: Fixed denial-of-service via HTTP/2 connection leak . oval:org.secpod.oval:def:89051640 This update for openssl-1_0_0 fixes the following issues: * CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file . oval:org.secpod.oval:def:89051655 This update for gnutls fixes the following issues: * CVE-2024-0553: Fixed insufficient mitigation for side channel attack in RSA- PSK, aka CVE-2023-5981 . oval:org.secpod.oval:def:89051814 This update for fontforge fixes the following issues: * CVE-2024-25081: Fixed command injection via crafted filenames . * CVE-2024-25082: Fixed command injection via crafted archives or compressed files . oval:org.secpod.oval:def:89051648 This update for vim fixes the following issues: * CVE-2023-48231: Fixed Use-After-Free in win_close . * CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol . * CVE-2023-48233: Fixed overflow with count for :s command . * CVE-2023-48234: Fixed overflow in nv_z_get_count . * CV ... oval:org.secpod.oval:def:89051644 This update for java-1_8_0-openjdk fixes the following issues: * CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS . * CVE-2024-20921: Fixed range check loop optimization issue . * CVE-2024-20926: Fixed rbitrary Java code execution in Nashorn . * CVE-2024-20919: F ... oval:org.secpod.oval:def:89051443 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 : * CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check . * CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier . * CVE-2024-20921: Fixed an inc ... oval:org.secpod.oval:def:89051543 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843] Security fixes: * CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library . * CVE-2024-20932: Fixed incorrect handling of ZIP files with dup ... oval:org.secpod.oval:def:89051739 This update for util-linux fixes the following issues: * CVE-2024-28085: Properly neutralize escape sequences in wall oval:org.secpod.oval:def:89051506 This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: * CVE-2023-5388: Fixed timing attack against RSA decryption in TLS oval:org.secpod.oval:def:89051432 This update for squid fixes the following issues: * CVE-2023-50269: fixed X-Forwarded-For Stack Overflow. * CVE-2024-23638: fixed Denial of Service attack against Cache Manager error responses oval:org.secpod.oval:def:89051710 This update for squid fixes the following issues: * CVE-2024-25617: Fixes denial of service in HTTP header parser * CVE-2024-25111: Fixes Chunked Encoding Stack Overflow oval:org.secpod.oval:def:89051781 This update for nodejs14 fixes the following issues: * CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session that could lead to HTTP/2 server crash * CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation oval:org.secpod.oval:def:89051784 This update for nodejs12 fixes the following issues: * CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session that could lead to HTTP/2 server crash * CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation oval:org.secpod.oval:def:89051766 This update for nodejs16 fixes the following issues: * CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session that could lead to HTTP/2 server crash * CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation oval:org.secpod.oval:def:89050973 This update for samba fixes the following issues: * CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. * CVE-2023-42669: Fixed a bug in "rpcecho" development server which allows Denial of Service via sleep call on AD DC. * CVE-2023-4154: Fixed a bug in dirsync ... oval:org.secpod.oval:def:89051003 This update for netty, netty-tcnative fixes the following issues: * Updated netty to version 4.1.100: * CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods . * Updated netty-tcnative to version 2.0.62 Final. oval:org.secpod.oval:def:89051067 This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented oval:org.secpod.oval:def:89051065 This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented oval:org.secpod.oval:def:89051015 This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. * CVE-2023-45143: Fixed a cookie leakage in undici. * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. * CVE-2023- ... oval:org.secpod.oval:def:89051009 This update for nghttp2 fixes the following issues: * CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack oval:org.secpod.oval:def:89050980 This update for tomcat fixes the following issues: Tomcat was updated to version 9.0.82 : * Security issues fixed: * CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. * CVE-2023-44487: Fix HTTP/2 Rapid Reset Attack. * Update to Tomcat 9.0.82: * Catalina * Add: 65770: Provid ... oval:org.secpod.oval:def:89051335 This update for eclipse-jgit, jsch fixes the following issues: Security fix: \- CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a specially crafted git repository and a case-insensitive filesystem. Other fixes: jsch was updated to version 0.2.9: \- Added support for ... oval:org.secpod.oval:def:89049172 This update for samba fixes the following issues: * CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send . * CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability . * CVE-2023-34967: Fixed samba spotligh ... oval:org.secpod.oval:def:89047426 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging . - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request . - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords . ... oval:org.secpod.oval:def:89047441 This update for frr fixes the following issues: - CVE-2022-26125, CVE-2022-26126: Fixed buffer overflows in unpack_tlv_router_cap . - CVE-2022-26127: Fixed heap buffer overflow in babel_packet_examin . - CVE-2022-26128: Fixed buffer overflows in babel_packet_examin . - CVE-2022-26129: Fixed buffer o ... oval:org.secpod.oval:def:89048160 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch oval:org.secpod.oval:def:89048153 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored . - Updated to version 3.79.3 : - CVE-2022-23491: Removed trust for 3 root c ... oval:org.secpod.oval:def:89047479 This update for openjpeg2 fixes the following issues: - CVE-2018-5727: Fixed integer overflow vulnerability in theopj_t1_encode_cblks function . - CVE-2018-5785: Fixed integer overflow caused by an out-of-bounds leftshift in the opj_j2k_setup_encoder function . - CVE-2018-6616: Fixed excessive itera ... oval:org.secpod.oval:def:89051657 This update for python3 fixes the following issues: * CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory . * CVE-2022-48566: Make compare_digest more constant-time . oval:org.secpod.oval:def:89051611 This update for python39 fixes the following issues: * CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory . * CVE-2023-27043: Fixed incorrect e-mqil parsing . * CVE-2023-40217: Fixed a ssl.SSLSocket TLS bypass vulnerability where data is sent unencrypted . * CVE-2022-25236: F ... oval:org.secpod.oval:def:89051744 This update for less fixes the following issues: * CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters . oval:org.secpod.oval:def:89051457 This update for runc fixes the following issues: * Update to runc v1.1.12 The following CVE was already fixed with the previous release. * CVE-2024-21626: Fixed container breakout. oval:org.secpod.oval:def:89051433 This update for runc fixes the following issues: Update to runc v1.1.11: * CVE-2024-21626: Fixed container breakout oval:org.secpod.oval:def:89047484 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash . - CVE-2022-2068: Fixed more shell code injection issues in c_rehash oval:org.secpod.oval:def:89051020 This update for jetty-minimal fixes the following issues: * Updated to version 9.4.53.v20231009: * CVE-2023-44487: Fixed a potential denial of service scenario via RST frame floods . * CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK decoder . * CVE-2023-40167: Fixed a permissive HTTP h ... oval:org.secpod.oval:def:89047563 This update for grub2 fixes the following issues: Security fixes and hardenings for boothole 3 / boothole 2022 - CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap - CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during ... oval:org.secpod.oval:def:89049343 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity, that could cause memory corruption . * CVE-2023-1249: Fixed a use-after-free flaw in the core dump sub ... oval:org.secpod.oval:def:89051083 This update for squid fixes the following issues: * CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP . * CVE-2023-46847: Denial of Service in HTTP Digest Authentication . * CVE-2023-46724: Fix validation of certificates with CN=* . * CVE-2023-46848: Denial of Service in FTP . oval:org.secpod.oval:def:89051695 This update for krb5 fixes the following issues: * CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c . * CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c . oval:org.secpod.oval:def:89051700 This update for python39 fixes the following issues: * CVE-2023-52425: Fixed denial of service caused by processing large tokens in expat . * CVE-2023-6597: Fixed symlink race condition in tempfile.TemporaryDirectory . * CVE-2024-0450: Fixed "quoted-overlap" in zipfile module . The following non-se ... oval:org.secpod.oval:def:89048635 This update for tomcat fixes the following issues: * CVE-2023-28708: Fixed information disclosure by not including the secure attribute . * CVE-2023-24998: Fixed FileUpload deny-of-service with excessive parts . oval:org.secpod.oval:def:89048934 This update for apache-commons-fileupload fixes the following issues: Updated to version 1.5: \- CVE-2023-24998: Added a configurable maximum number of files to upload per request . oval:org.secpod.oval:def:89048951 This update for tomcat fixes the following issues: Updated to version 9.0.75: \- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 . oval:org.secpod.oval:def:89051795 This update for glibc fixes the following issues: * iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence oval:org.secpod.oval:def:89051729 This update for nghttp2 fixes the following issues: * CVE-2024-28182: Fixed denial of service via http/2 continuation frames oval:org.secpod.oval:def:89047204 This update for ruby2.5 fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc . - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP . - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP . oval:org.secpod.oval:def:89051698 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.9.1esr ESR MFSA 2024-16 . * CVE-2024-29944: Privileged JavaScript Execution via Event Handlers . Firefox Extended Support Release 115.9.0 ESR : * CVE-2024-0743: Crash in NSS TLS method . * CVE-2024-2605: ... oval:org.secpod.oval:def:89051771 This update for tomcat fixes the following issues: * CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream * CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open Other fixes: \- Update to Tomcat 9.0.87 * Catalina \+ Fix: Min ... oval:org.secpod.oval:def:89051780 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.10.0 ESR : * CVE-2024-3852: GetBoundName in the JIT returned the wrong object * CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement * CVE-2024-3857: Incorrect JITting of argu ... oval:org.secpod.oval:def:89051794 This update for shim fixes the following issues: * Update shim-install to set the TPM2 SRK algorithm * Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above Update to version 15.8: Security issues fixed: * mok: fix LogError invocation * avoid incorrectly tr ... oval:org.secpod.oval:def:89048613 This update for glibc fixes the following issues: Security issue fixed: * CVE-2023-0687: Fix allocated buffer overflow in gmon Other issues fixed: * Fix avx2 strncmp offset compare condition check * elf: Allow dlopen of filter object to work * powerpc: Fix unrecognized instruction errors with rec ... oval:org.secpod.oval:def:89049562 This update for binutils fixes the following issues: Update to version 2.41 [jsc#PED-5778]: * The MIPS port now supports the Sony Interactive Entertainment Allegrex processor, used with the PlayStation Portable, which implements the MIPS II ISA along with a single-precision FPU and a few implementat ... oval:org.secpod.oval:def:89048656 This update for testng fixes the following issues: * CVE-2022-4065: Fixed a path traversal in zip files . oval:org.secpod.oval:def:89047351 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. - CVE-2022-1975: Fixed a sleep-in-atomic b ... oval:org.secpod.oval:def:89049086 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol . * CVE-2023-1637: Fixed vulnerability that could lead to unauthoriz ... oval:org.secpod.oval:def:89048539 This update for redis fixes the following issues: * CVE-2022-36021: Fixed integer overflow in RANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands . * CVE-2023-25155: Fixed integer Overflow in RAND commands can lead to assertion . oval:org.secpod.oval:def:89048074 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec . - CVE-2022-3635: Fixed a use-after-free in the tst_timer of the file drivers/atm/idt77252.c . - CVE-2022 ... oval:org.secpod.oval:def:89048907 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation . * CVE-2023-1872:Fix ... oval:org.secpod.oval:def:89047746 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. - CVE-2022-3169: Fixed a denial of service flaw which occurs when co ... oval:org.secpod.oval:def:89048691 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver . * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query . * CVE-2 ... oval:org.secpod.oval:def:89047345 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information . - CVE-2022-3 ... oval:org.secpod.oval:def:89047574 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information . - CVE-2022-3 ... oval:org.secpod.oval:def:89048173 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. - CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem wh ... oval:org.secpod.oval:def:89047482 The SUSE Linux Enterprise 15 SP3 kernel was updated receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain . - CVE- ... oval:org.secpod.oval:def:89047473 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. - CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. - ... oval:org.secpod.oval:def:89047467 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings . - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 . - CVE-2022-26362: Fixed a race condition in typeref acquisition . ... oval:org.secpod.oval:def:89049139 This update for python39 fixes the following issues: Update to 3.9.17: * urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 . * Fixed a security in flaw in uu.decode that could allow for direct ... oval:org.secpod.oval:def:89047509 This update for python39 fixes the following issues: python39 was updated to version 3.9.14: - CVE-2020-10735: Fixed DoS due to int type in PyLong_FromString not limiting amount of digits when converting text to int . - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when ... oval:org.secpod.oval:def:89047542 This update for python fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // . oval:org.secpod.oval:def:89047573 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module . oval:org.secpod.oval:def:89048517 This update for python3 fixes the following issues: * CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters . The following non-security bug was fixed: * Eliminate unnecessary and dangerous calls to PyThread_exit_thread . oval:org.secpod.oval:def:89047409 This update for python3 fixes the following issues: - CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // . oval:org.secpod.oval:def:89048500 This update for python39 fixes the following issues: * CVE-2023-24329: Fixed blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters . Update to 3.9.16: \- python -m http.server no longer allows terminal control characters sent within a garbage request ... oval:org.secpod.oval:def:89047499 This update for python fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module . oval:org.secpod.oval:def:89047432 This update for python39 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module . - Update to 3.9.13: - Core and Builtins - gh-92311: Fixed a bug where setting frame.f_lineno to jump over a list comprehension could misbehave or crash. - gh-92112: Fix crash trigge ... oval:org.secpod.oval:def:89048548 This update for python fixes the following issues: * CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters . * CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names . The following non-security bug was fixed: * ... oval:org.secpod.oval:def:89048604 This update for qemu fixes the following issues: * CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt . * CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc . * CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length . * CVE ... oval:org.secpod.oval:def:89047775 This update for qemu fixes the following issues: - CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. - CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash oval:org.secpod.oval:def:89047358 This update for qemu fixes the following issues: - CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak - CVE-2021-4207: Fixed double fetch in qxl_cursor can lead to heap buffer overflow - CVE-2021-4206: Fixed integer overflow in cursor_alloc can lead to heap buffer over ... oval:org.secpod.oval:def:89047086 This update for qemu fixes the following issues: - Switch method of splitting off hw-s390x-virtio-gpu-ccw.so as a module to what was accepted upstream - Fix OOB access in sdhci interface - Fix potential privilege escalation in virtiofsd tool - Fix OOB access in rtl8139 NIC emulation - Fix heap ... oval:org.secpod.oval:def:89049155 This update for mariadb fixes the following issues: This update provides MariaDB 10.5.21. See release notes at https://mariadb.com/kb/en/mariadb-10-5-21-release-notes/ and changelog at https://mariadb.com/kb/en/mariadb-10-5-21-changelog/ . Security issues fixed: * CVE-2022-47015: Fixed a NULL pointe ... oval:org.secpod.oval:def:89049129 This update for mariadb fixes the following issues: Updated to version 10.5.20: * CVE-2022-47015: Fixed a denial of service that could be triggered by a crafted SQL query . oval:org.secpod.oval:def:89047178 This update for mariadb fixes the following issues: Update to 10.5.12 [bsc#1189320]: - fixes for the following security vulnerabilities: CVE-2021-2372 and CVE-2021-2389 oval:org.secpod.oval:def:89047543 This update for mariadb fixes the following issues: - Update to 10.5.15 : * 10.5.15: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.5.14: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been ... oval:org.secpod.oval:def:89047352 This update for mariadb fixes the following issues: Update to 10.5.16 : - CVE-2021-46669 - CVE-2022-27376 - CVE-2022-27377 - CVE-2022-27378 - CVE-2022-27379 - CVE-2022-27380 - CVE-2022-27381 - CVE-2022-27382 - CVE-2022-27383 - CVE-2022-27384 - CVE-2022-27386 - CVE-2022-27387 - CVE-2022-2 ... oval:org.secpod.oval:def:89047100 This update for mariadb fixes the following issues: - Update to 10.5.13: - CVE-2021-35604: Fixed InnoDB vulnerability that allowed an high privileged attacker with network access via multiple protocols to compromise MySQL . oval:org.secpod.oval:def:89047219 This update for mariadb fixes the following issues: - Update to 10.2.39 - CVE-2021-2166: DML unspecified vulnerability lead to complete DOS. - CVE-2021-2154: DML unspecified vulnerability can lead to complete DOS. - CVE-2021-27928: Fixed a remote code execution issue oval:org.secpod.oval:def:89047458 This update for mariadb fixes the following issues: Update to 10.5.17: - CVE-2022-32082: Fixed assertion failure at table-greater than get_ref_count == 0 in dict0dict.cc . - CVE-2022-32089: Fixed segmentation fault via the component st_select_lex_unit::exclude_level . - CVE-2022-32081: Fixed use-aft ... oval:org.secpod.oval:def:89051082 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase ... oval:org.secpod.oval:def:89047529 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer , named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. The following security bugs were f ... oval:org.secpod.oval:def:89047764 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing . - CVE-2022-33748: Fixed DoS due to race in locking . - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don"t zero memory regions before sharing them wi ... oval:org.secpod.oval:def:89047541 This update for polkit fixes the following issues: - CVE-2021-4034: Fixed a local privilege escalation in pkexec . oval:org.secpod.oval:def:89047350 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload ... oval:org.secpod.oval:def:89047553 This update for xen fixes the following issues: Update Xen to version 4.14.4 Transient execution side-channel attacks attacking the Branch History Buffer , named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. Security issues fixed: - CVE-2022-0001, CVE-2022-0 ... oval:org.secpod.oval:def:89049284 This update for kernel-firmware fixes the following issues: * CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. ## Special Instructions and Notes: * Please reboot the system after installing this update. oval:org.secpod.oval:def:89049295 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20230808 release. * CVE-2022-40982: Fixed a potential security vulnerability in some Intel, Processors which may allow information disclosure. * CVE-2023-23908: Fixed a potential security vulnerability in some ... oval:org.secpod.oval:def:89047414 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method . - CVE-2020-36557: Fixed race condition between the VT_DISALLOC ... oval:org.secpod.oval:def:89047619 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation . - CVE-2022-0322: Fixed a denial of servic ... oval:org.secpod.oval:def:89047628 The SUSE Linux Enterprise 15 SP3 kernel was updated - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. The following security bugs wer ... oval:org.secpod.oval:def:89047478 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input . - CVE-2022-0330: Fixed flush TLBs before releasing backin ... oval:org.secpod.oval:def:89047531 This update for webkit2gtk3 fixes the following issues: Update to version 2.34.6 : - CVE-2022-22620: Processing maliciously crafted web content may have lead to arbitrary code execution. Update to version 2.34.5 : - CVE-2022-22589: A validation issue was addressed with improved input sanitization. - ... oval:org.secpod.oval:def:89047371 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 : - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may le ... oval:org.secpod.oval:def:89047455 This update for python-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c . - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c . oval:org.secpod.oval:def:89047083 This update for speex fixes the following issues: - CVE-2020-23903: Fixed zero division error in read_samples . oval:org.secpod.oval:def:89047198 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.3: - CVE-2021-21775: Fixed a use-after-free vulnerability in the way certain events are processed for ImageLoader objects. A specially crafted web page can lead to a potential information leak and further memory corrupt ... oval:org.secpod.oval:def:89047162 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.0 : * Fix the authentication request port when URL omits the port. * Fix iframe scrolling when main frame is scrolled in async * scrolling mode. * Stop using g_memdup. * Show a warning message when overriding signal han ... oval:org.secpod.oval:def:89047183 This update for webkit2gtk3 fixes the following issues: - Update to version 2.32.4 - CVE-2021-30858: Fixed a security bug that could allow maliciously crafted web content to achieve arbitrary code execution. - CVE-2021-21806: Fixed an exploitable use-after-free vulnerability via specially crafted H ... oval:org.secpod.oval:def:89048092 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content . - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42867: Fixed a ... oval:org.secpod.oval:def:89047359 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.3 - CVE-2022-30293: Fixed heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer . - CVE-2022-26700: Fixed memory corruption issue that may lead to code execution when processing maliciously crafted ... oval:org.secpod.oval:def:89047357 This update for webkit2gtk3 fixes the following issues: Update to version 2.36.4 : - CVE-2022-22662: Processing maliciously crafted web content may disclose sensitive user information. - CVE-2022-22677: The video in a webRTC call may be interrupted if the audio capture gets interrupted. - CVE-2022-2 ... oval:org.secpod.oval:def:89047295 This update for webkit2gtk3 fixes the following issues: - CVE-2021-42762: Updated seccomp rules with latest changes from flatpak . oval:org.secpod.oval:def:89047408 This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 : - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when ... oval:org.secpod.oval:def:89047402 This update for webkit2gtk3 fixes the following issues: - Update to version 2.34.3 . - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content. - CVE-2021-30890: Fixed logic issue allowing universal cross site scripti ... oval:org.secpod.oval:def:89048970 This update for webkit2gtk3 fixes the following issues: Add security patches : * CVE-2023-28204: Fixed processing of web content that may disclose sensitive information . * CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution . oval:org.secpod.oval:def:89047234 This update for webkit2gtk3 fixes the following issues: - CVE-2021-30846: Fixed memory corruption issue that could lead to arbitrary code execution when processing maliciously crafted web content . - CVE-2021-30851: Fixed memory corruption vulnerability that could lead to arbitrary code execution wh ... oval:org.secpod.oval:def:89048025 This update for samba fixes the following issues: Version update to 4.15.12. Security issues fixed: - CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords . - CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write ... oval:org.secpod.oval:def:89051252 This update for tiff fixes the following issues: * CVE-2023-2731: Fix null pointer deference in LZWDecode . * CVE-2023-1916: Fix out-of-bounds read in extractImageSection . * CVE-2023-26965: Fix heap-based use after free in loadImage . * CVE-2022-40090: Fix infinite loop in TIFFReadDirectory . oval:org.secpod.oval:def:89047530 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c . oval:org.secpod.oval:def:89047123 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo oval:org.secpod.oval:def:89047582 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow . - CVE-2021-3796: Fixed use-after-free in nv_replace in normal.c . - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status drawscreen.c . - CVE-2021-3927: Fixed heap-based buffer overflow ... oval:org.secpod.oval:def:89047406 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API . - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence . - Package the Tcl bindings ... oval:org.secpod.oval:def:89047403 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files . - CVE-2021-3875: Fixed heap-based buffer overflow . - CVE-2021-3903: Fixed heap-based buffer overflow . - CVE-2021-3968: Fixed heap-based buffer overflow . - CVE-2021-3973: Fixed heap-based buff ... oval:org.secpod.oval:def:89046992 This update for webkit2gtk3 fixes the following issues: Updated to version 2.36.8 : - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution. - CVE-2022-32912: Fixed an out-of-bounds read that could potentially lead to code execution. oval:org.secpod.oval:def:89048576 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.5 : * CVE-2023-23529: Fixed possible arbitrary code execution via maliciously crafted web content. Update to version 2.38.4 : * CVE-2023-23517: Fixed web content processing that could have led to arbitrary code execution. ... oval:org.secpod.oval:def:89047475 This update for ruby2.5 fixes the following issues: - CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion . - CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods . - CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP . - CVE-2021-31 ... oval:org.secpod.oval:def:89047026 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0313: - CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent . - CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address . - CVE-2022-2175: Fixed buffer over-read through cmdline_inse ... oval:org.secpod.oval:def:89047498 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service - CVE-2022-32208: FTP-KRB bad message verification oval:org.secpod.oval:def:89047453 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field . oval:org.secpod.oval:def:89048783 This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 : * CVE-2022-0108: Fixed information leak. * CVE-2022-32885: Fixed arbitrary code execution. * CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. * CVE-2023-27932: Fixed Same Origin Policy bypas ... oval:org.secpod.oval:def:89047171 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. - CVE-2021-0605: Fixed an o ... oval:org.secpod.oval:def:89047175 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 may permit a nearby man-in-the-middle attacker to identify the Passkey us ... oval:org.secpod.oval:def:89047308 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel ... oval:org.secpod.oval:def:89047305 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past You can reenable via systemctl setting ... oval:org.secpod.oval:def:89047129 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Security issues fixed: - CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c . - CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer und ... oval:org.secpod.oval:def:89047127 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg in the bluetooth stack . - CVE-2021-3653: Missing validation of the `int_ctl` VMCB ... oval:org.secpod.oval:def:89047557 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release . - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem ... oval:org.secpod.oval:def:89047094 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a conseque ... oval:org.secpod.oval:def:89047091 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements in sys-utils/ipcutils.c oval:org.secpod.oval:def:89047248 The following security bugs were fixed: - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory . - CVE-2021-3715: Fixed a use-after-free in route4_change in net/sched/cls_route.c . - CVE-2021-3760: Fixed a use-after-f ... oval:org.secpod.oval:def:89047237 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc in net/mac802154/llsec.c . - CVE-2021-21781: Fixed a information disclosure vulnerability in the ... oval:org.secpod.oval:def:89047207 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to a NFS regression. The following security bugs were fixed: - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb . - CVE-2021-3655: Fixed a missing size validations on ... oval:org.secpod.oval:def:89047597 This update for unbound fixes the following issues: - CVE-2019-25031: Fixed configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack . - CVE-2019-25032: Fixed integer overflow in the regional allocator via regional_alloc . - CVE-2019-25033: Fixed integer ove ... oval:org.secpod.oval:def:89047294 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a " oval:org.secpod.oval:def:89047246 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizat ... oval:org.secpod.oval:def:89047217 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so ... oval:org.secpod.oval:def:89051272 This update for docker, rootlesskit fixes the following issues: docker: * Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407greater than . bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. * CVE-2020-8 ... oval:org.secpod.oval:def:89048902 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2017-5753: Fixed spectre V1 vulnerability on netlink . * CVE-2017-5753: Fixed spectre vulnerability in prlimit . * CVE-2021-3923: Fixed stack information leak v ... oval:org.secpod.oval:def:89047231 This update for spectre-meltdown-checker fixes the following issues: spectre-meltdown-checker was updated to version 0.44 - feat: add support for SRBDS related vulnerabilities - feat: add zstd kernel decompression - enh: arm: add experimental support for binary arm images - enh: rsb filling: no lo ... oval:org.secpod.oval:def:89047398 This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection . oval:org.secpod.oval:def:89047125 This update for libsndfile fixes the following issues: - CVE-2018-13139: Fixed a stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service or possibly have unspecified other impact. - CVE-2018-19432: Fixed a NULL pointer derefere ... oval:org.secpod.oval:def:89047244 This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication . - CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key . - CVE-2018-7544: Fixed cross-protocol scripting issue that was discov ... oval:org.secpod.oval:def:89047169 This update for python3 fixes the following issues: - Fixed CVE-2020-27619 , where Lib/test/multibytecodec_support calls eval on content retrieved via HTTP. - Change setuptools and pip version numbers according to new wheels - Handful of changes to make python36 compatible with SLE15 and SLE12 - ad ... oval:org.secpod.oval:def:89051322 This update for webkit2gtk3 fixes the following issues: * CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution . * CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of- service . * CVE-2023-41074: Fixed use-after-free in the MediaRecorder ... oval:org.secpod.oval:def:89051183 This update for vim fixes the following issues: * CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 * CVE-2023-5441: segfault in exmode when redrawing * CVE-2023-5535: use-after-free from buf_contents_changed * CVE-2023-46246: Integer Overflow in :history command oval:org.secpod.oval:def:89051747 This update for webkit2gtk3 fixes the following issues: * CVE-2024-23252: Fixed denial of service via crafted web content . * CVE-2024-23254: Fixed possible audio data exilftration cross-origin via malicious website . * CVE-2024-23263: Fixed lack of Content Security Policy enforcing via malicious cr ... oval:org.secpod.oval:def:89051751 This update for xorg-x11-server fixes the following issues: * CVE-2024-31080: Fixed ProcXIGetSelectedEvents to use unswapped length . * CVE-2024-31081: Fixed ProcXIPassiveGrabDevice to use unswapped length to send reply . * CVE-2024-31082: Fixed ProcAppleDRICreatePixmap to use unswapped length to se ... oval:org.secpod.oval:def:89051725 This update for buildah fixes the following issues: * CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. * Update to version 1.34.1 for compatibility with Docker 25.0 . See the corresponding release notes: * https://github.com/containers/buildah/releases/tag/v1.34.1 * ... oval:org.secpod.oval:def:89051714 This update for buildah fixes the following issues: * CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. * Update to version 1.34.1 for compatibility with Docker 25.0 . See the corresponding release notes: * https://github.com/containers/buildah/releases/tag/v1.34.1 * ... oval:org.secpod.oval:def:89051703 This update for podman fixes the following issues: * CVE-2024-1753: Fixed full container escape at build time in buildah . oval:org.secpod.oval:def:89051716 This update for ucode-intel fixes the following issues: * Updated to Intel CPU Microcode 20240312 release. * CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access * CV ... oval:org.secpod.oval:def:89051468 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.5 : * CVE-2024-23222: Fixed processing maliciously crafted web content that may have led to arbitrary code execution . * CVE-2024-23206: Fixed fingerprint user via maliciously crafted webpages . * CVE-2024-23213: Fixed pr ... oval:org.secpod.oval:def:89051428 This update for webkit2gtk3 fixes the following issues: * CVE-2024-23222: Fixed type confusion that may lead to arbitrary code execution oval:org.secpod.oval:def:89051405 This update for apache-parent, apache-sshd fixes the following issues: apache-parent was updated from version 28 to 31: * Version 31: * New Features: * Added maven-checkstyle-plugin to pluginManagement * Improvements: * Set minimalMavenBuildVersion to 3.6.3 - the minimum used by plugins * Using an S ... oval:org.secpod.oval:def:89051444 This update for bouncycastle, jsch fixes the following issues: * Updated jsch to version 0.2.15: * CVE-2023-48795: Fixed a prefix truncation issue that could lead to disclosure of sensitive information . * Updated bouncycastle to version 1.77. oval:org.secpod.oval:def:89051492 This update for libssh2_org fixes the following issues: * Always add the KEX pseudo-methods "ext-info-c" and "kex-strict- c-v00 at openssh.com" when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, wh ... oval:org.secpod.oval:def:89051280 This update for openssh fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . the following non-security bug was fixed: * Fix the "no route to host" error when connecting via ProxyJump oval:org.secpod.oval:def:89051401 This update for erlang fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack oval:org.secpod.oval:def:89051326 This update for libssh2_org fixes the following issues: * CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity . oval:org.secpod.oval:def:89051532 This update for openssh fixes the following issues: * CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection oval:org.secpod.oval:def:89048764 This update for libxml2 fixes the following issues: * CVE-2023-29469: Fixed inconsistent result when hashing empty strings . * CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType . * CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c . The followin ... oval:org.secpod.oval:def:89049401 This update for libxml2 fixes the following issues: * CVE-2023-39615: Fixed crafted xml can cause global buffer overflow . oval:org.secpod.oval:def:89051803 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-28746: Fixed Register File Data Sampling . * CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get and nfc_llcp_sock_get_sn . * CVE-2024-26589: Fixed out ... oval:org.secpod.oval:def:89051414 This update for xorg-x11-server fixes the following issues: * CVE-2024-0408: Fixed SELinux unlabeled GLX PBuffer. * CVE-2024-0409: Fixed SELinux context corruption oval:org.secpod.oval:def:89051800 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation . * CVE-202 ... oval:org.secpod.oval:def:89051375 This update for xorg-x11-server fixes the following issues: * CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer * CVE-2024-0229: Fixed reattaching to different master device may lead to out- of-bounds memory access * CVE-2024-21885: Fixed heap buffer overflow in ... oval:org.secpod.oval:def:89051484 This update for libssh fixes the following issues: Update to version 0.9.8 : * Fix CVE-2023-6004: Command injection using proxycommand * Fix CVE-2023-48795: Potential downgrade attack using strict kex * Fix CVE-2023-6918: Missing checks for return values of MD functions * Allow @ in usernames whe ... oval:org.secpod.oval:def:89051231 This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button actions. * CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty . oval:org.secpod.oval:def:89051274 This update for xorg-x11-server fixes the following issues: * CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions . oval:org.secpod.oval:def:89051367 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet . * CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk funct ... oval:org.secpod.oval:def:89051390 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD ... oval:org.secpod.oval:def:89051053 This update for xorg-x11-server fixes the following issues: * CVE-2023-5574: Fixed a privilege escalation issue that could be triggered via the Damage extension protocol . * CVE-2023-5380: Fixed a memory safety issue that could be triggered when using multiple protocol screens . * CVE-2023-5367: Fix ... oval:org.secpod.oval:def:89050985 This update for grub2 fixes the following issues: * CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. * CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information oval:org.secpod.oval:def:89049336 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-40982: Fixed transient execution attack called "Gather Data Sampling" . * CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec . * CVE-2023-2056 ... oval:org.secpod.oval:def:89047547 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. - CVE-2022-1016: Fixed a vulnerability in ... |